Allow Microsoft symbol server through firewall - visual-studio

We have a new setup where we don't have internet access for our machines which we code on. (Stupid Idea in my opinion). Our Network Security department wants to know if the following URL is the only URL needed to allow firewall access to Microsoft's Symbol server.
msdl.microsoft.com/download/symbols
Is this the same URL that visual studio uses when it goes off and tries to download the needed .pdb files when debugging?

If you navigate to that url you will see you get an HTTP 302 response, which redirect you to another URL depending on what symbol you request for. I hope your firewall supports pattern matching for URLs.
Here is a non exhaustive list i got from my windows server 2016 c++ project
vsblobprodscussu5shard1.blob.core.windows.net
vsblobprodscussu5shard3.blob.core.windows.net
vsblobprodscussu5shard10.blob.core.windows.net
vsblobprodscussu5shard11.blob.core.windows.net
vsblobprodscussu5shard13.blob.core.windows.net
vsblobprodscussu5shard14.blob.core.windows.net
vsblobprodscussu5shard18.blob.core.windows.net
vsblobprodscussu5shard19.blob.core.windows.net
vsblobprodscussu5shard20.blob.core.windows.net
vsblobprodscussu5shard21.blob.core.windows.net
vsblobprodscussu5shard24.blob.core.windows.net
vsblobprodscussu5shard32.blob.core.windows.net
vsblobprodscussu5shard37.blob.core.windows.net
vsblobprodscussu5shard38.blob.core.windows.net
vsblobprodscussu5shard56.blob.core.windows.net
vsblobprodscussu5shard65.blob.core.windows.net
vsblobprodscussu5shard80.blob.core.windows.net
vsblobprodscussu5shard81.blob.core.windows.net

Related

Issue in deploying website with .srf files on IIS

I am facing an issue in deploying website with .srf files on IIS. Getting an isapi module error. Installed asp.net, extensibility, CGI and ISAPI restrictions as required.
HTTP Error 500.0 - Internal Server Error
There is a problem with the resource you are looking for, so it cannot be displayed.
Most likely causes:
• The path to the ISAPI Filter is incorrect.
• IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred.
• IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.
• IIS was not able to process configuration for the Web site or application.
• The authenticated user does not have permission to use this DLL.
Detailed Error Information:
Module: IsapiModule
Notification: ExecuteRequestHandler
Handler : TestRemote
Error Code: 0x8007007e
Requested URL: http://localhost:80/TestRemote/Banner.srf
Physical Path D:\wwwroot\Test\TestRemote\Banner.srf
Logon Method Anonymous
Logon User Anonymous
According to your description and error message, it seems there are something wrong about creating mapping for the .srf file.
I suggest you could try to follow below steps to re-add the mapping for mapping between files with the .srf and .dll extensions and the new ISAPI extension DLL.
Steps as below:
1.Generate an ATL Server ISAPI extension DLL using the ATL Server Project Wizard.
2.Build the ISAPI extension DLL and copy it to your Web server.
3.Create a mapping between files with the .srf and .dll extensions and the new ISAPI extension DLL.
For example:
(1)Run Internet Services Manager.
(2)Right-click the appropriate Web site or virtual directory in the tree and click Properties on the shortcut menu.
(3)Click the Home Directory or Virtual Directory property page.
(4)Click the Configuration button.
(5)Click the App Mappings property page.
(6)Click Add.
(7)Enter the path to your ISAPI DLL in the Executable text box.
(8)Enter .srf in the Extension text box.
(9)Click OK.
(10)Click Add.
(11)Enter the path to your ISAPI DLL in the Executable text box.
(12)Click .dll in the Extension text box.
(13)Click OK until all dialog boxes are accepted.

WordPress Website shows 403 error when accessing wp-admin/ajax.php page from front end

