Microsoft has launched their new Windows Server 2016 and previously we have discussed about new features in Windows Server 2016. As developer, you might very enthusiast with this release. In this article, we will discuss about IIS 10 in Windows Server 2016. What’s interesting and new feature that offered by IIS 10?
1. HTTP/2
In the 2nd technical previews’ of Windows Server 2016 and in Windows 10, HTTP/2 is by default enabled and in IIS 10 it’s the same thing, so you need not enable it twice in the value registry, and no need for a reboot.
To confirm whether you’re using HTTP/2, just open the web browser (here, we’ll use Chrome) and connect your secure website hosted on IIS 10. In a second tab, type:
Chrome: //net-internals/#spdy
Refresh your web page (Ctrl +F5) and you’ll see the request listed with a protocol negotiated value of h2. If you are using Firefox (39), use F12 tools and headers on the Network tab will show the version: HTTP/2.0. In IE (Internet Explorer) 11, it doesn’t show any difference in their F12 tools.
2. Wildcard Host Header
The most awaited feature, as earlier version up to 8.5 only specify a full host name in the binding for a website. In IIS 10 we have certain options:
New-WebBinding -Name "Your Default website" -<span id="74d6ac0c-9303-4cd1-b751-3178b7a79df6" class="GINGER_SOFTWARE_mark">IPAddress</span> "*" -Port 80 -<span id="d93e52de-1b4d-40e3-96f1-4c1b337c215e" class="GINGER_SOFTWARE_mark">HostHeader</span> "*<span id="c2aa62e1-586d-4437-a19a-8644592bd7ad" class="GINGER_SOFTWARE_mark">.</span><span id="3ed06024-33f2-43fd-8c7c-ef88c66db2d9" class="GINGER_SOFTWARE_mark">foo</span><span id="2f4aefcf-8854-4c07-b4de-d8f2818c3232" class="GINGER_SOFTWARE_mark">.</span>bar"
This all means that you are able to point multiple host names to the same website.
Now, it is possible to use site1.foo.bar and Site2.foo.bar, however, you should have your DNS server or hosts file set up, so they both will go to the same site.
For server1.departmetn.foo.bar, the above steps won’t work as the wildcard “*” stands for just a single “word”. So using even a binding such as “*.*.foo.bar” is invalid, similar for foo.*.bar. The wildcard has to be the leftmost character.
To make that work add a binding as follows:
New-WebBinding -Name "Your Default website" -<span id="fa93cae4-ed0c-48c9-a943-11fb03ce2ea6" class="GINGER_SOFTWARE_mark"><span id="8dcc3054-e8d0-47fe-b119-abf26a468d84" class="GINGER_SOFTWARE_mark">IPAddress</span></span> "*" -Port 80 –<span id="81f619b7-426b-487c-92d8-5791a677a7ec" class="GINGER_SOFTWARE_mark"><span id="ef760efd-599d-4007-ac95-849ff0612258" class="GINGER_SOFTWARE_mark">HostHeader</span></span> "*.department.foo.bar"
3. New IISAdministration PowerShell module
The existing PowerShell module has hardly changed, but the IIS team included a second module with direct access to ‘Microsoft.Web.Administration.ServerManager’ object.
Get-command -Module IISAdministration | Select Name
4. Environment Variables for Applications Pools
Though, there is no UI, you can specify environment variables per app pool.
Add-WebConfigurationProperty -value @<span id="4f2f369d-850e-4e38-9ee6-df2c24bc2cad" class="GINGER_SOFTWARE_mark"><span id="472a5bd0-7b1a-48f0-b03a-48aec09dee31" class="GINGER_SOFTWARE_mark">{</span></span>name='TestVar';value='46'} -filter "system<span id="2b0fb4cf-db59-40d4-aa67-ed53351eb2a2" class="GINGER_SOFTWARE_mark"><span id="456aed0f-758f-4c84-89bd-ee60673ea76d" class="GINGER_SOFTWARE_mark">.</span></span><span id="5049562b-260d-4279-ae0c-30fdea9eff80" class="GINGER_SOFTWARE_mark"><span id="d767cf59-59ed-4cd9-90ef-4c8396d8db9a" class="GINGER_SOFTWARE_mark">applicationHost</span></span>/<span id="b18f79ce-b89c-483f-9f8f-4b1349120088" class="GINGER_SOFTWARE_mark"><span id="341d08ee-885e-48ae-90f9-0ee91282827b" class="GINGER_SOFTWARE_mark">applicationPools</span></span> /add<span id="20f70eb6-91f9-4eec-a0bf-147979b1b37b" class="GINGER_SOFTWARE_mark"> <span id="d23477c0-e73e-413b-bcaf-43c22b4e28f7" class="GINGER_SOFTWARE_mark">[</span> </span>@name='DefaultAppPool'<span id="d34d1f8c-2236-4c02-b7d0-b29342a1215b" class="GINGER_SOFTWARE_mark"><span id="5700c4e1-e784-424b-8f5a-f8f80dc4da72" class="GINGER_SOFTWARE_mark">]</span></span>/<span id="61c7aedd-bd8e-4f72-a3e6-7030bcc74699" class="GINGER_SOFTWARE_mark"><span id="cb091edd-3b1e-4608-9cd9-9b4b7fc5f807" class="GINGER_SOFTWARE_mark">environmentVariables</span></span>" -<span id="9a8ffd92-f6c6-430e-b320-2c0bb497d0d1" class="GINGER_SOFTWARE_mark"> <span id="43f531f7-4b0b-4eb4-9ee8-3db9a5453278" class="GINGER_SOFTWARE_mark">pspath</span> </span> 'MACHINE/WEBROOT/APPHOST' -name "."
