<div style="background-color: none transparent;"><a href="http://www.rsspump.com/?web_widget/rss_widget/twitter_widget" title="web widget">Twitter Widget</a></div>
   URL Rewrite 2.0 for IIS 7 is here image

URL Rewrite 2.0 for IIS 7 is here


Posted on Mar 31, 10 at 12:21 am. 
URL Rewrite 2.0 for IIS 7 is here art

We recently upgraded the IIS 7 servers with version 2.0 of the URL rewrite module. 
 
I have to be honest - generally speaking, SEO & URL rewriting is not a topic that I often (ever) think about. The reality is, no matter how you write your URLs, if your site only has a handful of visitors, the format of your URLs is not going to matter. Your time would be much better spent improving your site, making it more useful and popular. So why spend time and energy on such a topic when there is so much other stuff to do? I think most people share this opinion. But that's what makes this new version so interesting to me.
 
Yes, this is indeed a major upgrade, and the feature list is lengthy. But what "The rest of us" will be happy to know is that Microsoft has included templates that make this process much easier. These are essentially tiny wizards that allow you to plug in a couple values and let the tool deal with the rest.
 
The first thing you need to do is get the IIS 7 Manager add-in to control the service.  When you connect to the server using IIS 7 Manager you will be greeted with a window asking if you would like to install the add-in (if you have the old module already, you will be asked to upgrade when you connect).
 
Now, let's try a few things and see how easy this is. Let's assume that you want to redirect requests for YourHostedDomainName.com to www.YourHostedDomainName.com
 
  • In IIS 7 Manager, navigate to the URL Rewrite section
  • Click Add Rule on the right hand side
  • Click the canonical domain name template
  • Enter your domain name, including the www
That's it. Done. 
 
Next, let's work on making some user-friendly URLs. Let's assume for a moment that we have an application that generates URLs in the following manner:
And we wanted to rewrite the URL as:
  • In IIS 7 Manager, navigate to the URL Rewrite section
  • Click Add Rule on the right side
  • Click User-Friendly URL 
 
You will notice that you have an option for how you want the URL to be rewritten. The best part is that it is generating the regular expressions and corresponding inbound/outbound rules required to perform the task automatically. 
 
Another cool feature is that by clicking the Create corresponding outbound rewrite rule check box, any links with an unfriendly URL within your pages will also be rewritten.
 
So for example, let's assume you had a page with the following link:
This link would automatically be rewritten on the fly and served as:
These two scenarios are what we get asked about most commonly. You can see how easily URL Rewrite 2.0 addresses them. And we have not even scratched the surface. This release is extremely deep and can be used to perform a multitude of tasks. If you want to work with some of the more complex operations, I suggest you visit the learning section of the IIS site.
 
Some of the key points that stand out are:
 
Access to server variables and http headers. Server variables and HTTP headers provide additional information about current HTTP request. This information can be used to make rewriting decisions or to compose the output URL.
 
Various rule actions. Instead of rewriting a URL, a rule may perform other actions, such as issue an HTTP redirect, abort the request, or send a custom status code to HTTP client.
 
Failed Request Tracing support. IIS 7 Failed Request Tracing can be used to troubleshoot errors related to URL rewriting.
 
GUI tool for importing of mod_rewrite rules. URL rewrite module includes a GUI tool for converting rewrite rules from mod_rewrite format into an IIS format.
 
Michael Ossou
Technical Support

How Many Servers Can One Admin Manage?


Posted on Mar 30, 10 at 7:08 pm. 
How Many Servers Can One Admin Manage? art

I've seen this question in many places, Never really found out the answer...

Are You A Server Admin?

If you are a server admin,

Understanding the Whole PCI Compliance Pie – Which slice do you own?


Posted on Mar 30, 10 at 5:01 pm. 
Understanding the Whole PCI Compliance Pie – Which slice do you own? art

When you develop Web sites that collect payment via credit card for goods and services sold online, part of your responsibility is to establish and maintain PCI compliance. If followed properly, the Payment Card Industry Data Security Standard (current version 1.2) does a very effective job of providing a safe shopping experience for customers. However, achieving compliance is easier said than done, especially for startups and developers for small online retailers.

After reviewing the 200-plus sub-policies, procedures, activities, and technical nuances that make up the PCI Data Security Standard, most small and startup E-commerce companies will choose to outsource portions of their website operation to third party service providers. In this scenario, each party is independently responsible for maintaining control over compliance for their respective organization. You shouldn’t fall into the trap of assuming that someone else is handling your compliance needs. Everyone involved in your online store is responsible for a piece of the security compliance pie.

Anyone that touches or has access to credit card data in any capacity is responsible for PCI compliance, regardless of their role.  This includes the online retailer, the Web application developer, and the hosting provider.

