Archive
HowTo: URL rewrite to redirect HTTP to HTTPS for non-local address
Below is an answer on how to redirect from HTTP to HTTPS using the URL Rewrite module for IIS, but ignoring local addresses used when debugging one’s app. Just contributed at https://stackoverflow.com/a/75898224/903783.
Needed it for an ASP.net MVC app I’m maintaining, since due to updated policy that the authenticating organisation had decided for the SSO (Apereo CAS) configuration, we couldn’t redirect anymore back to a non-HTTPs URL (had the user used plain HTTP to access our app that is), after signing in succesfully via the SSO.
Combined URL Rewrite based answers from How to redirect HTTP to HTTPS in MVC application (IIS7.5) and from the question’s page on StackOverflow, and added "127.0.0.1" apart from “localhost” for the ignored sites.
Note that the URL Rewrite approach is by far the simplest one to add and should kick in at the web server level before the web app has any chance to process the request.
I also see {REQUEST_URI} being used instead of {R:1} and pattern="^OFF$" instead of pattern="off".
At pattern added the ignoreCase="true" too, though it might be the default (same goes for enabled="true" for the rule, handy to have there if you want to turn some rule off when debugging some rule chain)
However, wondering based on https://serverfault.com/questions/224039/iis-url-rewrite-http-to-https-with-port/418530#418530 if one needs to use SERVER_NAME instead of HTTP_HOST in the pattern if non-default ports are used and specify the port in the Redirect url too
<system.webServer>
<!-- … -->
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect (excluding localhost)" enabled="true"
stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_HOST}" pattern="localhost" negate="true" />
<add input="{HTTP_HOST}" pattern="127.0.0.1" negate="true" />
</conditions>
<action type="Redirect" redirectType="Permanent"
url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
<!-- … -->
</system.webServer>
HowTo: HTTPS on IIS website with free auto-renewing certificate
Below is an image-based walk-through on how to configure HTTPS on an IIS website, making use of a free certificate for encryption from the non-profit Let’s Encrypt certificate authority, also configuring autorenewal of the certificate.
1) Download the win-acme client application (for the command-line).
There’s also a GUI app called IIS Crypto if you prefer. However, this article uses win-acme tool.
2) Run wacs.exe from the folder where win-acme tool is unpacked.
3) Follow same steps as below selecting your own site and binding.
Just press Q when finished and you’re done. No need to worry about next renewal (mentioned on the screen), will be done automatically.
HowTo: Use WordPress Permalinks on IIS
at http://zachis.it/blog/7-dangers-of-using-windows-server-on-a-wordpress-installation/
the thing that guy says about Permalinks isn’t accurate at all (not that the other things that he says are any accurate that is). WordPress Codex have documentation on how to configure URL rewriting in web.config that is necessery for Permalinks to work in IIS.
e.g. at http://ClipFlair.net, if you press the "about" icon you’re taken to a WordPress site that runs on IIS and uses permalinks fine and hides the index.php too from the URL
in its web.config I have the following:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer><httpErrors>
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" prefixLanguageFilePath="" path="/index.php?error=404" responseMode="ExecuteURL" />
</httpErrors><!– Needed for WordPress Permalinks –>
<rewrite>
<rules><rule name="Main Rule" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<!– <action type="Rewrite" url="index.php/{R:0}" /> –>
<action type="Rewrite" url="index.php" />
</rule></rules>
</rewrite><defaultDocument>
<files>
<clear />
<add value="index.html" />
<add value="index.php" />
<add value="default.aspx" />
</files>
</defaultDocument></system.webServer>
</configuration>
Fix: Transform Manager ignoring media files added to watch folders
I’ve been puzzled for some days now with the IIS Transform Manager installation we have at ClipFlair for automating the conversion of media files (for example using Microsoft Expression Encoder) into IIS Smooth Streams.
The watch folder I’ve set up for this task was ignoring some of the media files I was dropping in for no apparent reason (e.g. it was picking up some .MP4 files but not other .MP4 ones).
