-
Posted to
IIS7 - General
by
boen_robot
on
11-01-2008, 3:42 PM
I don't have any experience with Linux FTP servers to confirm or deny if the same applies to them. I believe it does though, as when looking at FileZilla's log of commands sent, it never sends anything that contains the hostname. This is in contrast with the HTTP standard, where the web server can find out the domain name thanks to the ...
-
Posted to
IIS7 - General
by
boen_robot
on
11-01-2008, 1:52 PM
I wanted the same thing, but as you say, it appears it's technically impossible (it's a limitation of the standard so to speak) without using virtual hosts (the "domain|username" form) or using a different IP/port combination for each domain. So make a choise - either
specify vitual hosts and always use the ...
-
Posted to
IIS 7 - FastCGI Module
by
boen_robot
on
11-01-2008, 9:28 AM
Sounds like a fatal PHP error to me.
Follow this excellent tutorial, and in particular, configure error message and logging as described in "PHP Security Recommendations". Check out the rest of the things as well.
-
Posted to
IIS7 - General
by
boen_robot
on
11-01-2008, 8:53 AM
First, go to the FTP site, and eliminate the hostname in the binding (you know, right click, "Edit Bindings", click the FTP binding, "Edit"...).
Second, go to FTP Authorization, and make sure there is a user or a group there that can access the FTP. Use a username that is in that list. If there's nothing, click "Add ...
-
Posted to
IIS7 - General
by
boen_robot
on
11-01-2008, 7:58 AM
Thanks. I made the proxy add the host value to all relative to the site root location headers. That did the trick nicely.
I'll consider using FastCGI instead of CGI... I'm a little worried that it will mean something between "output caching" and the "use new console for each invocation" setting in IIS, and I ...
-
Posted to
IIS7 - General
by
boen_robot
on
10-26-2008, 8:58 AM
Hi.
I'd like to make IIS not follow redirects it gets from CGI applications. Is there any way I can do that? I realize this will hinder performance for most cases since the client will have to make another request to the server, but this is actually exactly what I want.
Let me describe the actual situation. I have ...
-
Posted to
IIS7 - Publishing
by
boen_robot
on
10-18-2008, 4:58 AM
I'm using Users because I realized it practically includes everyone, or at least every authenticated user. Following the principal of least privileges, I wouldn't want to give all users permissions they don't need, and it already seems Users have way too much control. For FTP's sake, I guess I could just explicitly deny access to ...
-
Posted to
IIS7 - Publishing
by
boen_robot
on
10-16-2008, 5:40 PM
I've made a lot of security related reconfigurations on the server in those few days in an attempt to work around this issue. In particular, I lowered the "Users" permissions as much as I can. In addition, I downloaded the latest updates from yesterday.
The FTP side of this issue (i.e. the one which occurs with the steps you ...
-
Posted to
IIS7 - Publishing
by
boen_robot
on
10-16-2008, 12:05 PM
I just tried to send an email to that address and got this error from GMail:
This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: security@microsoft.com Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the recipient domain. We ...
-
Posted to
IIS7 - Publishing
by
boen_robot
on
10-16-2008, 11:19 AM
Thanks for the email link. I'll see what I can do with it.
And you're right... it not (exactly) an implicit inheritance, it's more like mirroring. The Users group includes the "Authorized users" built in security principal, and that principal also includes user1 (i.e. every user also inherits the permissions for ...