I am running a WordPress on an Azure Web app connecting to a MySQL server on a different Windows server. When loading the mentioned page in Chrome, it shows 2 popups 403 & Forbidden. Checking the console throws this error - ecbcc.js:2 POST /wp-admin/admin-ajax.php 403 (Forbidden)
This works fine on FireFox & IE but not on Chrome. Any ideas why?
This is because of your cache. Minified version of JS is causing the issue in chrome browser. Check or purge the cache and check for the permissions applied to cached files as well.
I faced the same issue but it took a long time for me to fix it. Because my solution was not caused by common things like cache, .htaccess, files permissions, etc. I apply all the possible solutions as described here. When nothing worked for me, then I talked with my hosting provider and the issue was on their side. Actually, the server has black-listed my IP.
Below is the reply from the support of my hosting provider:
After checking it, it looks like the issue is caused by trigger
ModSecurity rules.
ModSecurity is an Apache module that works as a web application
firewall. It blocks known exploits and provides protection from a
range of attacks against web applications. However, sometimes,
mod_security may incorrectly determine that a certain request is
malicious, while it is actually legitimate. In such a situation, we
can whitelist the triggered mod_security rule on the server, so that
you can bypass the block.
In order to properly investigate, we need you to share your IP address
with us. You can copy it from here: https://ip.web-hosting.com/
Looking forward to your response.
This error can appear for more than one reason. Except for the accepted answer, if you are using a shared hosting solution as a server then it would be best to contact the support of the service. Also if you use Plesk or Cpanel you can check the server logs to see if there is any false positive rule that from mod_security that catches the error. Then you can find the error that could look something like that:
ModSecurity: Warning. Match of "test file" against "REQUEST_FILENAME" required. [file "/etc/httpd/conf/modsecurity.d/rules/custom/006_i360_4_custom.conf"] [line "264"] [id "77140992"]
You can apply the ID on your firewall exclusion list (if this is provided by your hosting service) and then the server will not block the request anymore.
IMPORTANT: If you are not sure what you are doing, ask your hosting provider for support. Experimenting on live servers/sites is not the best option and I would strongly recommend avoiding it.

WebMatrix 2 site problems on upload to host

I have developed a Web Pages 2 website for my company using WebMatrix 2 that includes a simple SQL Compact Edition (.sdf file) database. Sounds simple. Runs perfectly on my local development box.
However, upon FTP to my Web host, it's a no-go. The first error I received was this:
Server Error in '/' Application.
Unable to find the requested .Net Framework Data Provider. It may not be installed.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ArgumentException: Unable to find the requested .Net Framework Data Provider. It may not be installed.
Source Error:
Line 1: #{
Line 2: WebSecurity.InitializeDatabaseConnection("Omniflow", "UserProfile", "UserId", "Email", true);
Line 3: }
I have searched and searched and searched the Internet, trying to find out what the source of this problem is and how to fix it. I haven't found the answer yet. I gather than apparently some needed assemblies/dlls are not being uploaded with the application. I have tried both FTP and the Web Deploy method with no fix.
Is this the root of the problem? And why does WebMatrix not upload all its dependencies? If it cannot, why is there nothing in the online literature from Microsoft--and it should come from Microsoft--or anyone else describing this issue?
Are you using one of the hosting sites listed on the Microsoft WebMatrix page: http://www.microsoft.com/web/webmatrix/ ? I know that when I deployed my WebMatrix site to a generic IIS server, it took some extra DLL's in the bin directory, and a couple of settings to be fine tuned before it worked.
While publishing check whether your have selected Database file( .sdf file ) or not.If not then select it and publish.
Hope it will work for you.
Ensure that you have all the SqlCE DLLs required for accessing the SqlCE database.
They should be present in the bin\, bin\x86\ and bin\AMD64\ folders.
You can try creating a new site using Site from Template -> Empty Site (ASP.NET) and checking the bin folder to see which all dlls are present.
If you don't already have them in your site, add them. That should solve your problem.

Team test: Failing load. Request failed: The server committed a protocol violation. Section=ResponseHeader Detail=CR must be followed by LF

The folk in the QA department use visual studio team test (2008 IIRC) to run load tests against our web application.
The latest set of tests have failed on several pages. The error reported is
Request failed: The server committed a protocol violation. Section=ResponseHeader Detail=CR must be followed by LF
Searching for this using google yields quite a few results. it would appear that this error message is generated from the .Net framework WebRequest class (i.e. it is not a visual studio specific message). The most useful result is this one, which details my exact problem and how to suppress the error.
But of course, I want to get to the bottom of why this error occurs in the first place. Here are some more facts: -
This error never used to occur when the tests were run against an older version of the web app. The web app. host OS and web server (Win 2003 and IIS 6) are identical in both cases.
Not all the pages generate this error - only some.
The only significant change to these pages (that I can think of) is that they now use some AJAX whereas before they did not (IIRC)
In order to narrow down the problem, I created the simplest page that I could to replicate the problem. Luckily, that was not too hard. I then inspected the bytes in the header using Fiddler but I could not find an occurrence of a CR (0x0D) that was not followed by a LF (0x0A).
The raw HTTP response (as stored from Fiddler by response saving bytes - so its encoding should not have been altered during the save) is here as text if you don't believe me!
So now I am left thinking that the supposed error might be a false alarm. Does anyone else have experience of this/can help shed light?
This is definitely not a false alarm - I've been getting this error in my app a lot while trying to communicate with Facebook API.
I've just stumbled upon this response from Steven Cheng - http://www.velocityreviews.com/forums/t302174-why-do-i-get-the-server-committed-a-protocol-violation.html - and let me quote him:
From your description, you're using
the HttpWebRequest component to send
some http request to some external web
resource in your ASP.NET web
application. However, you're always
getting the "The server committed a
protocol violation.
Section=ResponseStatusLine" error
unless you set the following section
in the web.config file:
<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing="true" />
</settings>
</system.net>
And you're wondering the cause of this behavior, correct?
As for this issue, I've performed some
research on this and found that the
problem is actually caused by the
critical http header
parsing/validating of the
HttpWebRequest component. According to
the Http Specification(http1.1), the
HTTP header keys shoud specifically
not include any spaces in their names.
However, some web servers do not fully
respect standards they're meant to.
Applications running on the Dotnet
framework and making heavy use of http
requests usually use the
httpWebRequest class, which
encapsulates everything a web oriented
developer could dream of. With all the
recently issues related to security,
the "httpWebRequest" class provides a
self protection mechanism preventing
it to accept HTTP answers which not
fully qualify to the specifications.
The common case is having a space in
the "content-length" header key. The
server actually returns a "content
length" key, which, assuming no spaces
are allowed, is considered as an
attack vector (HTTP response split
attack), thus, triggering a "HTTP
protocol violation error" exception.
Will try if this helps right now and post results later

