Server harderning SSL & TLS connection on Windows Server with IIS Crypto 2.0

Hardening your SSL/TLS connections is very common thing to do on any Windows Server running IIS that utilize HTTPS to ensure your secure connections really are secure.

ssllabs

IIS Crypto 2.0 definitely make your life easier. Just apply the best practices.

iiscrypto2

Reference: https://www.nartac.com/Products/IISCrypto

Advertisements

Web.config Reverse proxy setup for IIS with URL Rewrite

<?xml version=”1.0″ encoding=”UTF-8″?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name=”ReverseProxyInboundRule1″ stopProcessing=”true”>
<match url=”(.*)” />
<action type=”Rewrite” url=”https://<intranet.app>/{R:1}” />
<serverVariables>
<set name=”HTTP_X_ORIGINAL_ACCEPT_ENCODING” value=”{HTTP_ACCEPT_ENCODING}” />
<set name=”HTTP_ACCEPT_ENCODING” value=”” />
</serverVariables>
</rule>
</rules>
<outboundRules>
<clear />
<rule name=”RestoreAcceptEncoding” preCondition=”NeedsRestoringAcceptEncoding”>
<match serverVariable=”HTTP_ACCEPT_ENCODING” pattern=”^(.*)” />
<conditions logicalGrouping=”MatchAll” trackAllCaptures=”true” />
<action type=”Rewrite” value=”{HTTP_X_ORIGINAL_ACCEPT_ENCODING}” />
</rule>
<rule name=”ReverseProxyOutboundRule1″ preCondition=”ResponseIsHtml1″>
<match filterByTags=”A, Form, Img” pattern=”^http(s)?://https://<intranet.app>/(.*)” />
<conditions logicalGrouping=”MatchAll” trackAllCaptures=”true” />
<action type=”Rewrite” value=”https{R:1}://<internet.app>/{R:2}” />
</rule>
<preConditions>
<preCondition name=”ResponseIsHtml1″>
<add input=”{RESPONSE_CONTENT_TYPE}” pattern=”^text/html” />
</preCondition>
<preCondition name=”NeedsRestoringAcceptEncoding”>
<add input=”{HTTP_X_ORIGINAL_ACCEPT_ENCODING}” pattern=”.+” />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>

How to Fix Error ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY on Chrome Browser

Overview

The following error occurs when accessing https using Google Chrome:

ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY

chromeerr

Environment

  • IIS 8.0 & above, Windows Server 2016

Resolution

  1. Open the registry editor.
  2. ON the server, navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
  3. Create the following entries:

EnableHttp2Tls REG_DWORD 0

EnableHttp2Cleartext REG_DWORD 0

fixchromeissue

  1. Reboot the server.

DevOps Maturity Level

Why need microservices?

Principles of microservices architecture design

Dynamic Row Level Security with Organizational Hierarchy Power BI

https://goo.gl/qAjsMW