The most important steps every E-Commerce developer should complete as they establish a PCI compliant business:

  • Step 1 – Become educated about the payment card industry mandates. Taking the time to become knowledgeable here can go a very long way.
  • Step 2 – Identify which portions of the PCI DSS you directly control and which items will be outsourced to third parties (A QSA – Qualified Security Assessor – can help with this step)
  • Step 3 – Select service partners that have expertise in protecting personally identifiable information (PII).
  • Step 4 – Thoroughly review each service partner’s ROC (report on compliance) to make sure there are no unfulfilled requirements or pending remediations for critical items

    Achieving and maintaining PCI compliance for your entire online operation starts with the online retailer, since it’s the retailer’s name on the “front door,” not the hosting provider or developer’s company. The E-commerce retailer is the first and most pivotal piece of the pie because they are legally liable for breaches.

    In fact, PCI DSS requirement 12.8 states that if cardholder data is shared with service providers, the retailer must maintain and implement policies and procedures to manage service providers. For example, the PCI DSS requires you to:

    • 12.8.1 Maintain a list of service providers.
    • 12.8.2 Maintain a written agreement that includes an acknowledgement that the service providers are responsible for the security of cardholder data the service providers possess.
    • 12.8.3 Ensure there is an established process for engaging service providers including proper due diligence prior to engagement.
    • 12.8.4 Maintain a program to monitor service providers’ PCI DSS compliance status.

    Being PCI compliant requires that your service providers to be PCI compliant. Your organization’s security foundation is only as strong as the weakest link in your PCI compliance checklist, regardless of whether the link resides within your control or in the hands of a service provider you’ve chosen.

    Let’s review another PCI DSS requirement to show an example of how each party (retailer, developer, and hosting provider) plays a role in providing secure, PCI compliant E-commerce experience:

    Requirement 7.1 Limit access to system components and cardholder data to only those individuals whose job requires such access. Access limitations must include the following:

    • 7.1.1 Restriction of access rights to privileged user IDs to least privileges necessary to perform job responsibilities
    • 7.1.2 Assignment of privileges is based on individual personnel’s job classification and function
    • 7.1.3 Requirement for an authorization form signed by management that specifies required privileges
    • 7.1.4 Implementation of an automated access control system

    This requirement has several implications:

    1) Certain business activities performed by the retailer could fall into requirement 7.1. The retailer should oversee:

    • Granting privileges for acceptance (and procedures for disposal) of credit card information received via phone, fax, or email.
    • Granting permission for service reps to retrieve and input payment card information into the point of sale system if/when a “glitch” with the web application occurs.

    2) E-commerce application developers are responsible for developing and maintaining the Web–to–database “tunnel” through which credit card information flows. Therefore, the Web developer’s piece of the pie includes:

    • Granting privileges for developers to create, test, and troubleshoot data provider connections that feed CC information from the web application to the DB (and potentially API connections that feed CC information into a payment processing gateway)
    • Granting privileges for managing encryption keys, and encryption key creation and retirement.
    • Assigning emergency response chain of command and establishing who should and can access the systems if/when a malfunction occurs
    • Assigning encryption key holder responsibilities

    3) The hosting provider definitely has physical access to the cardholder data, and in some instances virtual access as well. Therefore, requirement 7.1 applies to hosting providers as well. In this case, the hosting provider owns:

    • Granting privileges for physical access to data storage devices containing cardholder data, but also restricting specific access points to be only accessible to the tenant.
    • Assigning an emergency response chain of command that is an extension of both other parties’ emergency response chains to authenticate and respond to requests originating from other parties’ policies and procedures.
    • Restricting all access to key containers, repositories or other encryption key storage devices to the tenant to whom the keys belong.

    Fortunately, you are not alone in deciphering the PCI compliance code. Understanding which party owns what piece of this big PCI compliance pie is a something that takes time and know-how to get your arms around. Once you become familiar with the standard, it will be easier to define which of the PCI compliance standards fall within your area of responsibility and which should be is shared among the various parties responsible for providing the safest online shopping experience.

    A version of this article appeared in eCommerce Developer on March 30, 2010.


    Next Page →



    Popular Incoming Search Queries For This Topic

    This Post Is Filed Under The Following Categories

    CompliancePCI CompliancePCI Compliant HostingSecure eCommerce Developmentsecure managed hosting

    Tags Associated with This Post

    Affordable Web Hosting News Archives
      web hosting web hosting



      Top Site Listings


      Science Link Exchange
      Business Link Exchange
      Understanding the Whole PCI Compliance Pie – Which slice do you own? picture Subscribe To Affordable Web Hosting By Email
      Understanding the Whole PCI Compliance Pie – Which slice do you own? drawing Affordable Web Hosting RSS Feed
      Understanding the Whole PCI Compliance Pie – Which slice do you own? decal Affordable Web Hosting Comments Feed
      Join
      Affordable
      Web
      Hosting
      On
      Twitter