Standing behind our Liquid Web Cloud Sites product, are server racks full of both powerful and stable Linux and Windows servers which power well over 100,000 sites and applications. Every Windows-based package is served from these clusters that are built and optimized especially for Windows. All Linux-based packages are also served from these same brawny server clusters created and specifically optimized for Linux. We use advanced load balancing technologies to automatically detect the type of technology you are running and route each request to the proper pool of servers.
Continue reading “Choosing Your Cloud Sites Technology Setup”Tag: IIS
How to Password Protect Folders in IIS and Plesk
Introduction
When reviewing your servers security, it is critical for businesses to ensure that while building new sections of your website, that we do not leave it unsecured or visible to users while it is being built. With this in mind, there are several ways for you to “lock” a folder or domain while it is being developed. This will safeguard a folder or an entire site using the security feature built into IIS and Plesk called password protection. In today’s article we will see how easy it is to restrict access to a site or a folder.
Continue reading “How to Password Protect Folders in IIS and Plesk”How to Install Apache on a Windows Server
Preflight Check
This guide was written for a 64-bit Windows server since a modern server is more likely to utilize that platform. There are also a few potential issues with Apache on a Windows 32-bit systems (non-64-bit) which you should be aware of and can be reviewed here. Downloading Apache: While there are several mirrors to choose from for downloading the pre-compiled Apache binaries for windows, we’ll be using ApacheHaus for our purposes. Download Here: Apache 2.4.43 with SSL (This is the 64-bit version with OpenSSL version 1.1.1a included). If you would like to utilize an alternate version they are listed here: Available Versions PageInstall Apache on Windows
We will assume that you have installed all the latest available updates for your version of Windows. If not, it is critical to do so now to avoid unexpected issues. These instructions are specifically adapted from the directions provided by ApacheHaus where we obtained the binary package. You may find the entire document in the extracted Apache folder under the file “readme_first.html”.Visual C++ Installation
Before installing Apache, we first need to install the below package. Once it has been installed, it is often a good idea to restart the system to ensure any remaining changes requiring a restart are completed.- Download the Visual C++ 2008 Redistributable Package and install it.Note:Download the x64 version for 64-bit systems.
- Restart (optional but recommended).
Apache Installation
- Extract the compressed Apache download. While you can extract it to any directory it is the best practice to extract it to the root directory of the drive it is located on (our example folder is located in C:\Apache24). This is the location we will be using for these instructions. Please note that once installed you can see Apache’s base path by opening the configuration file and checking the “ServerRoot” directive).
- Open an “Administrator” command prompt. (Click the Windows “Start” icon, then type “cmd”. Right-click the “Command Prompt” item which appears, and select “Run As Administrator.”)
- Change to the installation directory (For our purposes C:\Apache24\bin).
- Run the program httpd.exe.
- You will likely notice a dialogue box from the Windows Firewall noting that some features are being blocked. If this appears, place a checkmark in “Private Networks…” as well as “Public Networks…”, and then click “Allow access.”
- As noted in the ApacheHaus instructions:
- Now that you have confirmed the Apache server is working and shut it down, you are ready to install Apache as a system service.
- In your Command Prompt window, enter (or paste) the following command:
httpd.exe -k install -n "Apache HTTP Server"
Output:
Installing the 'Apache HTTP Server' service
The 'Apache HTTP Server' service is successfully installed.
Testing httpd.conf....
Errors reported here must be corrected before the service can be started.
(this line should be blank)
- From your Command Prompt window enter the following command and press ‘Enter.’
services.msc
- Restart your server and open a web browser once you are logged back in. Go to this page in the browser’s URL bar: http://localhost/
Configure Windows’ Firewall
To allow connections from the Internet to your new web server, you will need to configure a Windows Firewall rule to do so. Follow these steps:- Click the “Windows Start” button, and enter “firewall.” Click the “Windows Firewall With Advanced Security” item.
- Click “New Rule” on the right-hand sidebar.
- Select “Port,” and click Next. Select the radio button next to “Specific remote ports:” Enter the following into the input box: 80, 443, 8080
- Click Next, then select the radio button next to “Allow the connection.”
- Click Next, ensure all the boxes on the next page are checked, then click Next again.
- For the “name” section, enter a description that is familiar enough that you will be able to recognize the rule’s purpose later such as: “Allow Incoming Apache Traffic.”
- Click “finish.”
- Try connecting to your server’s IP address from a device other than the one you are using to connect to the server right now. Open a browser and enter the IP address of your server. For example, http://192.168.1.21/. You should see the test web page.
- For now, go back to the Windows firewall and right-click the new rule you created under the “Inbound Rules” section. Click “Disable Rule.” This will block any incoming connections until you have removed or renamed the default test page as it exposes too much information about the server to the Internet. Once you are ready to start serving your new web pages, re-enable that firewall rules, and they should be reachable from the Internet again.
5 Android/iPhone Apps for IT Admins
How to Secure a Site in IIS
Add the Site to IIS
To add a website in IIS (Internet Information Services), open up the IIS manager, right-click on Sites, and select Add Website.
Set the Anonymous User
Technically that is all you need to do to set up a site in IIS; however, the site may or may not work, and the security settings on the site are not optimum. The next step in securing your site is to configure the IIS user that will access your files. To do this, you will need to change the associated Anonymous user and make a few security changes on the website’s content folder. In IIS, select your new site on the left, in the main window double click on Authentication, select Anonymous Authentication, and then click “Edit…” on the right action bar.
What is IUSR in IIS?
By default, a new site in IIS utilizes the IUSR account for accessing files. This account is a built-in shared account typically used by IIS to access file content. This means that it will use the application pool’s identity (user) to access file content. It may be okay to leave this configured if you only plan on hosting one domain; however, when it comes to hosting multiple domains, this is not secure as it would then be possible for any site using the same account to access files from another site. As such, and as a standard practice, we recommend switching away from using the IUSR account for sites, and instead selecting “Application pool identity” and clicking OK. Alternately, you could manually create a user on the system for each site; however, then you need to manage credentials for an additional user, need to configure permissions for two users (the anonymous user and the application pool user) and possible complications with password complexity and rotation requirements your server or organization may have. There is nothing further you need to configure in IIS in terms of security; however, for reference, let’s take a look at the application pool settings really quick. To check the settings on the application pool, in IIS, select Application Pools on the left menu, select the application pool for the site you created (typically the same name as the name of the site), and then click “Advanced Settings…” on the right action bar.
Set Folder Permissions in IIS
Now, as mentioned, the “ApplicationPoolIdentity” user has very few permissions, so the next and last step is to ensure that the website files have proper security settings set on them. Browse through your file system and find the folder where you plan on hosting your site’s files. Right-click on the folder and go to properties. In the properties interface, select the Security tab.