Eventually I realized that the files it wasn’t picking up didn’t have at their Properties/Security tab access rights for the user account that has been assigned to the Transform Manager service, while the processed files (it keeps them at the “WorkQueue/Finished” subfolder” under the watch folder for the respective job [e.g. “Smooth (VC1)”]) had full access rights for that account.
Obviously by dropping them in the watch folder that had those rights assigned they also got the same rights, but not all the filed did. Maybe it is some Windows Server 2008 R2 bug when dropping multiple files together into a folder, not sure though. Adding the needed rights to each of those files, Transform Manager watch folder task immediately pulled them for processing (and soon put them into the “WorkQueue/Running”)
Another thing I noted was that at the Watch Folder task’s (say the “Video files to VC-1 Smooth Streams” ) “Scheduler” tab, at “Concurrent Jobs”, the default setting was set to 1. If you control how many files are placed in the watch folder (e.g. users aren’t uploading files there themselves) you can even check the value “Unlimited” there to process all the dropped files in parallel.
Fix: can not delete install subfolder after upgrading phpBB on IIS
To upgrade a phpBB forum, one usually downloads an automatic upgrade package to the latest version, selecting on the website which version they currently have. The current version number at a phpBB installation is shown at the Admin Control Panel (there’s a link to it at the bottom of the main page of a phpBB forum usually) and there admins also see a warning if they have older version and links/info on how to upgrade.
After the correct automatic upgrade package is download, the install subfolder it contains has to be unpacked into the forum folder on the webserver. From that point on the forum is taken offline and users can’t log-in or see discussions anymore till the install subfolder is deleted.
The installation process is quite smooth, you just point the browser to the install subfolder (say http://localhost/myforum/install) and then it will show a step-by-step wizard, where it first updates the database to the latest version and then shows option to update the PHP files and other file resources at the forum either via FTP automatically or by creating an archive on the fly that you can download and unpack into the forum’s folder on the webserver, replacing any previous files with the same path/filename as the ones in the archive, without closing the upgrade wizard webpage. Then you tell the wizard to check again if files are now updated and you’re done.
However, there’s one last and very important step to bring the forum online again and let users log-in again to it and/or see discussions. You have to remove the install subfolder you had placed at the forum folder on the webserver.
If you use IIS (note that you can easily install WordPress and PHP on IIS using Microsoft Web Platform Installer), you may find that you can’t delete some subfolders nested a bit deeper under the install subfolder, like db and en.
I just had this issue while upgrading phpBB on http://robotics.mech.upatras.gr/forum and had tried various ways to delete the install folder, like the handy Take Ownership command on the Windows Explorer folder context menu, to no avail – that is till I realized it was IIS that was blocking deletion of those subfolders. So I opened up IIS Manager, did a Stop action on the webserver (it might have also worked if I had just stopped the respective website) and then I could delete the install folder from Windows Explorer. Started IIS again and all was up and running nicely.
HowTo: enable big file uploads at MojoPortal on IIS
Just found in my backups a batch file for enabling big uploads to MojoPortal running on IIS:
%windir%\system32\inetsrv\appcmd
set config "Default Web Site/portal"
-section:requestFiltering
-requestLimits.maxAllowedContentLength:104857600
-commitpath:apphost
The quoted command above needs to be in a single line and obviously you have to replace “Default Web Site/portal” with your site’s virtual folder “path” as shown in IIS Manager’s tree view.
Probably can configure that via web.config in ASP.net websites, but if nothing else works can try this too.
Collection of Smooth Streaming Video URLs
Here are some Smooth Streaming URLs I found on the Internet that you could use during development to test your smooth streaming players (like those based on SMF).
