An Interesting Attack Vector On Silicon Valley Code Camp Web Site

image.png

I often look at the “Pages Not Indexed” report from web sites I manage and today I noticed a couple interesting ones.  People are going after where source control might be and looking for readme files.  Luckily, I’d never put source off of the root of a web site but I’m guessing people must or these attacks would not happen. Just thought I’d share in case someone actually does that.   … Continue Reading

Load Balancing IIS Web Farm with EC2

  We’ve been looking to find the best Cloud based host to put our soon to be virally growing web site up on.  Our requirements are it must run IIS7 and use Sql Server 2008 as it’s database. We have lots of wants (like Service Broker, Replication, etc.) but primarily we want the web tier to scale easily.  After doing research and testing, we got frustrated with our options at Amazon’s EC2.  We emailed their support (with our paid support contract) and were basically told we should go do our own Windows research to find out what works best. At any rate, I emailed Steve Evan’s who is a frequent speaker at conferences and also an expert consultant on all things Windows and IT related and asked for some advice.  He … Continue Reading

Not Using Session in ASP.NET means Session Affinity/Sticky Sessions Not Necessary in Web Farms!

So, I’ve always incorrectly thought that somehow, the cookie stored in asp.net was somehow tied to the Session provider in asp.net.  Turns out I’m wrong.  This came up because I was discussing with another engineer whether we need to bother with a Session provider since we do not use Session in our web application.  That is, we don’t ever store information by saying something like: Session[“MyKey1”] = “MyShoppingCartInfo1”; My assumption was that somehow, the Cookie planted on the client’s browser was in lock step with the IIS server through Session and that even if we did not store Session data, we still had to hook up a Session Provider.  Wrong I am. … Continue Reading

How to User HttpHandler such as .ashx file with IIS7 Integrated Mode, Webfarm Environment

Recently, we've moved our hosting for the Silicon Valley Code Camp to MOSSO, which is a hosted web farm.  In order to run modules and handlers, it seems it's necessary to run in IIS7's integrated mode.  Once this is set, other small issues creep up like for example you can no longer run HttpHandler's from the standard HttpHandler's section in your web.config file (see below) <httpHandlers> <remove verb="*" path="*.asmx"/> <add verb="*" path="*.asmx" validate="false" ... <add verb="*" path="*_AppService.axd" validate="false" ... <add verb="GET,HEAD" … Continue Reading

Follow

Get every new post delivered to your Inbox

Join other followers: