IT Nota

How to Setup HTTP Strict Transport Security (HSTS) on IIS

HTTP Strict-Transport-Security (HSTS) response header is used to tell browsers that the particular website should only be accessed solely over HTTPS. This is a powerful feature that is easy to implement to mitigate the risks for the communication to be intercepted by hackers and keep your website visitors safe.

Enabling HTTP Strict Transport Security on IIS

See the steps below to enable HSTS on IIS:

  1. Launch IIS Manager.
  2. On the left pane of the window, click on the website you want to add the HTTP header and double-click on HTTP Response Headers.IIS HTTP Response Headers Setting
  3. In HTTP Response Headers window, click on Add… on the right pane and type in Strict-Transport-Security for Name and max-age=63072000; includeSubDomains; preload for Value and click OK.The max-age value 63072000 is the number of seconds for the duration of two years. You need to enter a value of at least one year.IIS HTTP Response Headers Strict Transport Security Setting

Now you can verify if the header is delivered correctly by running a curl command.

curl -I https://www.itnota.com

You should see that very header listed among other entries:

Strict-Transport-Security: max-age=63072000; includeSubdomains; preload

That’s all there is to utilize HSTS on IIS.

Buy me a coffee?

Buy me a coffee If you find this post helpful and would like to buy me a coffee to support the work here, you’ll have our big thanks!
Support IT Nota: Buy me a Coffee

Further Reading

Strict-Transport-Security
How to Use cURL HTTP/2 on macOS
How to Enable Secure HttpOnly Cookies in IIS

How to Troubleshoot IIS 500 Error for ASP Websites

You try to load your classic ASP (Active Server Pages) website and all you can see in your browser is the all too familiar display of 500 Internal Server Error.

This page isn't working

WEBSITE is currently unable to handle this request

HTTP ERROR 500

IIS HTTP Error 500 Display on Chrome browser

What is 500 Internal Server Error

First of all, the 500 Internal Server Error is a very general HTTP status code that indicates something has gone wrong on the web server without any specifics on the exact problem.

This instruction is limited to solving a 500 error on IIS server for classic ASP websites, however some other instructions that’s related to IIS in general will help for troubleshooting IIS server for .NET applications as well.

As 500 Server Error message is very often vague, the task now is to find a more specific error message that will help us further analyze and troubleshoot the issue.

Enable Debugging and Send Errors to Browser

If the website is not in a production environment, the easiest way to do it is to enable the ASP Debugging Properties and send the errors to the browser by following these steps:

  1. Launch Internet Information Services (IIS) Manager and on the left pane, select your ASP website and click on the ASP icon (Configure properties for ASP applications).

    IIS settings to configure properties for ASP applications

  2. Under the ASP window, expand the Debugging Properties and set Enable Client-side Debugging, Enable Server-side Debugging, and Send Errors To Browser to True and click Apply.

    IIS ASP Debugging Properties settings to browser

Now, when you refresh your ASP website, you will see a more descriptive error message on your browser such as the following example:

System.Xml error '80131509'

There is an error in the XML document.

/itnota/failed-page.asp, line 289

ASP 500 Error detailed failed page

With this information, you can right away open the file (e.g., itnota/failed-page.asp) and check line number 289. Again, this option is not recommended for a production website that’s still actively used and available for public since it exposes too much information publicly. The ideal way to do it is to replicate your production environment on a staging and try to reproduce the error on a lower environment.

Check IIS Log

Another way to check 500 Internal Server Error for your ASP website is by viewing IIS error logs. This is especially true if your ASP website is a public website.

Where to find the IIS Logs?

By default, the log for your website is stored on %SystemDrive%\inetpub\logs\LogFile, but you should not use this settings for a production environment. Always set a custom path for your logs so your websites are easier to maintain in the long run. If you have a different physical hard drive for logs, even better. Make sure it’s set to Enabled.

IIS Log properties

For the sake of example, the log files are located in folder D:\Logs\ITNota.com:

From the IIS log example below, the easiest way is to look for a pipe character (“|”) on the date and time when the error happens.

IIS Log 500 Error

The error message can be broken down into two parts:

  1. /itnota/failed-page.asp id=2087216&catId=749272

  2. |289|80131509|There_is_an_error_in_the_XML_document.

The first part indicates the problematic file with its parameters which can be reconstructed by replacing the white space with a question mark (“?”) like so:

  /itnota/failed-page.asp?id=2087216&catId=749272

The second part which starts with a pipe character (“|”) is the line number that caused the error, the error code, and the error description:

  |289|80131509|There_is_an_error_in_the_XML_document.

From the above information, we are looking at the following information:

ItemDescription
Filename /itnota/failed-page.asp
Line number289
Error code80131509
Error descriptionThere_is_an_error_in_the_XML_document.

