Request a Reactivation
Now under the Support tab on the top navigation there is a link to a form where our clients can request reactivation of their software when they have moved to a new server or reinstalled their software.
http://www.port80software.com/support/reactivationrequest.asp
 

Major Version Upgrade Request
In need of a quote for a major version upgrade? You can now use our new form located at http://www.port80software.com/contact/upgrades.asp. You can also find the link to our form following Contact / Major Version Upgrade.
 

Software Evaluation & Licensing Guide
Found under Support / Licensing and Upgrades, this guide covers information on how to activate your product, terms of our trials, etc.
http://www.port80software.com/support/licensing.asp

Product Upgrade Releases

CacheRight 4.1.0

• Improved the rule file mechanism so that the rules now reload automatically following any change to the rules.cr file.
• Improved diagnostic tracing.

httpZip 3.9.13

• Fixed problem with Clear Cache button not working.
• Fixed issues preventing correct invalidation of cached items.

LinkDeny 2.2.2

• Fixed installation problem on Server 2008.
   

ServerMask 4.1.2

• Resolved certain installer issues regarding required runtimes.

ZipEnable 4.0.3

• Fixed uninstallation issue in metabase clean up.

HttpWatch
An HTTP viewer and debugger that integrates with IE and Firefox to provide seamless HTTP and HTTPS monitoring without leaving the browser window. (Supports HTTPS, compression, redirection & chunked encoding)
http://www.httpwatch.com/

Web Page Analyzer
A free web site speed test to improve website performance that incorporates the latest best practices from Website Optimization Secrets, web page size guidelines and trends, and web site optimization techniques into its recommendations.
http://www.websiteoptimization.com/services/analyze/

Firebug
Some of your web pages are taking a long time to load, but why? Did you go crazy and write too much JavaScript? Did you forget to compress your images? Firebug integrates with Firefox to put a wealth of web development tools at your fingertips while you browse.
http://getfirebug.com/network

YSlow
YSlow analyzes web pages and suggests ways to improve their performance based on a set of rules for high performance web pages. YSlow is a Firefox add-on integrated with the Firebug web development tool. YSlow grades web page based on one of three predefined ruleset or a user-defined ruleset.
http://developer.yahoo.com/yslow/

It’s well known that there is a limited amount of bandwidth on most Internet connections and anything IT administrators can do to accelerate site load time benefits not only the organization, but users as well. HTTP compression, a function built into both browsers and servers, can substantially improve site performance by reducing the amount of time required to transfer data between the server and the client. When data is encoded using a compressed format like GZip or Deflate, it introduces complexity into the HTTP request/response interaction by necessitating a type of content negotiation. This content negotiation communicates with the browser, deciding if it can or cannot handle the compressed data and sends the appropriate version of the resource to the browser.

Why use server side compression?

Most users’ knowledge of compression comes from compressed files such as .zip format that they download, extract, and open. However, compression can be used passively as well to compress documents as they are being transferred to a client’s browser. Because it’s a passive process, the server can reduce the size of the pages sent, consequently reducing the download time for users and their bandwidth usage.

You can typically reduce an HTML document to less than half of its original size, (the exact percentage saved will depend on the degree of redundancy or repetition in the character sequences in the file) saving the amount of time the client needs to download the page as well as the amount of bandwidth required. This can be accomplished without changing the way the site works, its page layout and content remain the same, the only thing that changes is the way the information is transferred between server and browser.

Keep in mind that when looking at overall savings on a site, compression rates of less than half the size may be counterbalanced by the presence of image MIME types that cannot usefully be compressed.

Acceptable File Types

Some file formats are not able to be compressed further. For instance, files that are already compressed, such as JPEGs, GIFs, PNGs, movies, and ‘packaged content’ (e.g., Zip, Gzip, and bzip2 files) are not going to compress significantly further with a simple HTTP compression filter. Therefore, you are not going to get a noticeable benefit from compressing these files.

If bandwidth savings is the primary goal, the strategy should be to compress all text-based output. Ideally, this should include not only static text files (such as HTML and CSS), but files that produce output in text media MIME types (such as ASP and ASP.NET files), as well as files that are text-based but of another media type (such as external JavaScript files). Heavily formatted pages, for example those that make heavy use of tables (repetitive formatting content) may compress even further, sometime to as little as one-third of the original size.

What tool works the best for you?

