IIS and Web Server Role

How can we improve IIS and the Web Server Role in Windows Server?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. IIS Module to Address Website Password Guessing

    A common technique for *********** Testers is to gain access to an account via brute force (many passwords against one account) or password spraying (one password against many accounts). Websites are a great target since they often lack the logging/alerting of these techniques. To address this some implement 2-factor yet this still provides the necessary feedback because only a successful authentication attempt will proceed to the 2-factor prompt.

    To address this I’ve create a PowerShell module which leverages Logparser to parse a website’s logs and identify such situations.

    https://www.powershellgallery.com/packages/WebsiteFailedLogins/1.0
    https://github.com/phbits/WebsiteFailedLogins

    While it’s a suitable solution, the downside is it’s a…

    2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • Allow the use of an IIS AppPools Admin to remotely control AppPools

      I would like to give my developers who are non-admins on the web server, the ability to control IIS AppPools for the websites they are developing. The ability to stop and start an IIS AppPools is an important part of development. I don't want to have to make them Administrators of the web server and I don't want them to have to use PowerShell to do this. I should be able to select an AppPool and give a specific user control of it without giving control to the other AppPools on the server, much like using IIS Manager Permissions to…

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • SSL support for Application Initialization module

        The Application Initialization module does a good job at warming-up websites so that the user doesn't experience any delays. Unfortunately this doesn't work for web applications that are SSL-only (see https://support.microsoft.com/en-us/help/2843964/application-initialization-module-fails-when-web-site-requires-ssl). At the same time one of the recommended practices for web APIs is to serve them SSL-only (see https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl).

        I would like to change the Application Initialization module to support application warm-up requests using the HTTPS-binding if one is available. For compatibility this could be an opt-in feature of the applicationInitialization configuration.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Display useful error information when web.config uses URL rewrite and rewrite extension is not installed

          On IIS 8.5, if you attempt to access a web application that uses URL rewriting on a machine that does not have the rewrite extension installed, you get a generic 500 error page with no information about the cause of the error, and nothing about the error shows up in the Event Log. Failed Request Tracing also failed to produce a log file.

          IIS should have validations to ensure that the extension is installed when <rewrite> is present in web.config.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • Bad Request responded with 404.xx

            Hey,
            I've found two strange behaviours of IIS.

            Code Snippet
            <httpErrors existingResponse="PassThrough" />
            <security>
            <requestFiltering>
            <requestLimits maxAllowedContentLength="5000000" />
            <verbs allowUnlisted="true">
            <add verb="HEAD" allowed="false" />
            </verbs>
            </requestFiltering>
            </security>
            Problem Description
            In this code snippet,

            Rejects the request if content size is bigger than 5 MBs. It responds with a 404. (404.13)
            Rejects the HTTP HEAD requests. It also responds with 404.
            Expected Behavior
            Since HTTP Status Codes are independent of the running platform, we expected a common message, not the IIS specific status code.

            For request limits, It should respond with 400 - Bad Request.
            image

            For ignored HTTP Method, It…

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • Please allow IIS Manager to manage remote servers

              IIS Manager is the only console that I use almost daily that cannot connect and manage remote IIS servers. The very some way as Computer management and other MMC consoles. I mean without creating IIS users.

              5 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  Flag idea as inappropriate…  ·  Admin →
              • Get-IISAppPool Doesn't Use Latest Information

                I believe I found a bug in the Get-IISAppPool PowerShell cmdlet.

                Create a script with the following:
                * Check if an application pool exists using:
                Get-IISAppPool -Name "Something"
                Where "Something" indicates an application pool name.
                * If the application pool exists, display some text.
                * Otherwise, create the application pool.

                1) Open a PowerShell window (as administrator) and run the script.
                2) The application pool does not exist and is created (correct).
                3) Do not close the window and run the script again.
                4) The script again indicates that the application pool does not exist and tries to create it…

                4 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • Let's encrypt integration

                  It would be great to integrate the ACME protocol in IIS. One of the reasons SSL isn't widely used is because it is complex and costly to set up.

                  What I would really like to see is in the "edit bindings" window, when choosing a certificate, an option to choose instead Let's Encrypt / ACME. IIS would automatically request the certificate through the ACME protocol and would automatically renew the certificate.

                  Obviously this would also be available through powershell (although keep in mind that primary users are likely to be unsophisticated GUI users, not sophisticated teams who run multiple instance…

                  37 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                  • Provide support for SHA256 Self Signed Certificates

                    Currently, creating Self Signed Certificates in IIS only allows you to create SHA1 algorithm Self Signed Certificates. However, SHA1 is being deprecated in favor of SHA256, therefore, IIS Manager should support creating SHA256 Self Signed Certificates instead (or prompt as to whether you wish to create an SHA1 or SHA256 Self Signed Certificate)

                    17 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      3 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • Add Global UrlRewrites Prior to assignment of AppPool

                      I would like the ability to do url rewrites that can define/alter which site & AppPool will handle the request. Ie handled in the base process Before being being passed to any app pool process.
                      This would avoid the need add/use an ARR proxy to achieve such mapping (which doesn't always work as a workaround).

