DotNetPanel S&M Blog

URL Rewrite Module - Go Live release

kent — Thu, 11 Sep 2008 22:34:00 GMT

Today IIS team has made the Go Live release of URL Rewrite Module for IIS 7.0 available for download. This release contains significant functionality and performance improvements and it is believed to have a quality level suitable for production deployments.

http://blogs.iis.net/ruslany/archive/2008/09/11/url-rewrite-module-go-live-release.aspx

Update for IIS 7.0 FastCGI module

kent — Wed, 10 Sep 2008 20:43:00 GMT

IIS team has recently released an update for IIS 7.0 FastCGI module that fixes compatibility problems with several popular PHP applications. In particular, the update changes the behavior of FastCGI module in the following ways:

REQUEST_URI server variable set by FastCGI module now includes query string and path info. Previously, lack of the query string in this server variable caused the popular CMS application Drupal to not work with FastCGI on IIS 7.0
REQUEST_URI server variable now contains the originally requested URL path before any URL rewriting was performed. Prior to this fix, the server variable used to contain a final rewritten URL, which caused problems when using URL rewriting to enable “pretty permalinks” for popular blog engine Wordpress.

Note that above mentioned problems do not exist in IIS 6.0 FastCGI Extension, which always has been setting the REQUEST_URI server variable correctly.

The update is available for download from the following locations:

Warning: if your PHP application was coded in a way so that it relied on the REQUEST_URI server variable to contain the requested URL without a query string or to contain the final rewritten URL, then installing this update may break your application. Before applying the update, please make sure that your application does not rely on incorrect behavior of FastCGI module.

Don’t run production ASP.NET Applications with debug=”true” enabled

kent — Wed, 10 Sep 2008 20:34:00 GMT

One of the things you want to avoid when deploying an ASP.NET application into production is to accidentally (or deliberately) leave the <compilation debug=”true”/> switch on within the application’s web.config file.

Doing so causes a number of non-optimal things to happen including:

1) The compilation of ASP.NET pages takes longer (since some batch optimizations are disabled)

2) Code can execute slower (since some additional debug paths are enabled)

3) Much more memory is used within the application at runtime

4) Scripts and images downloaded from the WebResources.axd handler are not cached

This last point is particularly important, since it means that all client-javascript libraries and static images that are deployed via WebResources.axd will be continually downloaded by clients on each page view request and not cached locally within the browser. This can slow down the user experience quite a bit for things like Atlas, controls like TreeView/Menu/Validators, and any other third-party control or custom code that deploys client resources. Note that the reason why these resources are not cached when debug is set to true is so that developers don’t have to continually flush their browser cache and restart it every-time they make a change to a resource handler (our assumption is that when you have debug=true set you are in active development on your site).

When <compilation debug=”false”/> is set, the WebResource.axd handler will automatically set a long cache policy on resources retrieved via it – so that the resource is only downloaded once to the client and cached there forever (it will also be cached on any intermediate proxy servers). If you have Atlas installed for your application, it will also automatically compress the content from the WebResources.axd handler for you when <compilation debug=”false”/> is set – reducing the size of any client-script javascript library or static resource for you (and not requiring you to write any custom code or configure anything within IIS to get it).

What about binaries compiled with debug symbols?

One scenario that several people find very useful is to compile/pre-compile an application or associated class libraries with debug symbols so that more detailed stack trace and line error messages can be retrieved from it when errors occur.

The good news is that you can do this without having the have the <compilation debug=”true”/> switch enabled in production. Specifically, you can use either a web deployment project or a web application project to pre-compile the code for your site with debug symbols, and then change the <compilation debug=”true”/> switch to false right before you deploy the application on the server.

The debug symbols and metadata in the compiled assemblies will increase the memory footprint of the application, but this can sometimes be an ok trade-off for more detailed error messages.