On Microsoft IIS 4 and 5 Web servers, httpZip is the best solution for compression as it addresses a number of shortcomings in functionality, customization, and reporting on Windows 2000 that gave rise to a third party tools market. httpZip is also ideal in certain cases on IIS 6.0. However, with the launch of Windows Server 2003 and IIS 6.0, Microsoft chose to make compression functionality a priority, and their internal IIS 6.0 compression software works — though you must delve into the IIS metabase to manage it beyond a simple “on/off” decision (and there is no browser compatibility checking). You should use ZipEnable to safely unlock and greatly enhance the configuration and management options for IIS 6.0 built-in compression.

/ Port80

The 404 or Not Found error message is a standard HTTP response code that indicates when the client was able to communicate with the server but the server could not find what was requested. When a 404 is received on IIS the default settings will map the response to serve a Microsoft default 404 error page.

Webservers can be configured to display a customized error page; however, some browsers will not display this page unless they are larger than 512 bytes in size. When this happens, some browsers will replace too small pages with special 404 pages of their own. This is something that you will want to avoid; it doesn’t help your site and may just lead visitors away from your site.

People surfing to your website via a Google search or a link from another site will find it very frustrating if they come upon a generic 404 error page that shows no way to find the information they were seeking. A common problem in larger sites with complex site architecture are when pages are moved or file  or directory names changed without a 301 redirect put in place.

When someone is visiting a website and encounters a generic 404 page they will either:

a. Click on the [Back] button on their browser and try a different site.
b. Try to back up one directory in the site’s URL.
c. Write to the webmaster and make them aware of the missing page.

Personally, I’d put my money on “A”. Most people’s instinct is to just hit the Back button. It does not occur to most that they can solve the problem by choosing “B”, and they usually don’t care enough, nor have the time to choose “C”.

By building a custom 404 error page you not only catch the holes in your site architecture, but you also help to keep the potential customers that found your site. A good custom error page should consist of at the very least site navigation so that the visitor can surf to another part of your site and find what they came looking for. An even better custom error page would serve as a means to motivate the visitor in a certain direction. For instance, let’s say you really want visitors to read your blog or see the latest product that your company if offering, the custom error page can do that.

From a security perspective, when your web server dumps a generic 404 (or any other error message for that matter) it might be telling your visitors more information than they ever really wanted to know, and hackers information they’d love to see. Don’t be too nice or too descriptive in error handling messages on the public side, or you may be exposing a larger attack surface to hackers.

How to Create a Custom 404 Error Page in Microsoft IIS

1. Create Your Custom 404 Error Page - Use a text editor or an HTML editor to create your custom page on your server. You can name it anything you wish. (i.e. /404-error-page.htm or /not-found.htm). 
2. Open Internet Service Manager - From the server desktop, launch the Internet Services Manager (usually located at Start->Programs->Administrative Tools->Internet Services Manager)
3. Click the [+] to the left of the server name
4. Right-click on “Default Web Server” (or whatever you have named it), and click on “Properties”
5. Locate the Custom Errors Tab - Click on the Custom Errors tab.
6. Identify the Error that you would like to edit – Select 404 from the list and click “Edit Properties”. 
7. Use the Browse button to locate the custom file you created (i.e. /not-found.htm) and click OK. Keep clicking OK to dismiss the windows; close Internet Service Manager.

On a lighter note, if you have the time take a visit to 404 Research Lab, a site devoted to nothing but error pages, with a huge gallery of examples good, bad, cute, and crude. Pick up some useful hints, find out who invented the 404 error page, or read their loving tribute to error pages as peaceful oases.

/ Port80

Information leakage and improper error handling happen when web applications do not limit the amount of information they return to their users. Web applications have the potential of leaking information about the version of web server (IIS, Apache, etc..) you are running, operating system, patch levels, and name and versions of web applications (PHP, SSL, SQL) your site may be utilizing. This in itself is an important lack of security, but showing detailed error bugs or debug code is as well.

“Web applications will often leak information about their internal state through detailed or debug error messages. Often, this information can be leveraged to launch or even automate more powerful attacks,” OWASP says.

An attackers’ main purpose is getting error messages from the web application because the more information these messages have, the greater the chance the attacker will have of hacking the website. To get error messages, the user will force susceptible situations where errors may occur. A classic example of improper error handling is when an application doesn’t sanitize SQL error messages that are returned to the user. Upon receiving a SQL error message an attacker will immediately identify injection flaws.
An Example of Improper Error Handling

Warning: odbc_exec() [function.odbc-exec]: SQL error: [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near ‘\’., SQL state 37000 in SQLExecDirect in C:\xampp\htdocs\changepw.php on line 134

Warning: odbc_do() [function.odbc-do]: SQL error: [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near ‘\’., SQL state 37000 in SQLExecDirect in C:\xampp\htdocs\changepw.php on line 136

Warning: odbc_fetch_row(): supplied argument is not a valid ODBC result resource in C:\xampp\htdocs\changepw.php on line 138

Converting 5xx to 404s

By obscuring a 5xx response to display as a common 404 error, which you can in turn display as a custom 404 you are effectively blocking your attacker from finding out important information about your server.