If you haven’t yet started building your SMF-based player you can try the following URLs here: http://www.smoothhd.com/livetestplayer/
Update: you can also try Smooth Stream URLs at ClipFlair Studio Silverlight-based application, turning over its Clip component (using the “Wrench” button on its titlebar) and pasting the Media URL there. Alternatively, you can launch it directly using a URL of the form http://studio.clipflair.net?video=http://smoothstreamer.doit.wisc.edu/doit-nms/BBB_carbon/BBB.ism/Manifest
http://smoothstreamer.doit.wisc.edu/doit-nms/BBB_carbon/BBB.ism/Manifest
http://streams.smooth.vertigo.com/BigBuckBunny_30sec/bigbuck.ism/manifest
http://streams.smooth.vertigo.com/elephantsdream/Elephants_Dream_1024-h264-st-aac.ism/manifest (this one also features multiple audio streams, director’s comments in english and also english and spanish dialogs)
http://playready.directtaps.net/smoothstreaming/TTLSS720VC1/To_The_Limit_720.ism/Manifest
http://playready.directtaps.net/smoothstreaming/SSWSS720H264/ SuperSpeedway_720.ism/Manifest
At the same test server one can also find two audio-only smooth streams:
http://playready.directtaps.net/smoothstreaming/ISMAAACLC/Taxi3_AACLC.ism/Manifest
http://playready.directtaps.net/smoothstreaming/ISMAAACHE/Taxi3_AACHE.ism/Manifest
http://mediadl.microsoft.com/mediadl/iisnet/smoothmedia/Experience/ BigBuckBunny_720p.ism/Manifest
http://ecn.channel9.msdn.com/o9/content/smf/smoothcontent/bbbwp7/big%20buck%20bunny.ism/manifest
http://video3.smoothhd.com.edgesuite.net/ondemand/Big%20Buck%20Bunny%20Adaptive.ism/Manifest
http://video3.smoothhd.com/ondemand/Turner_Sports_PGA.ism/Manifest
http://video3.smoothhd.com/ondemand/Turner_Sports_NASCAR.ism/Manifest
http://video3.smoothhd.com/ondemand/Turner_Sports_MLB.ism/Manifest
http://video3.smoothhd.com/ondemand/Akamai_ASP_Cutdown.ism/Manifest
http://video3.smoothhd.com/ondemand/mix1/mix1.ism/Manifest
http://video3.smoothhd.com/ondemand/mix2/mix2.ism/Manifest
http://video3.smoothhd.com/ondemand/Big%20Buck%20Bunny%20Adaptive.ism/Manifest
http://video3.smoothhd.com/ondemand/ElephantsDream.ism/Manifest
http://video3.smoothhd.com/ondemand/Got_Imagination_(Indo).ism/Manifest
http://video3.smoothhd.com/ondemand/Got_Imagination_(California).ism/Manifest
http://video3.smoothhd.com/ondemand/Coral_Reefs.ism/Manifest
http://video3.smoothhd.com/ondemand/eHow_Wakeboard.ism/Manifest
http://video3.smoothhd.com/ondemand/eHow_Baseball.ism/Manifest
http://video3.smoothhd.com/ondemand/eHow_Alligator.ism/Manifest
http://video3.smoothhd.com/ondemand/NBA.ism/Manifest
http://video3.smoothhd.com/ondemand/Changeling.ism/Manifest
http://video3.smoothhd.com/ondemand/Livestrong_ThyroidCancer.ism/Manifest
http://video3.smoothhd.com/ondemand/Livestrong_BeginnerGuideExercising.ism/Manifest
http://video3.smoothhd.com/ondemand/Livestrong_Autism.ism/Manifest
Also found some (probably) Bollywood movie:
http://az280594.vo.msecnd.net/athadu/athadu480.ism/Manifest
You can use the following search query to search for “.ism/Manifest”:
http://www.google.com/?q=%22http%22+%22.ism%2FManifest%22&oq=%22http%22+%22.ism%2FManifest%22
A good source found is http://www.smoothhd.com/content/smoothhd/smoothhd.xml
which seems to be from http://wwwns.akamai.com/hdnetwork/demo/silverlight/default.html
Some more URLs (use the unencrypted ones that write CLEAR) are found at:
Set default document for IIS via web.config at Silverlight Web project
When you tell the Visual Studio IDE to generate a web project (instead of just using an autogenerated page) for a Silverlight project, it creates a project named SilverlightAppName.Web with a SilverlightAppNameTestPage.aspx (ASP.net) and an SilverlightAppNameTestPage.html. Either one can be served from a web server (obviously the .aspx one from IIS or any web server that supports ASP.net at the server-side) to run the Silverlight app in the browser, or for debugging from within Visual Studio (with the included test web server [Cassini] or IIS).