The <deployment retail=”true”/> Switch in Maching.config

If you are a server administrator and want to ensure that no one accidentally deploys an ASP.NET application in production with the <compilation debug=”true”/> switch enabled within the application’s web.config file, one trick you can use with ASP.NET V2.0 is to take advantage of the <deployment> section within your machine.config file.

Specifically, by setting this within your machine.config file:

<system.web>

</system.web>

</configuration>

You will disable the <compilation debug=”true”/> switch, disable the ability to output trace output in a page, and turn off the ability to show detailed error messages remotely. Note that these last two items are security best practices you really want to follow (otherwise hackers can learn a lot more about the internals of your application than you should show them).

Setting this switch to true is probably a best practice that any company with formal production servers should follow to ensure that an application always runs with the best possible performance and no security information leakages. There isn’t a ton of documentation on this switch – but you can learn a little more about it here.

URL Rewrite for IIS7

kent — Thu, 26 Jun 2008 00:05:00 GMT

Finally Microsoft has released URL Rewrite Module for IIS 7.0 CTP1. Many hosting providers were asking about this.

Now you can move a php website hosted with Apache to IIS7 and manage to get url rewrite rules to work in minutes.

Download from http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1691

Forum at http://forums.iis.net/1152.aspx

Documentation at http://learn.iis.net/page.aspx/460/using-url-rewrite-module/

IIS 6.0 HTTP compression

kent — Wed, 25 Jun 2008 23:44:00 GMT

I'm sure you guys know about http compression settings from IIS 6 can seriously improove your web site load speed but ever wondered how to enable http compression for .aspx, .asmx, .php files?

Well wonder no more.

To add one or more file types to the server-wide static compression configuration

From the Start menu, click Run.

In the Open box, type cmd, and click OK.

Type both of the following commands:

	cscript adsutil.vbs SET W3SVC/Filters/Compression/Deflate/HcFileExtensions "htm html txt newext" where newext is a file type you want to compress (for example, Microsoft Word or Excel documents), then press ENTER. You can add multiple file types separated by spaces.
	cscript adsutil.vbs SET W3SVC/Filters/Compression/gzip/HcFileExtensions "htm html txt newext" where newext is a file type you want to compress, then press ENTER. You can add multiple file types separated by spaces.

Note

To remove one or more file types from the server-wide static compression configuration, repeat the previous two commands, leaving out the file type you want to remove.

To add one or more file types to the server-wide dynamic compression configuration

From the Start menu, click Run.

In the Open box, type cmd, and click OK.

Type both of the following commands:

	cscript adsutil.vbs SET W3SVC/Filters/Compression/Deflate/HcScriptFileExtensions "asp dll exe newext" where newext is a file type you want to compress (for example, aspx, a commonly used ASP extension), then press ENTER. You can add multiple file types separated by spaces.
	cscript adsutil.vbs SET W3SVC/Filters/Compression/gzip/HcScriptFileExtensions "asp dll exe newext" where newext is a file type you want to compress, then press ENTER. You can add multiple file types separated by spaces.

Note

To remove one or more file types from the server-wide dynamic compression configuration, repeat the previous two commands, leaving out the file type you want to remove.

Related Information

For a detailed discussion of how HTTP compression works, how to test compression, and detailed compression configuration options, see Using HTTP Compression for Faster Downloads.

Finally to test your configuration use this tool:

http://www.port80software.com/tools/compresscheck.asp

PHP security

kent — Wed, 25 Jun 2008 23:32:00 GMT

Ever wanted to know more about securing your php web sites? The information and tools from PHPSecInfo is the perfect place to start.

PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.

Linux Losing Market Share to Windows Server

kent — Thu, 01 Nov 2007 20:43:00 GMT

Surfing the internet and some news websites last night I found 2 very and i mean very interesting articles. Finally some of my predictions came true.

