SSL 3.0 Protocol Vulnerability and POODLE Attack

ll systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios. This affects most current browsers and websites, […]

IIS 8 Performance, Scalability, and Security


IIS interview Questions

IS Interview Questions and Answers


                         IIS Interview Questions and Answers


Differences between IIS5.0 and IIS6.0

IIS5 comes in windows 2000 server. IIS6 comes in windows 2003 server.

IIS5 is 32bit architecture IIS6 is 32bit and 64bit architecture.

IIS5 is TCP/IP Kernal […]


Some Useful commands in IIS MSTSC INETMGR SERVICES.MSC GPEDIT.MSC SECPOL.MSC REGEDIT REGEDT32 MMC TSADMIN ASPNET_REGIIS -I : To register aspnet ASPNET_REGIIS -U : To Uninstall aspnet iisapp.vbs : To check the list applications running on the iis. NETSTART -ANO | FIND STR <PORT>   :  Verify IIS listening on the  port or not. PING <IP> TRACEROUTE […]

POODLE = Padding Oracle On Downgraded Legacy Encryption

POODLE = Padding Oracle On Downgraded Legacy Encryption

B.E.A.S.T (Browser Exploit Against SSL TLS) Affected systems: Netscape 3.0 ssl tls Netscape affected system: tls Netscape 1.2 Netscape 1.1 tls tls Netscape 1.0 Description: CVE (CAN) ID: CVE-2014-3566

SSL3.0 is obsolete and no security protocol, has been TLS 1.0, TLS 1.1, TLS 1.2 substitution, for compatibility […]

IIS7 installation scenarios Chart

default Server Install Components

Server Manager Update Name Static Content IIS-StaticContent Default Document IIS-DefaultDocument Directory Browsing IIS-DirectoryBrowsing HTTP Errors IIS-HttpErrors HTTP Logging IIS-HttpLogging Logging Tools IIS-LoggingLibraries Request Monitor IIS-RequestMonitor Request Filtering IIS-RequestFiltering Static Content Compression IIS-HttpCompressionStatic IIS Management Console IIS-ManagementConsole ASP.NET Workload Server Options Server Manager Update Name Static Content IIS-StaticContent Default Document IIS-DefaultDocument Directory […]

IIS Crypto

IIS Crypto

IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2003, 2008 and 2012. It also lets you reorder SSL/TLS cipher suites offered by IIS, implement best practices with a single click and test your website.




Disable CRL Checking

How to Disable CRL Checking in IIS 6.x:

Open a CMD prompt Navigate to c:\inetpub\adminscripts To disable for ALL sites, run the following command: cscript adsutil.vbs set w3svc/CertCheckMode 1 Hit the ENTER key To disable for SPECIFIC sites, run the following command: cscript adsutil.vbs set w3svc/siteid#/CertCheckMode 1 Hit the ENTER key

To query to see […]


IIS 7.5 – uploadReadAheadSize A developer recently reported a problem that when a customer attempted to upload an attachment, they would sometime receive the error:The page was not displayed because the request entity is too large.In our case it did not include an error number, but it will sometimes include the error number:



IIS 7 Presentation from Microsoft

IIS 7 architecture diagram

HTTP Request Processing in IIS

IIS 7 and above have a similar HTTP request-processing flow as IIS 6.0. The diagrams in this section provide an overview of an HTTP request in process.

The following list describes the request-processing flow that is shown in Figure 1:

When a client browser initiates […]

Page 1 of 212