IIS 7.5 under Win7 Prof. 64bit Returning Blank Page (No HTML at all)

I am trying to setup my development environment in Windows7 and am having trouble getting IIS to work. I have set everything up like I have been doing since IIS6 so I have the basics down. My problem must be in something that has changed between IIS7 and IIS7.5 or in the OS.
None of my websites will return html. Not the default site and not a newly added site.
If I
telnet localhost 80
Then at the blank screen
GET / <enter>
I get nothing, not a single header or HTML element.
If I enter garbage instead of a GET request I get the following HTML:
HTTP/1.1 400 Bad Request Content-Type:
text/html; charset=us-ascii Server:
Microsoft-HTTPAPI/2.0 Date: Thu, 17
Sep 2009 17:04:01 GMT Connection:
close Content-Length: 326
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <HTML><HEAD><TITLE>Bad
Request</TITLE> <META
HTTP-EQUIV="Content-Type"
Content="text/html;
charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid
Verb</h2> <hr><p>HTTP Error 400. The
request verb is invalid.</p>
</BODY></HTML>
So that proves IIS is there and handling requests on port 80.
In my IIS Logs path, I have no files at all. So for whatever reason logs aren't being written.
If I view the Basic Settings on the Web Site in IIS Manager then click the Test Connection button I get an error related to permissions:
The server is configured to use
pass-through authentication with a
built-in account to access the
specified physical path. However, IIS
Manager cannot verify whether the
built-in account has access. Make sure
that the application pool identity has
Read access to the physical path. If
this server is joined to a domain, and
the application pool identity is
NetworkService or LocalSystem, verify
that \$ has
Read access to the physical path. Then
test these settings again.
My AppPool is running as ApplicationPoolIdentity which doesn't seem to be a real user, so I can't give ApplicationPoolIdentity file permissions. I did as a test give IIS_IUSR and everybody else I could find full access to the path.
No matter what I have done up to this point, I have not seen IIS say the permissions are correct. However, I have also never seen an error, especially not a permissions error (300s).
So, any ideas? I have tried to completely remove IIS, c:\inetpub and then reinstall everything. I am basically doing the default setup here, so it must be something simple.
Thanks for your time...
I solved it. For anybody else having the issue, here is what I did.
First to replicate the issue: I was installing IIS by choose "ASP.NET" in the Add/Remove Windows features menus. This was selecting everything needed for IIS to run .NET apps, but interestingly it couldn't serve static pages (.html, css, js etc.) My test page was just a hello world .html page, so that is why it wasn't being served.
To fix it: To enable serving of Static content you must specifically choose "Static Content" under Common HTTP Features in the same Add/Remove Windows Features list. Once you do this my test page worked fine.
In summary: I don't understand how a typical .NET would run without static content (CSS, Images, Javascript), so I don't know why MS wouldn't include Static Content by default when choosing ASP.NET. Perhaps my workflow in installing IIS was wrong.
I'm sure there was a way to trace the flow of the request to find static content requests were getting blocked, but I don't know how to do that.
Matt Cofer's resolution is correct: in order to view static content you must have installed the Static Content feature during your initial installation. However, I found that Add/Remove features did not work for me: it only showed a subset of features and nothing to do with IIS.
So... here's another way to install Static Content:
Open Server Manager
Start Menu > type "server manager" in search field > click resulting link
Expand the Roles node
Right-click Web Server (IIS) node to view context menu
Select Add Role Services from the context menu
When the Add Role Services window opens, navigate to Web Server > Common HTTP Features
Enable Static Content
Click Next

Resources