Securing within Powershell
As a bonus, if you’re looking to get your fingers wet with some Powershell, the steps covered in this article can also be accomplished on a Windows Server 2012 or newer server through Powershell. Simply fill out the first two variables with your domain name and the path to your content, and then run the rest of the PowerShell commands to set up the site in IIS and configure folder permissions.[String]$Domain = ‘<domain_Name>’
[String]$Root = ‘<path_to_your_content>’
Import-Module WebAdministration
#Create App pool & Website
New-WebAppPool -Name $Domain
New-Website -Name $Domain -HostHeader $Domain -PhysicalPath $Root -ApplicationPool $Domain
Set-WebConfigurationProperty -Filter system.webServer/security/authentication/anonymousAuthentication -Location $Domain -PSPath MACHINE/WEBROOT/APPHOST -Name userName -Value ''
#Optionally add www. Binding
New-WebBinding -Name $Domain -HostHeader www.$Domain -ErrorAction
#Remove inheritance (copy)
$ACL = Get-ACL $Root
$ACL.SetAccessRuleProtection($True,$True) | Out-Null
$ACL.Access | ?{ !(($_.IdentityReference -eq 'NT AUTHORITY\SYSTEM') -or ($_.IdentityReference -eq 'BUILTIN\Administrators')) } | %{ $ACL.RemoveAccessRule( $_ ) } | Out-Null
$ACL | Set-ACL
#Add IIS user permissions
$ACL = Get-ACL $Root
$acl.SetAccessRuleProtection($False, $True)
$Rule = New-Object System.Security.AccessControl.FileSystemAccessRule("IIS AppPool\$Domain", "ReadAndExecute", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($Rule)
$acl | Set-Acl
Additional Notes: In some cases, sites may need additional write or modify permissions on specific files or folders for file uploads, cache files, or other content. It is important that you do not apply modified permissions to the entire site. Instead, modify specific directories or files as needed. To apply these settings, go to the file or folder that needs modification, right-click on it, and select Properties. Switch to the Security tab and click Edit. In there, select the user that has the name of the website (liquidweb.com in my example above), select modify under the Allow column, and then click OK. This will give the ApplicationPoolIdentity and IIS the ability to write to or modify the file(s) or folder(s).
Still need additional protection for your Liquid Web server? Our Server Protection packages provides a suite of security tools especially for Windows servers. You’ll get routine vulnerability scans, hardened server configurations, anti-Virus and even malware cleanup, should your site get hacked. Don’t wait another vunerable minute, check out how we can protect you.
How to Check Server Load on a Windows Server
What Does Server Load Mean?
Checking a server’s load allows us to evaluate server resources and confirm they are sufficient for any running application. It enables us to troubleshoot slow performance and reliably pinpoint any server resource that may need attention. While there are many tools and options available, today let’s focus on our Windows VPS Task Manager as a means to help us quickly see what is going on, and interact with applications, processes, and services to identify the load. This article will also include an introduction to Resource Monitor as it can be opened from Task Manager to provide more detail. Continue reading “How to Check Server Load on a Windows Server”What Does Varnish Do? [Infograph]
What Does Varnish Do?
Varnish is a website accelerator. It’s designed to decrease the time it takes for your website to load and an ideal tool for improving performance on busy, mission-critical sites. Continue reading “What Does Varnish Do? [Infograph]”Troubleshooting: Locked Out of RDP
How Do I Get Back Into RDP?
You may be working from a local machine that has an IP that is not scoped on that RDP port, making it impossible for you to gain remote access to add the IP address to the RDP rule’s scope. Do not fret; there is a simple and quick way to add your IP to the RDP scoping (or any other entities such as MySQL or MSSQL) right through your Plesk interface in your local browser. You can watch this video, or scroll down for step-by-step directions.