“The 404 status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable”

Port80’s ServerMask was designed to mask the information generated via error messages, encouraging misguided exploits and snaring attackers with your firewalls. ServerMask augments your defenses to build more secure networks and return better results on security audits. A unique feature built into ServerMask is the ability to replace user generated 5xx errors with 404 errors instead preventing a would-be attacker from pre-attack reconnaissance. ServerMask not only obfuscates the server banner string, but also re-arranges the HTTP response header field order, to mimic servers like Apache, obscures internal server generated cookies, and even has the ability to pose as a random HTTP server for every HTTP request.

/ Port80

- - - -

From Tom Woolums’ Blog :

Here’s a list of on-line resources for IIS 7 users: 

IIS 7.5 Product Information - Describes the features and benefits of IIS 7.5 in Windows Server 2008 R2

Hosting Guidance for the Microsoft Web Platform - An in-depth series of articles with information about planning, installing, configuring, managing, and hosting IIS Web Server deployments

IIS 7 Configuration Reference - Provides a comprehensive reference of the XML-based configuration elements used in IIS 7 configuration files

Windows PowerShell for IIS - Describes Windows PowerShell the provider and cmdlets for configuring and managing IIS 7

• Web Administration (IIS) Provider for Windows PowerShell
• Web Server (IIS) Administration Cmdlets in Windows PowerShell

Internet Information Services 7 Development - A complete guide and reference for developing applications that customize, extend, and automate IIS functionality

Web Server Articles on Microsoft TechNet Library - Pointers to on-line help and how-to articles for IIS 7 and IIS extension modules

HTTP Status Codes - This MS Support article provides a list of common status codes that are recorded in the IIS Log and/or displayed in the browser when IIS responds to HTTP requests

Extending IIS 7 - This page provides information about modules that extend and customize IIS 7 along with links to the download pages

IIS 7 FAQ - Answers to questions frequently asked by IIS 7 users

(source http://blogs.iis.net/tomwoolums/archive/2010/01/13/handy-links-for-iis-7-users.aspx )

• Nov 2009 - IIS SEO Tool Kit released– Making it easier to optimize your Website for search engines. For IIS 7.
• Nov 2009 - IIS Application Request Router 2 released – A powerful module that provides routing and load balancing capabilities for Windows and IIS. For IIS 7.
• Nov 2009 – URL Rewrite Module v2 released - Microsoft URL Rewrite Module 2.0 for IIS 7 is an incremental release that includes all the features from version 1.1, and adds support for outbound response headers and content rewriting.
• Oct 2009 - IIS 7.5 Launched with Windows 7 and Windows 2008 R2
• Oct 2009 – IIS Media Services 3.0 released - A set of extensions for Internet Information Services 7 (IIS) that provide an integrated HTTP-based media delivery platform.
• Sept 2009 - Microsoft reports attacks using IIS vulnerability.
• Aug 2009 - Microsoft investigates newly reported IIS flaw.
• June 2009 – Microsoft issues patches, including one for IE exploit.
• May 2009 - Attackers exploit IIS hole to breach university server.

~ Port80

Gerhard Eschelbeck of Webroot puts together his list of some of the biggest security trends of 2009, and predictions for what he believes will be ahead in 2010.
Internet Security Trends – A Look Back at 2009, A Look Ahead to 2010

Lloyd Borrett from AVG (AU/NZ) predicts greater criminal activity to steal money, identities and computer resources etc in 2010 using more and more sophisticated techniques. How prepared are you?
Internet Security Predictions for 2010 by Lloyd Borrett, AVG (AU/NZ)

Jim Goldman, of CNBC’s Tech Check, lists his predictions for the 2010 tech market.
Predictions 2010: Technology

Back in January of 2009, Tim Berry of Small Business Trends magazine guessed at which would be the top 10 trends in software publishing for 2009.
Top 10 Software Publishing Trends for 2009

1. People will figure out what Google Wave is actually for

Google Wave is pretty cool, but what exactly is supposed to do? Combining email, instant messaging, wikis, and social networking in a way never seen before, it’s a Swiss Army Communication system; no wonder people aren’t sure what to do with it. In 2010 we’ll figure Wave out for sure.