Check out the links:

Linux Losing Market Share to Windows Server

Windows Server Woos Linux Customers

Windows Server 2008 Features Address Linux Challenge

DotNetPanel Integration API

kent — Wed, 24 Oct 2007 11:48:00 GMT

Have you ever wanted to interact with DotNetPanel from your website or your application?

You can find a document we use for our integration partners describing methods intended for creating and maintaining state for user accounts, hosting spaces and so on at http://www.dotnetpanel.com/downloads/?CategoryID=8

You can also download DotNetPanel Web Portal sources (VS2005 solution) from our site and take a look how to it interacts with DotNetPanel ES by using SOAP.

The Windows 2008 Road Show is coming to a city near you!

kent — Wed, 24 Oct 2007 06:47:00 GMT

Microsoft is hosting a World Wide Windows Server 2008 Road Show. This is a unique opportunity to learn about and gets hands-on experience with our latest Web server technology-Microsoft Windows Server 2008 and Internet Information Services 7. Myself and probably some of my teammates will be at EMEA road shows and hope you can come out and join us!

Now DotNetPanel offers support for Windows Server 2008, IIS7 and FTP7. Check out the press release here. We have a surprise for all atendees but i can't tell you now what is it all about.

ABOUT THE TRAINING:
IIS 7 is our most ambitious Web server to date and has many features that directly benefit the hosting community. IIS 7 will reduce total cost of ownership, improve manageability, and create new business opportunities.

Here are a few examples of what you can do with IIS 7:

Scale your infrastructure

Easily sandbox thousands of Web sites on a single server
"Xcopy" deployment of sites and servers with the new, file-based configuration system

Reduce costs

Remote Web server administration tool allows site owners and developers to control delegated Web site features
Runtime Status and Control API provides rapid access to detailed diagnostic information.

Go to market faster

Extensible, modular architecture allows you to quickly bring new features to market
Deeply integrate IIS into your environment using public configuration and control APIs
World-class performance and reliability hosting of ASP, ASP.NET, and PHP applications
New, extensible FTP Server providing secure connections, improved site isolation and more

Use the IIS FastCGI component, now part of IIS7 in Windows Server 2008 to run and optimize the performance of PHP.

Starting the DotNetPanel Blogs

kent — Tue, 04 Sep 2007 23:30:00 GMT

Hello everyone. I'm Dan Petru, Sales & Marketing Specialist at DotNetPanel Software.

I am extremely pleased to be the first starting this blog. I will try to post interesting stuff here.

I always wanted to have a blog but I never had the time. So much information cross my eyes daily and sometimes I have to write my thoughts because I keep to forgetting things.

You guys wanted us from DNP to have blogs and write stuff. So, because all my team is really busy with the new website and complicated code for the latest Microsoft Software - DotNetPanel integration (new service providers) I have to keep your attention. I'm the guy with advertising, sales, small technical support, researching new ideas and possibilities.

I have 3 years experience in hardware, 2 years in selling software and 2 years in the hosting world and .net software. I'm the guy for pretty much anything in everything. In the last year I’ve managed to build a small size datacenter from 0 and a hosting environment based on Microsoft and DotNetPanel software that pretty much runs by itself. We would probably meat at the EMEA Hosting Roadshows that we plan to participate.

I want to tell you a little secret. I have some experience in .net coding and I’ve never seen with my eyes so well written source code like Feodor and Pavel writes. In my opinion DotNetPanel success it's based on their clean & quality code. I can hardly wait to see support in DotNetPanel for the new Windows Server 2008. Not to mention Windows Media Services. The second thing that I noticed to my team is the support. My god, they rock. They should be an example for all software companies when it comes to technical support. I've learned here what is the meaning of Gold Class Technical Support.
So, enough about them.

I hope I will be at least the half as fast they are.

I want to ask you what do you want me to write in my blog. Do you want DotNetPanel team related info? Do you want new DotNetPanel documentation, web hosting guidance & best practices ? Early information of future DotNetPanel service providers ? With what do you want me to start?

See you soon!