For security purposes, it is always recommended that you scope off your Remote Desktop Protocol (RDP) connection on your server. Putting a scope on the RDP rule in the Windows Firewall will allow only the indicated IP addresses to gain access to the server through Remote Desktop Protocol. The issue is that many of us do not have static IP addresses, but rather Dynamic IP addresses. This means that while once our IP address may be 120.32.111.01, it may change to something like 95.42.121.01 later. So if you were to add 120.32.111.01 to the RDP firewall for a customer or a system administrator, then you may need to add another rule for a different IP address.
Adding Your IP in Plesk
Step 1: Log in to Plesk
First, we need to make sure we know how to get to that Plesk login page. By default, the Plesk login page is https://<YourServerIP>:8443. For example, https://127.0.0.1:8443
We should arrive at a page with this in the center. Go ahead and type in Admin for the username and your password for Plesk. Usually, that password is set up by our team and is the default Server Administrator Password. Sometimes the username is Administrator, depending on a few variables. But one of the two user names should be fine.

Step 2: Tools & Settings
The first thing we need to do after we log into Plesk through the previous page is to navigate to the Firewall Rules. Go ahead and click on Tools & Settings. It will be located in the right sidebar near the bottom as shown below.

Step 3: Firewall
Once we pull up Tools & Settings go ahead and click on our destination, Firewall. You will find that option under the Security section. It will be the second option, just under Security Policy.

Step 4: Firewall Rules
After we are in the Firewall management, go ahead and click on Firewall Rules. This is where we will add the rule to allow a certain IP address to gain RDP access.

Step 5: Add a Firewall Rule
Under Tools, after going into the Firewall Rules, we will see the option labeled Add Firewall Rule. Go ahead and click on that, bringing us to our next step.

Step 6: Add Detail the New Rule
This is the page that we see after clicking on Add Firewall Rule. It can seem to be complicated and intimidating for some beginner level System Administrators, but it is simple.


If you or your client are not sure what that IP address that needs RDP access is, Liquid Web has a great site to visit that will display your IP address.
Here is an example of what you will find at https://ip.liquidweb.com.
While this particular example IP will not be the one that the customer or the System Administrator will see, (when visited on the local machine) the page will display the IP address that needs to be added to the rule for this RDP session to connect. That will be the only information that will be displayed on this page. Simply copy that IP address and use it in the instructions below.

Once you enter the IP address into the text box under Remote addresses, you do need to click the ADD button before clicking on OK.

As mentioned above, after clicking the ADD button while the IP address is entered into the Add an IP address or a network text box, it will be placed into the left text box. After that step, you will then be able to click OK to apply this rule to the firewall for the server.
Step 7: Connect to RDP
The individual at that IP address can now access the server via RDP. If you would like to review an article explaining how to use Remote Desktop Connection, or if you need further assistance, you can locate more info at our internal help center after logging into your Liquid Web account.