Note that at that Web project’s Properties, there’s a tab Silverlight applications, where Silverlight apps hosted by that Web project are listed. If you add more there, Visual Studio will generate respective pages for them, in the pattern mentioned above.
By right clicking one of those two pages you can select “Set as Start Page” to set the default page that “Start” or “Start without debugging” uses. However that setting isn’t replicated to the web.config file automatically so that after publishing (by right clicking the web project and selecting “Publish”) that Web project to say a subfolder under “wwwroot” of IIS (or deeper in the web folders hierarchy).
If it was doing so, you would be able to just visit that folder and have IIS (or any other web server that supports the web.config scheme) serve the wanted page as the default document (instead of showing a can’t browse folder error or displaying the folder contents if Directory Browsing has been enabled at IIS console for that folder or some ancestor of it [and has not been overridden to disable at that folder])
However, you can edit web.config yourself to achieve that, like below:
<?xml version="1.0"?> <!-- For more information on how to configure your ASP.NET application,
please visit http://go.microsoft.com/fwlink/?LinkId=169433 --> <configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="SilverlightAppNameTestPage.aspx" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
Fix: WordPress media uploads not working on IIS
Using Microsoft Web Platform Installer (aka WebPI), one can easily install WordPress on IIS (together with PHP and MySQL database engine.
Btw, better install the latest PHP version from there and remove any older ones. Also do install from there the Windows Cache Extension for PHP for the version of PHP you’re using.
Windows Cache Extension for PHP stores the PHP bytecode, the compiled version of the PHP script, in memory making it available when subsequent executions of the same script are needed helping to increase the overall PHP application performance. The use of Windows Cache Extension for PHP allows the PHP bytecode to be generated only once and to be reused each time the same PHP script is executed.
An issue you will definitely face is when you try to use the Media Gallery feature of WordPress to upload some media asset. It will fail due to insufficient rights to the server filesystem. You should do the following to fix this:
- Right click the folder wp-content\uploads at your WordPress site installation (usually it’s a separate folder under c:\inetpub\wwwroot, or it’s flat inside the wwwroot folder). Select Properties from the context menu that pops up. At Security tab of the Properties dialog window, add the user IUSR (not IIS_IUSR) and give it Modify and Write access apart from the Read etc. rights it already has (but don’t give Full Control). Remember to do this again every time you may replace the site folder (btw to not lose your previous uploads, neither those access rights settings, you can “cut” that folder and paste it on your server desktop, then paste it back after you’ve replaced the wordpress folder contents with say some new version of the site code, deleting first the new wp-content\uploads).
- Either repeat the same process as above for folder c:\windows\temp (or whatever system temporary folder you’ve set at advanced system properties / environment variables dialog), or to be more secure in case some PHP bug gets exploited, you can create a separate temporary folder specifically for all PHP apps or even specifically for your wordpress site and using PHP Manager plugin for IIS (can get that via WebPI) you can select to manage all settings for the whole server or for your site respectively. Then you select one-by-one the settings that say c:\windows\temp\… (or any ones that say /tmp to be safe) and change them to use the temp folder you’ve created. Make sure you use double quotes for those string settings, since the PHP Manager plugin doesn’t seem to add them itself (not sure if not having them would cause problems to PHP when trying to read php.ini file).
Troubleshoot: WCF HTTP Error 404–Not Found
Copying from MPPVE (formerly RCE) documentation:
…might indicate that WCF is not correctly configured.
To resolve the WCF issue
- The error returned is a “HTTP Error 404 – Not Found”. This might be due to an issue with the WCF scriptmaps registrations. To solve this issue:
- Open a command line console as Administrator
- Browse to “%windir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\”
- Run the command “ServiceModelReg.exe –i”
btw, for some more troubleshooting tips regarding MPPVE and the CSM (Composite Stream Manifests) files the latest version creates in specific, checkout:
George Birbilis @zoomicon 