Fixing “IIS Metabase is required to install Microsoft UrlScan Filter v3.1”

If you are looking to remove the server header from your IIS, you will need to install URL Scan to be able to go through the settings.

UrlScan is a security tool used to restrict types of HTTP requests that IIS will process. It is a simple tool which is very helpful in blocking harmful requests to the server. It seemingly supports only IIS 5.1, IIS 6.0, and IIS 7.0 on Windows Vista and Windows Server 2008. It has been deprecated since IIS 7.5 and IIS 8. It is said that Microsoft has included the features of UrlScan in request filtering option for IIS 7.5 and IIS 8. But it definitely is not a match for the simplicity of UrlScan. Today I am going to show you how to configure UrlScan in IIS 7.5 and IIS8. (IIS 7.5 is available in Windows server 2008 R2 and IIS 8 is available in Windows Server 2012 and Windows 8 ).

Install the URLScan in your machine. Please follow the following link for that

http://www.iis.net/downloads/microsoft/urlscan

When you are trying to install it on a new server, you might get an error saying:

IIS Metabase is required to install Microsoft UrlScan Filter v3.1

To fix this issue:

  1. Open Web Platform Installer
  2. Search for metabase and install “IIS: IIS 6 Metabase Compatibility”
  3. Then, select IIS ISAPI Filters. (ISAPI filters may already be installed in IIS 7.5 )
  4. Click on Install. You are shown a review of components you selected to install. Click on I accept.
  5. The components are installed and will show you a Finish screen. Click on Finish.
  6. To check installation, go in IIS and click on your server node.
  7. Click on ISAPI filters under IIS

After installing URLScan, open the URLScan.ini file typically located in the %WINDIR%\System32\Inetsrv\URLscan folder. After opening it, search for the key RemoveServerHeader . By default it is set to 0, but to remove the Server header, change the value to 1.

Doing so will remove the Server header Server: Microsoft-IIS/7.5 (8) from the User mode response.

Advertisements

(.NET) Enable SSL Protocols for your Integrations – TLS 1.1 and TLS 1.2

Introduction

When developing integrations with external services (REST, SOAP), there is often the need to use specific SSL protocols, namely:

  • TLS 1.1
  • TLS 1.2.

While trying to use those API’s in OutSystems applications, such attempts to integrate may not work, and produce errors like:

  • The request was aborted: Could not create SSL/TLS secure channel.
  • Unsupported procotol. You need to enable TLS X.X to use this API

(other types of errors may occur, related to the required SSL protocols)

TLS 1.0 is no longer secure. Exploits exist to downgrade a connection based on TLS 1.0 to an older version of the protocol. There is no active exploit affecting all of TLS 1.1, but the downgrade attack works on some versions and installations and academically speaking, TLS 1.1’s hash functions are under threat.

If using an older SSL/TLS protocol revision you could have someone sitting on the line and taking in your data while absolutely nothing about the connection indicated it. A compromised secure connection is no different from an insecure connection, but may give a false sense of security.

The revision and deprecation of protocols is an expected, occasional thing, as encryption techniques improve and processing speeds increase over time. This deprecation and notice is for our customers’ security. Anyone keeping up with the latest developments will already be secure, but those who have not kept up to date could end up using an insecure method.

What is TLS?

Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third-party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).

Technical Resources:

Continue reading “(.NET) Enable SSL Protocols for your Integrations – TLS 1.1 and TLS 1.2”

Deleting unused indexes from SQL server to free up space and improve performance

In SQL Server, indexes can be a double-edged sword. Sure, they can make queries run faster, but at the same time, their maintenance can have a negative impact. You can improve your server’s overall performance by only maintaining useful indexes – but finding the ones you don’t need can be quite a manual process.

If you see indexes where there are no seeks, scans or lookups, but there are updates this means that SQL Server has not used the index to satisfy a query but still needs to maintain the index.

Remember that the data from these DMVs is reset when SQL Server is restarted, so make sure you have collected data for a long enough period of time to determine which indexes may be good candidates to be dropped.

Run this in SQL Server:

SELECT OBJECT_NAME(S.[OBJECT_ID]) AS [OBJECT NAME], 
       I.[NAME] AS [INDEX NAME], 
       USER_SEEKS, 
       USER_SCANS, 
       USER_LOOKUPS, 
       USER_UPDATES 
FROM   SYS.DM_DB_INDEX_USAGE_STATS AS S 
       INNER JOIN SYS.INDEXES AS I ON I.[OBJECT_ID] = S.[OBJECT_ID] AND I.INDEX_ID = S.INDEX_ID 
WHERE  OBJECTPROPERTY(S.[OBJECT_ID],'IsUserTable') = 1
       AND S.database_id = DB_ID()

Here we can see seeks, scans, lookups and updates.

The seeks refer to how many times an index seek occurred for that index. A seek is the fastest way to access the data, so this is good.
The scans refers to how many times an index scan occurred for that index. A scan is when multiple rows of data had to be searched to find the data. Scans are something you want to try to avoid.
The lookups refer to how many times the query required data to be pulled from the clustered index or the heap (does not have a clustered index). Lookups are also something you want to try to avoid.
The updates refers to how many times the index was updated due to data changes which should correspond to the first query above.

