IIS 6 closes connection - how to keep it persistent? - iis-6

My company has two test servers modelled after customer configurations,
one with Windows Server 2003 SP2, IIS 6 and Tomcat 5.5,
one with Windows Server 2008 R2, IIS 7 and Tomcat 6.
Both IIS are configured to use Windows Authentication and have an ISAPI filter for Tomcat.
With the IIS 6 machine, the server closes every authenticated http connection by sending the header "Connection: close". With the IIS 7 machine, the server uses persistent connections, and sends the header "Persistent-Auth: true". The customer with IIS 6 has the same connection-closing behaviour as our test server, which triples the number of network roundtrips due to NTLM authentication.
Why is the IIS 6 server closing connections, and how can I make it use persistent connections?
I have RDP admin access to both servers, and will happily provide any useful information and make experiments.
UPDATE:
I found that the problem is partially caused by an outdated version of the ISAPI filter (isapi_redirect.dll). After updating that filter to 1.2.32, I no longer get the "Connection: close" header for html pages. However, I still get it when the client applet accesses a service which returns serialized Java objects.

I found that the problem had nothing to do with authentication. The Tomcat servlet uses chunked transfer encoding for its response, and the ISAPI filter was not configured to handled it, which seems to force IIS 6 to close the connection. IIS 7 seems to collect the response chunks, and sends the whole response, un-chunked, to the caller.
After upgrading to version 1.2.32 and enabling chunked encoding using the enable_chunked_encoding property of the ISAPI filter, as described in the reference guide, connections are no longer closed.

Related

.Net Core 5 API keeps returning the same IP

In my .net core 5 api I need to get the remote IP from request. It works fine on my test server.
Checked it several times from different networks.
BUT
on my client's server, I'm getting the same IP address regardless from where I'm calling the API.
So, my problem is that on my server everything works fine, but on client's server, I'm getting false IP address.
I've installed the .Net 5 SDK
I've compared it to my server and IIS (different versions of IIS, but configuration seems fine)
Any ideas?
I will assume that you have LB environment. SO most probably you getting the LB IP.
If this is the case. you should configure the LB to allow HTTP header transfer to the internal requests. Especially if you use internal HTTP direction across the DMZ.
mainly you can rely on "x-forwarded-for" and the proxy server (LB) will fill that in and pass it to your internal servers.
After talking to my client, apparently he knew that the server is in fact behind NAT (asked him about that before and he denied it🤷‍♂️)

How to forbid requests using low version of ssl?

There is a windows 10 server in which tls1.0,ssl3 are disabled by IISCrypto for refusing weak ssl protocol from client requests. tls1.1 and tls1.2 are disabled on the client system and just ssl3 is enabled on it and will be expected any requests from client to server be refused.I'm using IIS10 and an asp mvc project website that is loaded on .I've searched and figure out there is no way to reject these request in asp mvc.The only way was using something like this System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
but doesn't work at all.By using wireshark and just look at Client Hello I realized the connection between server and client is stablished by tls1.2. I think my question is clear and no need to give code anymore.
Is there any help ?

how HTTPS request is handled by IIS server

I am trying to understand the working of HTTP , IIS and sql server.
I am having an IIS 7 server in my environment which is interacting with a sql database server.
The architecture is
Apache ----> IIS -----> SQL server
The Apache is a reverse proxy server which is sending the HTTP request to the IIS server and from there IIS server is interacting with the SQL database connecting by different application pools for different applications.
My query is if some request has been forwarded by the Apache server and it has reached the IIS ; after that, if the network between the Apache and IIS is having any packet drops ;
Will that have any affect to the performance of IIS and database server?
Will there be any long running queries in the worker process of the IIS? Because my concern is what will happen after the queries that has successfully executed in the Database server. But since the network between the IIS and Apache is broken how can they be forwarded further to the Apache and further to the end user.
Will these queries keep on holding the resources till they are forwarded from IIS to Apache? Because they have successfully completed their tasks but because of network issue they are not being forwarded further. Or are such request stacked up somewhere by the IIS to free up the resources for the upcoming requests??
Once a request has reached IIS it will go and do the required actions, and format the reply. It will try to send the reply to the requestor but if the link has gone, it will be unable to. It will then abandon the request. Resources it is holding for that request will be freed.
To get the data it had for you, Apache has to repeat the request.

Is there something similar to named pipe transport for wcf in IIS6?

I have a web service that will only be called from the same box. In IIS 7 I have used named pipe endpoints for security and speed. the project I am working on now has the same requirements but will be on server 2003 IIS 6. What are my options to restrict access to only the local machine? Thanks!
IIS6 only supports http and wshttp protocols. You could run your WCF in a Windows Service and control everything as you do now (however that may be). There are tons of ways to secure it as well.
Self Signed certificates between the two (popular over the internet)
Windows Authentication and control list (easy on same network/domain)
UserName Password (also easy).
But if you have it working now, I would attempt to rehost into a Windows Service, which should not take away your current functionality.
You should know by the way that if use named pipes over a network, it is actually just remoting via TCP.

WFC SVC File emits HTML when called from a service client

I'm in the process of deploying a WCF service application. The service works fine if it's running as its own site, but the intention is for the service to run as a virtual directory of the Default web site of the server. When I set the service up in this configuration, I get an odd problem. When the client tries to make a service call, it receives the HTML of the friendly service description, not SOAP. Naturally this generates a service error. The HTML appears to be identical to the service page that you see in a browser with an HTTP Get, but I'm only seeing the first 1024 bytes in the error message, so I may be missing something.
I've checked HttpHandlers and loaded assemblies, and as far as I can tell there's nothing unusual that is being inherited by the virtual directory. The default site has 3 ISAPI Filters installed including Outlook Web Access (yes, this server is running Exchange). I tried installing these filters in my test web site, but it still ran the service without problems. The problem only happens with the service is running as a virtual directory of another virtual directory within the default web site.
The server is Windows Small Bus Server 2003 SP 2 running IIS6.
If you're hosting WCF in IIS you need to set the server up in the 'Application Role' check out the following link does that help:
MSDN: Internet Information Service Hosting Instructions