RewriteProxy with .htaccess in IIS
In my case scenario, I had to proxy requests in IIS, because a website was moved from web server A to B, and the DNS wasn't updated yet. All HTTP requests for the moved website are handled in IIS' Default Web Site; that's the wildcard host, and the original host no longer existed there. We needed to match our website and proxy those requests to the new IIS web server. This can either be done using a proxy with URL Rewrite Module, IIS Application Request Routing (ARR), or .htaccess file handled by Helicon Ape.
How to block BaiduSpider bot User-Agent?
The Baidu spider (BaiduSpider user agent) can be a real pain to block, especially since it does not respect a robots.txt as it should. This post shows you how to block Baidu Spider bot, using IIS URL Rewrite Module based on its User-Agent string.
My WordPress web.config
Do you host your WordPress website on Windows Server IIS? And are you having trouble with your web.config? I often receive questions about how to use a web.config file in WordPress on Windows Server, and which settings are important for a WordPress site. Maybe it's because I'm a WordPress on Windows Server IIS enthusiast, so here is my web.config for your convenience (really, it's not that special).
How to enable HTTP Strict-Transport-Security (HSTS) on IIS
Set up HTTP Strict-Transport-Security (HSTS) response header in Windows Server IIS 10, here is some more technical information about HSTS in IIS, and other security headers...
Redirect HTTP to HTTPS
In this post I provide you various HTTP to HTTPS redirection methods, for Windows Server IIS and Linux Apache. Use these examples to your advantage to secure the traffic between your visitors and your website.
Huge increase in WordPress xmlrpc.php POST requests
WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites... Secure WordPress xmlprc.php interface and reduce service disruption.
Remove IIS Server version HTTP Response Header
Windows Server IIS loves to tell the world that a website runs on IIS. It does so with the `Server:` header in the HTTP response, as shown below. In this post I'll show you how to remove HTTP response headers in Windows Server IIS. You don't want to give hackers too much information about your servers, right?.
IIS Outbound Rules with gzip compression
Saotn.org used URL Rewrite Outbound Rules in IIS to offload content from a different server or host name. Doing so, IIS uses URL Rewrite and acts as a reverse proxy. Add gzip compression to the mix, and this will improve website performance. But just recently I noticed Outbound Rules conflicted with gzip compressed content. The following HTTP 500.52 URL Rewrite Module Error was thrown...
Block WordPress comment spammers manually
The less spammers hit your WordPress blog, the better your blog performs, is one of my opinions. A second is, the less unnecessary plugins you use on your WordPress blog, the better. So, a little while ago I decided to remove plugins like Stop Spammer Registration Plugin and do its work myself.
WordPress 3.5 on IIS 8.0 is unable to save a web.config file
This website Saotn.org is hosted on Windows Server 2012 with IIS 8.0 with WordPress for a few months now, and everything is running very smooth. And I would never hit this bug because I don't need to change my permalinks structure. One of my colleagues on the other hand, just moved his website to an IIS 8.0 web server and he noticed he couldn't save his Permalinks structure in the IIS web.config file. This can be pretty annoying ;-) Quick fix attached...
windows-server (113)
iis (80)
powershell (77)
php (55)
wordpress (47)
mysql (36)
windows (34)
performance (28)
linux (23)
web.config (23)
Website (22)
htaccess (20)
aspnet (19)
url-rewrite-module (19)
sql-server (18)
bash (18)
optimization (18)
ssl (17)
gnu-linux (13)
plugin (13)
windows-10 (12)
devops (11)
monitoring (11)
security (10)
appcmd (10)
wsl (9)
smtp (9)
wincache (9)
wmi (8)
zabbix (8)
windows-update (8)
opcache (8)
openssh (7)
database (7)
dism (7)
iis-60 (7)
sysops (6)
wsus (6)
apache (6)
hyper-v (6)
virtualization (6)
spam (6)
functions-php (6)
classic-asp (6)
ddos (6)
password (5)
email (5)
active-directory (5)
umbraco (5)
joomla (5)
command-line (5)
application-pool (5)
blacklist (5)
t-sql (4)
wql (4)
https (4)
group-policy (4)
backup (4)
connector-net (4)
debug (4)
logparser (4)
network-adapter (4)
dns (4)
query_cache (4)
ghost (4)
iisnode (4)
node-js (4)
vbscript (3)
windows-firewall (3)
brute-force (3)
ftp (3)
postfix (3)
forensics (3)
benchmark (3)
xss (3)
disk-cleanup (3)
disk-space (3)
sql-injection (3)
openssl (2)
net-core (2)
visual-studio (2)
windows-defender (2)
rdp (2)
connector-odbc (2)
c (2)
mysqldump (2)
xml-rpc (2)
smb (2)
cross-site-scripting (2)
innodb (2)
httpbl (2)
centos (2)
magento (2)
denial-of-service (2)
deployment (2)
windows-deployment-services (2)
mysqli (2)
open-xchange (2)
waf (2)
web-application-firewall (2)
code-base (1)
windows-11 (1)
ipv6 (1)
networking (1)
sqlce (1)
tinymce (1)
Prianha-CMS (1)
kvm (1)
http-3 (1)
quic (1)
wmsvc (1)
database-mirroring (1)
service-principal-names (1)
spn (1)
jetpack (1)
api (1)
kms (1)
red-hat (1)
varnish-cache (1)
elasticsearch (1)
dhcp (1)
jquery (1)