May 01, 2012
In my last post , I gave a bit of background on the Application Warm-Up module , now called Application Initialization. This week, I would like to go into more detail as to what the Application Initialization module does, and how you should think about...
1 comments
Apr 16, 2012
“IIS is a demand-driven web server, i.e. IIS does things only when asked for…” This was the start of a blog post back in late 2009 announcing the beta for the IIS 7.5 Application Warm-Up module. The idea behind this module is to address a common...
2 comments
Apr 20, 2011
Recently, the question came up about why it is not possible for IIS to handle a URL that contains a ‘%’ character that is not part of an escape sequence. The resulting discussion produced some informative references to the relevant RFC documents...
1 comments
Sep 03, 2009
It’s been a busy few days on the IIS Security Team. Earlier this week, a vulnerability was found in the IIS FTP server. We have been working with security teams across Microsoft to research the issue and formulate a response to best protect our customers...
6 comments
Apr 13, 2009
We've had a few people on our forums asking about running Perl on IIS 7. This led to some discussion on the team about getting it to work with FastCGI. The team has been doing a lot of great work with the Web Platform Installer and Windows Web App Gallery...
18 comments
Dec 18, 2008
2008 has been a busy year for attackers exploiting SQL Injection vulnerabilities in web applications. Once again, I am finding questions about this subject in my inbox. Earlier today, I found myself reviewing the material that's been published by Microsoft...
5 comments
Dec 18, 2008
This article is specific to IIS 6 and earlier. If you are using IIS 7.0 or later, please see this article . The IIS team has created an add-on tool for IIS called UrlScan that is able to filter HTTP requests. If a request is found to have contents deemed...
4 comments
Dec 18, 2008
This article is specific to IIS 7 and later. If you are using IIS 6.0 or earlier, please see this article . Starting with version 7.0, IIS has a built-in feature that is able to filter HTTP requests. If a request is found to have contents deemed unacceptable...
8 comments
Oct 31, 2008
Earlier this year, it came to our attention that our customers were being subjected to a SQL Injection attack . In response to that, we updated the venerable UrlScan filter and released version 3.0 with new features that provide tools to provide some...
16 comments
Jun 24, 2008
The IIS team has some street smarts when it comes to security. We learned quite a few lessons the hard way back in 2001 with the outbreak of the CodeRed worm. One of the lesser known facts about the Code Red worm is that the vulnerability it exploited...
61 comments
Mar 02, 2007
So here it is, my first ever blog post. I am not new to posting about IIS on the internet. A quick newsgroup search reminds me that I've posted to around 900 threads related to IIS. The first time was on June 10, 1997, where I helped someone to get "server...
14 comments
Tags: IIS News Item