To find the ones that can be safely removed, run this:

SELECT OBJECT_NAME(S.[OBJECT_ID]) AS [OBJECT NAME], 
       I.[NAME] AS [INDEX NAME], 
       USER_SEEKS, 
       USER_SCANS, 
       USER_LOOKUPS, 
       USER_UPDATES 
FROM   SYS.DM_DB_INDEX_USAGE_STATS AS S 
       INNER JOIN SYS.INDEXES AS I ON I.[OBJECT_ID] = S.[OBJECT_ID] AND I.INDEX_ID = S.INDEX_ID 
WHERE  OBJECTPROPERTY(S.[OBJECT_ID],'IsUserTable') = 1
AND OBJECT_NAME(S.[OBJECT_ID]) = '[your table name]'
       AND S.database_id = DB_ID() AND (USER_SEEKS = 0 AND USER_SCANS =0 AND USER_LOOKUPS=0)

You can then delete the unused indexes.

Get table size of the biggest tables in a database (SQL)

Following script will return a list of all the tables in your database with a size greater than 10MB.

SELECT 
    t.NAME AS TableName,
    s.Name AS SchemaName,
    p.rows AS RowCounts,
    SUM(a.total_pages) * 8 AS TotalSpaceKB, 
    CAST(ROUND(((SUM(a.total_pages) * 8) / 1024.00), 2) AS NUMERIC(36, 2)) AS TotalSpaceMB,
    SUM(a.used_pages) * 8 AS UsedSpaceKB, 
    CAST(ROUND(((SUM(a.used_pages) * 8) / 1024.00), 2) AS NUMERIC(36, 2)) AS UsedSpaceMB, 
    (SUM(a.total_pages) - SUM(a.used_pages)) * 8 AS UnusedSpaceKB,
    CAST(ROUND(((SUM(a.total_pages) - SUM(a.used_pages)) * 8) / 1024.00, 2) AS NUMERIC(36, 2)) AS UnusedSpaceMB
FROM 
    sys.tables t
INNER JOIN      
    sys.indexes i ON t.OBJECT_ID = i.object_id
INNER JOIN 
    sys.partitions p ON i.object_id = p.OBJECT_ID AND i.index_id = p.index_id
INNER JOIN 
    sys.allocation_units a ON p.partition_id = a.container_id
LEFT OUTER JOIN 
    sys.schemas s ON t.schema_id = s.schema_id
WHERE 
    t.NAME NOT LIKE 'dt%' 
    AND t.is_ms_shipped = 0
    AND i.OBJECT_ID > 255 
GROUP BY 
    t.Name, s.Name, p.Rows
	HAVING SUM(a.total_pages) * 8 / 1024.00 > 10
ORDER BY 
   TotalSpaceMB Desc

tableSize

10 Mistakes People make during an interview for a software role

Here are the top 10 mistakes people make during a coding interview for a software developer job.

#1 | Practicing on a Computer
If you were training for an ocean swim race, would you practice only by swimming in a pool? Probably not. You’d want to get a feel for the waves and other”terrain”differences. I bet you’d want to practice in the ocean, too.
Using a compiler to practice interview questions is like doing all your training in the pool. Put away the compiler and get out the old pen and paper. Use a compiler only to verify your solutions after you’ve written and hand-tested your code. Continue reading “10 Mistakes People make during an interview for a software role”

How to Add xml:lang=”en-GB” to XmlTextWriterSettings

I’ve written in the past about XML & languages, and why you might be interested in being aware of the language associated with text. xml:lang is your friend, as you can tell from these older posts.

Something that is a bit special about xml:lang is that xml is a reserved namespace. From http://www.w3.org/TR/REC-xml-names/#xmlReserved

The prefix xml is by definition bound to the namespace name http://www.w3.org/XML/1998/namespace. It MAY, but need not, be declared, and MUST NOT be bound to any other namespace name. Other prefixes MUST NOT be bound to this namespace name, and it MUST NOT be declared as the default namespace.

Here is the code you can use to write an xml:lang attribute.

XmlWriterSettings settings = new XmlWriterSettings();
settings.Indent = 
true;

using
 (StringWriter textWriter = new StringWriter())
using (XmlWriter writer = XmlWriter.Create(textWriter, settings))
{
writer.WriteStartElement(
“e”);

writer.WriteStartElement(“t1”);
writer.WriteAttributeString(
“xml”“lang”null“en-US”);
writer.WriteString(
“Hello, world!”);
writer.WriteEndElement();

writer.WriteStartElement(“t2”);
writer.WriteAttributeString(
“xml”“lang”null“es-AR”);
writer.WriteString(
“¡Hola, mundo!”);
writer.WriteEndElement();

writer.WriteEndElement();
writer.Flush();

  Trace.WriteLine(textWriter.ToString());
}

 

Here is the traced output.

<?xml version=”1.0″ encoding=”utf-16″?>
<e>
<t1 xml:lang=”en-US”>Hello, world!</t1>
<t2 xml:lang=”es-AR”>¡Hola, mundo!</t2>
</e>