5. HTTP status code 308
For the HTTP redirect module:
Install-<span id="390eb305-2ea7-4c42-b028-6f386a5b0e52" class="GINGER_SOFTWARE_mark"><span id="51387e16-cc9e-40e8-b5db-4e6e4012fc76" class="GINGER_SOFTWARE_mark">WindowsFeature</span></span> Web-Http-Redirect
6. Server header Removal
Yet, no UI available, but we can:
Set-<span id="3c033c62-d590-4040-8ba2-2fcc2178a62f" class="GINGER_SOFTWARE_mark"><span id="21d323f6-160e-4ff8-b1d0-7f0267f7be0e" class="GINGER_SOFTWARE_mark">webconfigurationproperty</span></span> –<span id="beb85b85-94f4-43aa-99c9-560d6ca08056" class="GINGER_SOFTWARE_mark"> <span id="4e602e32-0f48-485b-a791-8b5621213e0b" class="GINGER_SOFTWARE_mark">papath</span> </span> ‘machine/webroot/<span id="ec821edf-7a55-4388-910e-58118cfc907e" class="GINGER_SOFTWARE_mark"><span id="3b300b12-1260-4b91-9636-4903708d443e" class="GINGER_SOFTWARE_mark">apphost</span></span>/your default website’ –filter “system<span id="b91aaf5e-2117-4670-b4fe-90b24baf38d1" class="GINGER_SOFTWARE_mark"><span id="4d2eed1a-7ed1-4c0e-932f-a27a0065e24c" class="GINGER_SOFTWARE_mark">.</span></span>webserver/security/ <span id="f75e9a33-dbb7-4ab2-973a-cd37a88beb4c" class="GINGER_SOFTWARE_mark"> <span id="f1d165ae-4961-4b37-b824-0931937bbbd4" class="GINGER_SOFTWARE_mark"> requestfiltering</span></span>” –name “<span id="b30a6a07-ddc0-48cd-a772-68b3ae3ee1ba" class="GINGER_SOFTWARE_mark"><span id="51fb4366-1263-4295-b64d-ba1e9a0d4b17" class="GINGER_SOFTWARE_mark">removeserverheader</span></span>” –value “true”
Or on the server level:
Set-<span id="79dcec70-e461-4109-97e5-62fadbd494ee" class="GINGER_SOFTWARE_mark"><span id="69ae44f4-0bdd-4d14-ada3-b163cb5a792c" class="GINGER_SOFTWARE_mark">webconfigurationproperty</span></span> –<span id="e9565b2a-fd3d-4536-b6c7-fe11ca1ade68" class="GINGER_SOFTWARE_mark"> <span id="24ecdd29-8807-42e2-8b2c-b8c6935955ee" class="GINGER_SOFTWARE_mark">pspath</span> </span> ‘machine/webroot/<span id="20089345-9c42-468b-bee8-3cde16427f3f" class="GINGER_SOFTWARE_mark"><span id="efb62dfd-baaf-4d53-afa7-99a21812f6c6" class="GINGER_SOFTWARE_mark">apphost</span></span>’ –filter “system<span id="132cad72-017c-4d8c-aa96-a7c345d34551" class="GINGER_SOFTWARE_mark"> <span id="ab52da6c-4ef7-4eb6-af70-7c147f61ee20" class="GINGER_SOFTWARE_mark">. </span></span>webserver/security/<span id="fe7b8fad-1f2c-42b1-9c5f-8d4eb5f10768" class="GINGER_SOFTWARE_mark"><span id="c596a4a8-f506-470f-a614-50d70a168839" class="GINGER_SOFTWARE_mark">requestfiltering</span></span> ” –name “<span id="f8ff62d0-5382-41c5-bab4-5d5c53ed6c0a" class="GINGER_SOFTWARE_mark"><span id="848f7d01-b12f-4c2a-8e5f-65d016f5782e" class="GINGER_SOFTWARE_mark">removeserverheader</span></span>” –value “true”
So, the header will no longer send:
Server: “Microsoft-IIS/10.0”
7. Failed Request Tracing
To trace failed request:
<span id="751e7f75-c969-4d24-974d-287d0209dc7e" class="GINGER_SOFTWARE_mark"> <span id="6db60af9-527e-4ca6-88ca-ad223e83b34a" class="GINGER_SOFTWARE_mark">traceAllAfterTimeout</span> </span>
8. New cipher suites
Supports two additional cipher suites:
tls_ecdhe_rsa_with_aes_128_gcm_sha256 tls_ecdhe_rsa_with_aes_256_gcm_sha384
The first Cipher is noteworthy, as Google’s Chrome web browser also uses it. To download the Cipher list and extract the zip, run:
.\sslyze.exe –regular www.yoursite.com