Check the affected file by opening it in Visual Studio Code or any IDE.

If you use Visual Studio Code to read and write ASP or VBScript, click here for a way how to colorize your ASP code.

How to Fix SMTP 550 5.7.1 Unable to Relay Error on Windows Server 2012 R2

Here is one way of fixing an SMTP error on Windows Server 2012 when you see an error message similar to the one below:

Error Message

System.Exception: SMTP error sending: Client Service Setup Error on SERVERNAME ---> System.Web.HttpException: The server rejected one or more recipient addresses. The server response was: 550 5.7.1 Unable to relay for [email protected]    ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Runtime.InteropServices.COMException: The server rejected one or more recipient addresses. The server response was: 550 5.7.1 Unable to  relay for [email protected]       --- End of inner exception stack trace ---     at System.RuntimeType.InvokeDispMethod(String name, BindingFlags invokeAttr, Object target, Object[] args, Boolean[] byrefModifiers, Int32 culture, String[] namedParameters)      at System.RuntimeType.InvokeMember(String name, BindingFlags bindingFlags, Binder binder, Object target, Object[] providedArgs, ParameterModifier[] modifiers, CultureInfo culture, String[] namedParams)     at System.Web.Mail.SmtpMail.LateBoundAccessHelper.CallMethod(Object  obj, String methodName, Object[] args)     --- End of inner exception stack trace ---     at System.Web.Mail.SmtpMail.LateBoundAccessHelper.CallMethod(Object obj, String methodName, Object[] args)     at System.Web.Mail.SmtpMail.CdoSysHelper.Send(MailMessage  message)     at System.Web.Mail.SmtpMail.Send(MailMessage message)     at ClientServiceSetup.CommonFunctions.SendMail(MailMessage objMail)     --- End of inner exception stack trace ---

Steps to Add Localhost to the SMTP Relay

  1. Launch IIS 6.0 Manager.

    IIS 6 Manager on Windows Server 2012 R2

  2. Right-click on the STMP Server (on this example it’s named default, but it could be named something else) and select Properties.

    IIS 6 Manager SMTP Properties on Windows Server 2012 R2

  3. Click on the Access tab and at the very bottom under Relay restrictions, click on Relay button.

    IIS 6 Manager SMTP Properties Access Relay Windows Server 2012 R2

  4. Select Only the list below, click on Add… button and under Single computer and IP Address, type in 127.0.0.1 and click OK.

  5. Check Allow all computers which successfully authenticate to relay, regardless of the list above. and click OK, and OK one more time to get out the Properties window.

    IIS 6 Manager SMTP Grant Access Relay on Windows Server 2012 R2

  6. Re-test and that should be it.

Further Reading

IIS SMTP – The server response was: 5.7.1 Unable to relay for outgoing address, Still not working
How to Install SMTP Server on Windows Server 2012 R2

How to Install IIS on Windows 10

Although IIS is included in every installation of Windows 10, it’s not turned on by default. Here’s a way to install IIS on Windows 10.

  1. Right-click on the Windows button on the bottom-left corner and select Run

    Windows Run

  2. In the Run dialog box, type appwiz.cpl and press ENTER.

    Windows run appwiz.cpl

  3. As soon as a new window called Programs and Features is opened, click on the link Turn Windows features on or off.

    Windows Programs and Features

  4. Click on the Internet Information Services checkbox. By default it will install all you need to host a website. However you might want to check some other components that you might need as well. Once done, click OK and Close when it says “Windows completed the requested changes.”

    IIS Windows Features

  5. Now open your browser and type in localhost and press ENTER. You should see a default web page is rendered in your browser.

    IIS Default Page

That’s all there is to it and the default website directory will be in C:\Inetpub\wwwroot folder.

Further Reading

How to Manage IIS Remotely
How to Manage IIS Servers Remotely with WMSVC
How to Backup IIS Manager Connections List on Windows
How to Install IIS Management Console on Windows
How to Migrate IIS Websites to a Different Server
New Features Introduced in IIS 10.0
How to Setup HTTP Strict Transport Security (HSTS) on IIS
How to Activate Built-in Web Server

How to Upgrade to PHP 7.2 on IIS (Windows 10)

This tutorial is a shorter version of the previous post upgrading to PHP 7.1 on Windows 10 and it is intended as a follow-up on how to upgrade your PHP to the latest version (in this case PHP 7.2) if you have already installed the previous version of PHP 7 in your Windows system.

Steps to Upgrade from PHP 7.1 to PHP 7.2

  1. Download PHP for Windows. Since we’re using PHP as FastCGI, we’ll use the 64-bit Non-Thread Safe (NTS) version (i.e., php-7.2.1-nts-Win32-VC15-x64.zip).

