Allow popups from certain websites using a group policy object

August 1, 2012 Leave a comment

If you need to allow pop ups from specific websites when using Internet Explorer in your environment, you can enable them by using the ‘Pop-up allow list’ setting in the relevant group policy object (GPO).

Simply edit the relevant GPO, adding the addresses of web sites that you wish to allow pop ups for. The setting can be found under:

Computer Configuration, Administrative Templates, Windows Components, Internet Explorer, Pop-up allow list

Or

User Configuration, Administrative Templates, Windows Components, Internet Explorer, Pop-up allow list

Allow pop ups in Internet Explorer using the ‘Pop-up allow list’ setting in a group policy object

Filed under Windows Tagged with , , ,

Which firewall ports to open to allow browsing of instance names and connections to SQL Server 2008 R2

July 16, 2012 Leave a comment

By default Windows Server 2008 will block incoming connections to the SQL Server browser service, and to the SQL server default instance. If you are trying to connect to a SQL server instance, but are unable to browse to it under ‘network servers’ you need to open UDP port 1434. Firstly make sure the SQL Server Browser Service is started on the SQL server that you wish to advertise the instance for. Next fire up the ‘Windows Firewall with Advanced Security’ mmc snapin and create a new inbound rule. Create the rule for a port and specify the port as UDP port 1434 as shown below:

Allow incoming connections to named instances by opening UDP port 1434

To allow clients to connect the default instance and to access databases attached to that instance you will also need to open TCP port 1433. This can be done as above, by creating a new incoming rule for TCP port 1433 as shown below:

Open TCP port 1433 on SQL server 2008 R2 to allow connnections to the default instance

If desired you may wish to lock down these rules to certain profiles e.g. Domain, or even to certain subnets or hosts to help increase security. Also bear in mind that it is not best practice to have the SQL Browser Service enabled. Additional relevant SQL ports which you may wish to open can be found on the Microsoft site here:

Configure the Windows Firewall to allow SQL Server Access

These include:

TCP 1434 “SQL Admin Connection”
TCP 4022 “SQL Service Broker”
TCP 135 “SQL Debugger/RPC”
TCP 2383 “Analysis Services”
TCP 2382 “SQL Browser”

If using a named instance using dynamic ports you may wish to create a program rule with an exception for sqlservr.exe, normally found in

%ProgramFiles%\Microsoft SQL Server\MSSQL_YOUR_VERSION_NUMBER.YOUR_INSTANCE_NAME\MSSQL\Binn\

You may also wish to consider opening remote administrion ports on the windows firewall Domain Profile either through ‘Windows Firewall’ or ‘Windows Firewall with Advanced Security’ to allow access to start and stop the SQL server through SQL Management Studio:

Enable Remote Administration Port Rules in ‘Windows Firewall With Advanced Security’

 

Enable Remote Administration in the ‘Windows Firewall’

 

Always take extreme care when opening firewall ports, only opening those which are absolutely necessary in order to reduce the attack surface of your servers.

Filed under Windows Tagged with , , , , , , , , , ,

Using and verifying HTTP compression on aspx pages in IIS 6

June 28, 2012 Leave a comment

Yesterday I was examining some performance issues with an in house web application over our wide area network. While a developer looked at the code I thought I would see what could be done with http compression. This particular application is hosted on IIS 6 which is unfortunate as there some improvements with http compression in IIS 7. Anyway to enable http compression for aspx or other associated web pages in IIS6 you need to do the following. Firstly enable http compression on the server by right clicking on the ‘Web Sites’ folder in IIS Manager and choosing properties:

Accessing web sites properties

Next, click on the ‘Service’ Tab and check the ‘compress application files’ and ‘compress static files’ tick boxes and then choose a limit for temporary files. Then click OK

Next, download and install the IIS 6 resource kit tools from Microsoft which can be found here. Once the tools are installed open ‘Metabase Explorer’ and navigate to LM, W3SVC, Filters, Compression, deflate. Add the file extensions you wish to compress to HcScriptFileExtensions, in this case aspx, axd, asmx and css. Then change the HcDynamicCompressionLevel to a value between 1 and 10, 1 for low compression with low CPU utilisation, and 10 for high compression with high CPU utilisation. Setting this to a high value such as 9 may not necessarily give that much higher compression than choosing 5, so be careful to choose a value which is a good balance between compression and performance. Then apply identical settings for HcScriptFileExtensions and HcDynamicCompressionLevel  under LM, W3SVC, Filters, Compression, gzip

Modifying HcScriptFileExtensions and HcDynamicCompressionLevel in Metabase Explorer

 Save the configuration in IIS manager and then perform an iisreset from the command prompt.

You can verify the amount of compression you are are getting using a tool such as Fiddler or alternatively browser plugin Httpwatch.

To do this using Fiddler, download and install Fiddler and then run the program. Then access the website as normal, accessing some of the pages that you are attempting to compress. Once you have some entries in the ‘Web Sessions’ pane, click on the page you want to view the compression stats for in the list. The number in the ‘body’ column is the compressed size. In the bottom right section of Fiddler, click on ‘Transformer’ and you will see the compression type:

View compression status in Fiddler

View compression status in Fiddler

You will notice the yellow bar above the ‘transformer’ tab which says ‘Response is encoded and may need to be decoded before inspection, click here to transform’. Click on the yellow bar:

View original entity size before compression status in Fiddler

On this screen examine the ‘Entity Size’ which will be the original size of the page before compression. You can compare this to the body column to see the amount that the page has been compressed, in this case around a 27% saving on bandwidth.

Filed under IIS, Windows Tagged with , , , , , , , , , , , ,

Older posts

Newer posts