Home / user-35550

caesay's questions

Martin Hope
caesay
Asked: 2019-02-01 03:36:23 +0800 CST
  • 5

I need to remove the 'Server' header from all http requests coming to my IIS site due to PCI DSS scanning restrictions. I am running the latest version of Windows Server 2016 using the latest version of IIS 10. The IIS Request Filtering role is installed in Roles and Features.

My configuration file looks like this:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <security>
      <requestFiltering removeServerHeader="true" />
    </security>
  </system.webServer>
</configuration>

I am serving a static file, for the purposes of this test, it is called index.html and contains <html></html>.

After creating the config file, restarting IIS, and requesting the file, IIS is still sending the Server header:

enter image description here

The only other way I know of is to install the IIS-rewrite module, however this is extremely undesirable as we are running a server farm and this would need to be done to multiple servers and server images.

Are there any other things I can try to get request filtering working?

Is there any other way to remove the Server header which doesn't require IIS-rewrite?

P.S. I can reproduce this on multiple servers by creating a new site in IIS, and creating an index file and a web config as above - it feels like i'm missing something obvious.

windows
Martin Hope
caesay
Asked: 2016-10-21 00:27:20 +0800 CST
  • 1

I need to disable insecure cypher suites on a server with Windows Server 2012 R2 to pass a PCI vulnerability scan. From the research I've done it seems this is to done in IIS with some registry updates, and I've compiled a list and ran them.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128]
"Enabled"=dword:00000000

After applying the above, restarting, and re-running the scan, it still fails the test as having RC4 suites enabled. So i did some more digging and a google search revealed a patch for SCHANNEL: KB2868725, so i tried installing that but it was incompatible with the system (RC2 has it installed already).

After that I tried IIS Crypto, which already showed R4 cyphers disabled (via the registry keys i changed earlier) but I turned on PCI mode and it disabled a bunch more suites / ciphers. After a restart I was optimistic but a scan still is still failing.

It seems from additional research that 2012 R2 should have the functionality to disable RC4 built in, and IIS should honour this, but its not doing so, so I don't know where to go from here.

security iis cryptography windows-server-2012-r2
Martin Hope
caesay
Asked: 2012-06-14 17:23:37 +0800 CST
  • -1

So I have a server, and I'm being reported different/strage memory from several locations and I'm having trouble understanding what it all means.

Take this for example:

root@****:~# free -m
             total       used       free     shared    buffers     cached
Mem:         16078      13857       2220          0        227      11032

You'll see that I have 16G of ram, and its showing that nearly 14G of that is being used, but its not. Now I'm not blind, I see that it says "cached: 11032" but what does that mean? and why would that much memory be "cached"? what is it being cached for? why?

top is reporting the same as free, but htop is reporting different: htop output http://mc.socialshock.net/screenshots/2012-06-13_1915.png (2572/16078)

Also, webmin is reporting the same as htop.

So what is it, really? what is all that memory going too, even though its "cached" can an application still use it if it needs?

debian cache memory
Martin Hope
caesay
Asked: 2011-11-01 13:59:52 +0800 CST
  • 13

Running multiple scp threads simultaneously:

Background:

I'm often finding myself mirroring a set of server files a lot, and included in these server files are thousands of little 1kb-3kb files. All the servers are connected to 1Gbps ports, generally spread out in a variety of data-centers.

Problem:

SCP transfers these little files, ONE by ONE, and it takes ages, and I feel like I'm wasting the beautiful network resources I have.

Solution?:

I had an idea; Creating a script, which divides the files up into equal amounts, and starts up 5-6 scp threads, which theoretically would then get done 5-6 times faster, no? But I don't have any linux scripting experience!

Question(s):

  • Is there a better solution to the mentioned problem?
  • Is there something like this that exists already?
  • If not, is there someone who would give me a start, or help me out?
  • If not to 2, or 3, where would be a good place to start looking to learn linux scripting? Like bash, or other.
linux centos scp multi-threading