  2. PHP 7.2 is also the first version that requires Visual C++ Redistributable for Visual Studio 2017. If you don’t have it installed, you can download it from here (64-bit). If you have a 32-bit OS, please check on the download section below and select the one for x86.

  3. We also need to upgrade our WinCache version for PHP 7.2. Download the WinCache php_wincache-2.0.0.8-7.2-nts-vc15-x64 and extract the file as well.

    WinCache Binary for PHP 7.2

  4. Extract both downloaded zip files (just double-click them and they will be extracted into their sub-folders) as shown below:

    PHP 7.2 and WinCache zip files extracted to sub-folders

  5. If you check the WinCache folder php_wincache-2.0.0.8-7.2-nts-vc15-x64, look for two files with the following names: php_wincache.dll and php_wincache.pdb.

  6. Copy the two files from the WinCache folder to a sub-folder (“ext”) within the PHP folder (i.e., php-7.2.1-nts-Win32-VC15-x64/ext).

    Copy php_wincache files from WinCache folder to ext sub-folder under PHP folder

  7. Now, copy the whole content of php_wincache-2.0.0.8-7.2-nts-vc15-x64 folder into a new folder and name it v7.2.

    Copy all PHP files to a new folder v7.2

  8. Copy the php.ini file from v7.1 to v7.2.

  9. You might want to modify certain parameters in the php.ini as highlighted below:

    [WebPIChanges]
error_log=C:\WINDOWS\temp\PHP72x64_errors.log
upload_tmp_dir=C:\WINDOWS\temp
session.save_path=C:\WINDOWS\temp
cgi.force_redirect=0
cgi.fix_pathinfo=1
fastcgi.impersonate=1
fastcgi.logging=0
max_execution_time=300
date.timezone=Australia/Melbourne
extension_dir="C:\Program Files\PHP\v7.2\ext\"

    And make sure you also have the PHP_WINCACHE set.

    [PHP_WINCACHE]
extension=php_wincache.dll

    The change is pretty simple and we can compare the two php.ini files between v7.1 and v7.2 as below:

    Compare php.ini files between v7.1 and v7.2

  10. Open IIS Manager and click on FastCGI Settings.

    IIS Manager FastCGI Settings

  11. You can create a new entry for PHP 7.2 by following Step 8 from previous post, except for PHPRC where you want to update the value to 7.2 (i.e., C:\Program Files\PHP\v7.2).

    Once completed, just click OK.

    IIS Manager FastCGI Settings Modify PHPRC to version 7.2

  12. Go back to IIS Manager and click on Handler Mappings.

    IIS Manager Handler Mappings

  13. Look for PHP_via_FastCGI and double-click on it. Make sure the path for the Executable is updated accordingly. Click OK when done.

    IIS Manager Handler Mappings PHP_via_FastCGI set to v7.2

Update Windows Environment Variables

Finally, once again we need to update the path of the new PHP in Windows Environment Variables.

  1. Click on the Windows start button and type in “system” and click on System Control panel.

    Windows System Control Panel

  2. In System window, click on Advanced system settings and on System Properties window, make sure you have Advanced tab opened. And you can follow the path shown in the picture to update the path to where your PHP 7.2 is located.

    Control Panel System Environment Variables Update to PHP 7.2

  3. Click on Environment Variables… button.

  4. Under System Variables, click on Path and Edit… button.

  5. Click on where the current PHP is located and double-click it or click on Edit button.

  6. Change the value to the location of the new PHP (i.e., C:\Program Files\PHP\v7.2)

  7. Click OK button on each window to close.

That’s it! Now using the same test.php file with the following code:

<?php phpinfo(); ?>

Run it from your browser (i.e., http://localhost/test.php). If PHP is installed with the correct version, you will see the PHP version will be updated similar to the picture below:

phpinfo 7.2.1 displayed on a page

Further Reading

How to Install PHP on Windows 10 Using Web Platform Installer
FastCGI
Difference between PHP thread safe and non thread safe binaries
Using FastCGI to Host PHP Applications on IIS 7
WinCache Extension for PHP

Download

Download PHP For Windows: Binaries and sources Releases
WinCache 2.0.0.8 PHP Extension Direct Download
Microsoft Visual C++ Redistributable for Visual Studio 2017

Recent Posts

Tags

.NET .NET Core AdSense ASP.NET Cdonts Dll Classic ASP Code Editor ETL FSharp Genesis Framework Git Google HP Asset Manager HTML5 Hugo IIS Information Security Internet Internet Information Services iOS JAMStack Linux macOS Microsoft Microsoft SQL Server MVC PHP PowerShell Python Simple Mail Transfer Protocol Smtp Server SQL SQL Server SSIS SSMS SSRS Sublime Text Visual Studio Visual Studio Code VPN Windows Windows 8 Windows 10 Windows 2012 Windows Server