Congratulations! You now know how to add an IP address to an RDP rule that will allow a user to connect if the RDP is scoped off to the public. This can be done many times. Although Plesk does not allow you to edit the rule, you will have to create a new one each time. But this shouldn’t cause any issues. Also, keep in mind that this method can be used for any port, including MySQL and MSSQL.
The Most Helpful Humans In Hosting™
We pride ourselves on being The Most Helpful Humans In Hosting™! Our support staff is always available to assist with any Dedicated, Cloud, or VPS server issues 24 hours a day, 7 days a week 365 days a year.
We are available, via our ticketing systems at support@liquidweb.com, by phone (at 800-580-4986) or via a LiveChat for whatever method you prefer. We work hard for you so you can relax.
How to Install VirtualBox on Ubuntu 16.04
What is a VirtualBox?
This is handy when you need to run software that is only available on one Operating System, for example, if you wanted to run Windows software on your Ubuntu computer or vice versa. The only limitations are RAM and disk space for running each virtual machine. Continue reading “How to Install VirtualBox on Ubuntu 16.04”Install SSL Certificates in a Windows Server
About SSL
SSL Certificates secure the web today using Transport Layer Security (TLS). This is a network protocol which encrypts the data between the web server and the visitor. Most websites today are using SSL, and you can see this every time a website starts with https:// instead of http://. This indicates the website is securely encrypting data between you and the server so that no attackers can easily sniff the network packets and capture your logins. SSL protects the web today and is utilized by almost every corporation and business and acts first step in user security. SSL is a way to protect logins and forms that you enter from being intercepted unknowingly by a 3rd party on your network. If your website does not incorporate SSL, we suggest implementing it as soon as possible, and you can use our guide to do it!Generating the Certificate Request (CSR)
Before ordering your SSL, you will need to create a certificate request for the certificate authority to issue an SSL. Step 1: To begin, the first thing you need to do is open IIS. If you do not have a shortcut for it, you can search your computer for inetmgr.exe and open it that way. From here you will click on your server name:Step 2: Then double-click “Server Certificates“.
Step 3: Once you have done that, you are ready to create your certificate request.



Ordering the SSL
At this point, you are ready to order your SSL certificate! Step 1: Go ahead and go to your chosen SSL provider, whether it be GlobalSign, Liquid Web, or any numerous other certificate authorities. Step 2: When you are signing up for the SSL, it will ask you for the CSR data we saved at C:\example.com.csr.txt – Copy and paste the contents into the certificate authorities website, and it will generate all the same fields we entered via the previous steps. Step 3: Finish your order, and they will provide you with a .crt certificate file. Download this file and copy it to your web server. For simplicity, copy it to C:\example.com.cer Great! Now you have created a certificate request and completed it with the certificate authority and have your new SSL certificate ready to be installed.Installing the Certificate in IIS
Step 1: Open up IIS/inetmgr.exe and navigate to the server as we did in the beginning. Step 2: Navigate to Server Certificates. Now, instead of selecting ‘Create Certificate Request’ you will select ‘Complete Certificate Request‘ Step 3: It will prompt you for the location of the new certificate, which we saved at C:\example.com.cer and to make things easier on ourselves later, we will name the friendly name example.com-01 so that we know this is the first SSL for this domain in case we want to renew it later. Once you hit OK, you should see your certificate in the list of server certificates in IIS. Great! Now you have generated the certificate request, completed it, and installed your certificate on your web server. Now you need to bind the certificate to your website.Binding the SSL Certificate to a Website
Step 1: In IIS, browse to Sites > example.com (where you want the SSL certificate installed). Step 2: Right-click on your site and select ‘Edit Bindings‘ or if you click on the site, you will see Bindings on the right-hand side. This will open a window that looks like the following:

Step 4: First, set the Type to https so your website knows the request is for a secured URL.
You will want to set the IP Address on your host. In my case, All Unassigned. Port should be automatically set to 443, if not, do so. (This is the port defined for secured communications.) Step 5: Set the Host Name to example.com (your domain). In most cases, you will want to check Require Server Name Indication. In our case, we do not need it because this is the only certificate on this IP address. Select your SSL certificate from the drop-down! Select OK and do it all again, this time instead of setting the hostname to example.com, you will want to set it to www.example.com. This is because we only set it up for requests from https://example.com, but https://www.example won’t register as secured until we add the second binding entry.