2. Twitter amusement and annoyance will continue

Useless babble 140 characters at time will continue en masse and a few more folks will also figure out how to harness Twitter for useful business purposes. We just hope we are one of those lucky few!  Dang this message is too long to Tweet, #$#% twitter.

3. Cloud computing will be in the forecast

Windows Azure Platform going commercial in February is obviously a big deal for Microsoft shops. Plus, Amazon’s AWS now supports Windows 2008, and don’t count Google out.  The long-term forecast for cloud computing looks bright.   But current conditions remain unsettled, with scattered cost issues, flurries of accountability, and  possibly a major security front still to come–not to mention a strong chance of horrible weather metaphors continuing well into 2010.

4. IIS will get even better and Apache folks won’t care

IIS 7.5 will make major headway in the Web server market in 2010.  Meanwhile, the few Apache fas who happen to notice this will continue to claim they invented everything IIS does right, avoid any of the little details they didn’t work out, and cite surveys that over-sample parked pages and dead domains to claim world domination.  These aren’t flame wars anymore, they’re more like the eternal flame, so of course we stoke away!

5. Look HTML5!  It’s alive!

Yes HTML is back, and it’s mad! (Probably because it saw what people did with it on MySpace.) Open Web people will claim that HTML5 does everything short of curing the common cold, and yet somehow avoid owning up to the fact that many aspects of the specification are just documenting long-existing Internet Explorer features.  Pssst…Microsoft invented Ajax in IE5–you could look it up!

6. Steve Jobs will talk about something amazing

He always does, because it is one of his favorite words “amazing.”  The man excels at Marketing 101: if you say it enough times, it must be true!  In 2010 maybe it will be a tablet, maybe some new iPhone, maybe it will just be a small bug fix for the latest MacOS release but, whatever it is, you can sure it will be *amazing*!

7. Free things online will still not really be free

More people will discover and be shocked by the disturbing news that everything Google does isn’t really free, that open source does cost money, and in fact that everything that is worth something does cost you in some sense–even when it’s online. The illusion that the Web is the world’s biggest, all-you-can-eat free lunch buffet will continue, but it will begin to dawn on more and more people that you have to rent the fork for $5 dollars or your privacy rights, whichever you value less.

8. Release cycles will reach Internet speed

What’s with waiting years for software releases? Windows 7 is *so* 2009.  And Server 2008?  Please, that was, like, two years ago already. In today’s fast-paced world, we want and deserve a new operating system every day of the week! How about Windows Monday, Windows Tuesday, and our favorite, Windows Friday Night. Apple will of course have to match this new development by releasing new cat-named builds as fast as possible.  Get ready for Calico, Tabby, Siamese, Persian, …

9. Google vs. Microsoft! Fight!

Come on now, admit it, we can’t have technical trade journalism without some major “us versus them.” So be prepared to be exposed to this meme until your eyes and ears bleed. Whether it makes sense technologically or not (Bing aside, how much of what these two companies do is really zero-sum competition with one another?), it drives a whole industry press, so it can’t possibly end until the next all-consuming rivalry is queued up and ready to go. The only change to this year’s script: which firm gets stuck with the role of “evil empire” will likely become a serious matter for debate for the first time.

10. SDVP will ship

Yes it seems like a unicorn; in fact maybe even a unicorn named Trevor, with camouflage patterned fur and an eye patch.  But it’s real! No, not Trevor.  SDVP is real! It’s been running on our site for months and now it’s finally ready to fly. Look, stop thinking about Trevor already.  He’s imaginary, okay?  We are talking about our great new Web Application Firewall, ServerDefender VP.  After two-plus years in development, SDVP will soon be brightening up the new year of every IIS administrator who needs a first-rate WAF solution pronto, and without breaking the bank. What, you really thought we weren’t going to work a plug into this list!? 

So there you have it: 9 predictions of a more-or-less dubious nature, plus one that seems too good to be true, but is actually going to happen.  And no we aren’t talking about Trevor.

~ Port80

The future looks bright at Port80 with a major httpZip update with IIS 7/7.5 and Windows 2008 support in early 2010. ServerDefenderVP, our new powerful Web Application Firewall is in its final shakedown as you read this.  By the time you are back to work it might be already out or very shortly after, in time for you to deal with your New Year’s resolution to really lock your Web site/application down.

We look forward to continuing to provide our customers with the professional tools they have come to expect and the device compatibly they can use. We wish all of our clients a happy holiday and a very productive and profitable New Year.

Thank you for your continued patronage.

From all of us at Port80