The information in this post is out of date and should not be used as a guidance when configuring IP SSL for Azure Web Apps. Specifically if your custom domain is a CNAME to the default web app domain (e.g. contoso.azurewebsites.net) then it is not necessary to do any A record or CNAME changes as described in this article. The web app domains will be automatically remapped to the dedicated IP address when you enable IP SSL.
Azure Web Sites started to support custom domains SSL functionality recently. There are two SSL modes supported:
- SNI based SSL. This is an extension to SSL and Transport Layer Security (TLS) that allows multiple domains to share the same IP address, with separate security certificates for each domain. Most modern browsers (including Internet Explorer, Chrome, Firefox and Opera) support SNI, however older browsers may not support SNI.
- IP based SSL. This mode associates a certificate with a domain name by mapping the dedicated public IP address of the server to the domain name. This requires each domain name (contoso.com, fabricam.com, etc.) associated with your service to have a dedicated IP address. This is the traditional method of associating SSL certificates with a web server.
The SNI SSL setup is pretty simple and is documented in “How to enable SSL web site“. The IP SSL setup is more tricky, and unfortunately an important step is missing from that article. Without performing that step the domain name configured for IP SSL will continue to work as SNI SSL. The Windows Azure team is looking into fixing the documentation and UI workflow to prevent this confusion going forward. Meanwhile this blog post explains how to make sure IP SSL is configured correctly. Continue Reading »
ruslany on July 1st 2013 in WAWS
This morning Microsoft has released a security update that addresses the ASP.NET Security Vulnerability. The PHP applications running on IIS are subject to this vulnerability if ASP.NET is enabled in IIS.
IMPORTANT: Even if PHP applications on IIS do not use any of the ASP.NET features the vulnerability still exists as long as ASP.NET is enabled. It is recommended to install the security update as soon as possible.
The security update is available today via the Microsoft Download Center. In a next few days it will also be distributed via Windows Update channels. Once the update is on Windows Update, you can run the Windows Update on your servers to automatically apply the security patch.
If you plan to download the updates directly from Microsoft Download Center then follow the instructions in Scott Guthrie’s blog at:
ruslany on September 28th 2010 in PHP
Update on Sep 28th, 2010: The security update for the vulnerability is available. More details can be found at PHP on IIS: get the latest security updates now.
Microsoft has recently released a Security Advisory about a security vulnerability in ASP.NET. This vulnerability exists in all versions of ASP.NET. The PHP applications running on IIS are also subject to this vulnerability if ASP.NET is enabled in IIS.
IMPORTANT: Even if PHP application is not using any of the ASP.NET features the vulnerability still exists as long as ASP.NET is enabled.
More information about the vulnerability can be found at the following links:
This blog post describes how to protect you PHP applications on IIS from attacks that exploit this vulnerability. Continue Reading »
ruslany on September 22nd 2010 in PHP
Today IIS team has released the Dynamic IP Restrictions Extension for IIS 7.0 – Beta. The Dynamic IP Restrictions Extension provides IT Professionals and Hosters a configurable module that helps mitigate or block Denial of Service Attacks or cracking of passwords through Brute-force by temporarily blocking Internet Protocol (IP) addresses of HTTP clients who follow a pattern that could be conducive to one of such attacks. This module can be configured such that the analysis and blocking could be done at the Web Server or the Web Site level.
Install the Dynamic IP Restrictions Beta Today!
Microsoft Dynamic IP Restrictions for IIS 7.0 – Beta (x86)
Microsoft Dynamic IP Restrictions for IIS 7.0 – Beta (x64)
If IIS already has IPv4 Address and IP restrictions module enabled then Dynamic IP Restrictions installer will need to un-install the existing module in order to continue the setup process. Note that the existing IPv4 configuration will be preserved while old module is removed and new module is installed. Continue Reading »
ruslany on February 16th 2009 in Other
Recently I was told about Smashing Magazine, which turned out to be a pretty useful site. It is targeted for web developers and web designers and it contains tons of information, tools and freebies for web developers. One of the article on that site was about 10 Steps To Protect The Admin Area in WordPress. In that article step #7 described how to use web server’s built-in authentication to provide an extra protection layer for wp-admin directory, where all WordPress admin scripts are located. The article described how to do that in Apache by using .htaccess file. In this post I will explain how to protect WordPress wp-admin directory on IIS 7.0 by using IIS built-in Forms Authentication. Continue Reading »
ruslany on February 6th 2009 in PHP, WordPress