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • [SMTP Server] - Add SMTP Server on the WindowsServerCore in Windows Continer Images

                        Please, Add the SMTP-Server on the Windows Server Core Container image.
                        I start to test the Windows Container, but the SMTP Server is a requiremento to my application.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Allow all roles, role services, features to have the option to be installed under a new site in IIS rather than under the Default Web Site.

                          Allow all roles, role services, features to have the option to be installed under a new site in IIS rather than under the Default Web Site. You should be able to choose to install say NDES role service, or ADCS Enterprise CA, or RDS roles under a separate website than the Default Web Site when adding roles and features to Windows Server. Also, would be nice to have multiple sites running on HTTPS using Port 443 this way and leveraging host headers to determine which site to load.

                          2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • PHP Manager & NET 2.0

                            Please remove or upgrade the dependency of the installer of PHP Manager, if the server has not .NET 3.5 installed the PHP Manager ICON want to appear inside IIS

                            I know that microsoft want to kill IIS for net core but resolve this error, i have to install NET 3.5, install php manager from Web Platform Installer and then remove NET 3.5 (I use 4.7.1)

                            Tnx

                            3 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                            • Bug: IIS 10 + HTTPS + response.flush() = request is duplicated

                              On windows server we installed IIS 10 and an SSL license

                              We observe that if we have a page that contains a response.flush() the request is executed twice (Get or POST)

                              on FF every request is duplicated, on chrome, IE and Edge the first request is duplicated after that the other request are executed normally (once)

                              This bug can be reproduced with a simple page with only:

                              <!--- start asp classic--->
                              <%
                              response.flush
                              %>
                              <!--- end asp classic--->

                              This is problematic with every browser, FF because all the requests are duplicated, even form submissions, others because bug this can happen…

                              3 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • CLI / PowerShell / WMI - Create a command to get/collect/List Application Pool Performance.

                                The ideia:

                                Crate a command to get/list/Collect information about Application Pool Performance Monitor.

                                - CPU in use
                                - Memory in use
                                - Disk in use
                                - Network in use
                                - How many connection on the application pool
                                - PID Number
                                - Command line with name, version and ...

                                3 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • Missing help & command for IISAdministration Module

                                  Relatively new to the PowerShell space and I apologize if this is a non-issue and just a user error.

                                  Missing help from IISAdministration Module
                                  OS: Microsoft Windows 10 Education (10.0.16299 N/A Build 16299)
                                  Hotfixes Installed: [01]: KB4053577 [02]: KB4056887 [03]: KB4057247
                                  [04]: KB4058043 [05]: KB4088785 [06]: KB4093110
                                  [07]: KB4054517

                                  Repro for missing: Get-Command
                                  Import-Module .\IISAdministration.psm1
                                  Get-Command -Module IISAdministration
                                  Returns: Null

                                  Repro for missing: Help
                                  Save-Module -Name IISAdministration {$env:Path}
                                  help *iis*
                                  Returns Null
                                  cd into the saved locale.
                                  Invoke-Item .\IISAdministration_07640789-476a-4713-a091-f5b365129c32_HelpInfo.xml

                                  The help URI returns error: This site can’t be reached

                                  <HelpContentURI>http://go.microsoft.com/fwlink/?linkid=216321</HelpContentURI>

                                  The other listed url in the helpinfo.xml file…

                                  2 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Support brotli compression

                                    There are third party modules to support brotli compression but this should be supported by IIS out of the box. Also it looks like it conflicts with the priority IIS uses to pick which compression to use: https://serverfault.com/a/896234/451530

                                    3 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Creating a task scheduler in IIS

                                      If you want to run a task on a schedule (as in every 10 minutes, every hour, the first day of the month, etc), you currently have to rely on external schedulers to trigger these tasks (windows scheduled tasks, azure jobs, etc). However for short running tasks, it should be possible to define a schedule in web.config, with IIS calling a page on schedule. This would make an IIS website a lot cleaner / self contained that having to rely on an external scheduler.

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Upgrade WebDeploy to use SQL SERVER 2017 files

                                        Upgrade WebDeploy to use SQL SERVER 2017 files. Right now web deploy for hosting providers uses sql server 2012 files like scriptdom, types etc

                                        2 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Please fix FTPS implementation; PROT does not impose proper protection level.

                                          The above issue makes it impossible to use an IIS FTP Server with popular clients. Clients have started disabling any ability for nonstandard protocol negotiation.

                                          https://forum.filezilla-project.org/viewtopic.php?t=35275#p131841
                                          https://www.mail-archive.com/lftp@uniyar.ac.ru/msg03761.html

                                          3 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1
                                          • Don't see your idea?

                                          IIS and Web Server Role

                                          Feedback and Knowledge Base