I often look at the “Pages Not Indexed” report from web sites I manage and today I noticed a couple interesting ones. People are going after where source control might be and looking for readme files. Luckily, I’d never put source off of the root of a web site but I’m guessing people must or these attacks would not happen.
Just thought I’d share in case someone actually does that.
We’ve been looking to find the best Cloud based host to put our soon to be virally growing web site up on. Our requirements are it must run IIS7 and use Sql Server 2008 as it’s database. We have lots of wants (like Service Broker, Replication, etc.) but primarily we want the web tier to scale easily. After doing research and testing, we got frustrated with our options at Amazon’s EC2. We emailed their support (with our paid support contract) and were basically told we should go do our own Windows research to find out what works best.
At any rate, I emailed Steve Evan’s who is a frequent speaker at conferences and also an expert consultant on all things Windows and IT related and asked for some advice. He told me that he had been asked that question often recently by others so he would do some research and get back to me. He did one step better. He wrote a blog post describing the ups and downs of the different cloud providers including Amazon’s EC2. I respect Steve’s opinion a lot and rather than try and paraphrase it, I’ll just link to his post.
Here it is: http://serktools.com/2009/04/20/load-balancing-iis-web-farm-on-amazon-ec2/
Good luck and feel free to post comments here if you’ve got opinions on Cloud Hosting of IIS and Sql Server 2008.
So, I’ve always incorrectly thought that somehow, the cookie stored in asp.net was somehow tied to the Session provider in asp.net. Turns out I’m wrong. This came up because I was discussing with another engineer whether we need to bother with a Session provider since we do not use Session in our web application. That is, we don’t ever store information by saying something like:
Session[“MyKey1”] = “MyShoppingCartInfo1”;
My assumption was that somehow, the Cookie planted on the client’s browser was in lock step with the IIS server through Session and that even if we did not store Session data, we still had to hook up a Session Provider. Wrong I am.
(more…)Recently, we’ve moved our hosting for the Silicon Valley Code Camp to MOSSO, which is a hosted web farm. In order to run modules and handlers, it seems it’s necessary to run in IIS7’s integrated mode. Once this is set, other small issues creep up like for example you can no longer run HttpHandler’s from the standard HttpHandler’s section in your web.config file (see below)
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" validate="false" ...
<add verb="*" path="*_AppService.axd" validate="false" ...
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler,..
<add type="PeterKellner.Utils.CaptchaTypeHandler" verb="GET" path="CaptchaType.ashx"/>
</httpHandlers>
(more…)
