web.config Redirect non-www to www

That often looked for website redirect from the non-www version of the website URL, address, to the www version.

In this case the redirect is for a Windows hosted website, using the web.config file to set the redirect rules.

I wish to avoid adding the redirect within the website coding. By taking advantage of the redirect rules within the web.config file. This will make them readily available and can be edited without recompiling the website code.

Access your website either using FTP or the editor/manager within the housing website control panel.

The file to be edited is located at the root of the website. This may be a directory down. Check if you have a directory such as public_html.

It’s easier to edit the content of the web.config file of is laid out correctly and colour coded. An HTML editor will make your life easier when editing.

Shown below is the code to add the redirect of the non-www address to www to be added to the web.config asp.net website configuration file:

        <rule name="Canonical" stopProcessing="true"> <match url=".*" /> 
                <add input="{HTTP_HOST}" negate="true" pattern="^www\.([.a-zA-Z0-9]+)$" /> 
            <action type="Redirect" url="http://www.{HTTP_HOST}/{R:0}" redirectType="Permanent" /> 

The above is to be added within the section <system.webserver>

As as a bonus below is the HTTPS version too!

        <rule name="Redirect to HTTPS" stopProcessing="true"> 
            <match url="(.*)" /> 
                <add input="{HTTPS}" pattern="^OFF$" /> 
            <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" /> 

Putting this all together gives:

        <rule name="Canonical" stopProcessing="true"> <match url=".*" /> 
                <add input="{HTTP_HOST}" negate="true" pattern="^www\.([.a-zA-Z0-9]+)$" /> 
            <action type="Redirect" url="http://www.{HTTP_HOST}/{R:0}" redirectType="Permanent" /> 
        <rule name="Redirect to HTTPS" stopProcessing="true"> 
            <match url="(.*)" /> 
                <add input="{HTTPS}" pattern="^OFF$" /> 
            <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" /> 

Technically it’s a 301 or 302 redirect. Looking at the code above it can be seen that I’ve used the redirectType parameter value of permanent showing the redirect to be of type 301. web.config rewrite rules to permanently redirect non-www to www.

Change Windows 2008 User Password Lost Current Password

Having lost the current password for a Windows 2008 server user account. How do I change the password?

If I follow the control panel link to the user and look to reset the password, a part of the dialogue requires entry of the current password. Which I didn’t have!

Its possible to get around this requirement from a command prompt.

Right click on command prompt, from the menu, and select to run as administrator


net user username *

When asked, enter the new password, and re enter for confirmation.

Obliged to confirm that the password change is correct and the anticipated value has been entered I once more tried logging in with a remote desktop session from another computer.

Using the command prompt as opposed to the user control panel I was able to reset a user password without the knowledge of the current password.


IIS Adding Support for Font Families

By default IIS doesn’t support all of the font family types used in CSS. Additional media support entries may be required.

Below is a typical font family definition, as used within a CSS file.

@font-face {font-family: 'my-font';src:
    url(inc/fonts/my-font.otf) format('truetype'),
    url(inc/fonts/my-font.eot) format('eot'),
    url(inc/fonts/my-font.woff) format('woff');}

Whilst configuring a website hosted on Windows server I found that Internet Explorer wasn’t adopting the specified font family.

I checked the HTML and CSS on a Linux server with Apache. All was well and Internet Explorer was showing the correct font, confirming that my definitions were correct, no spelling errors or missing characters.

Using Firebug on Firefox I was able to see that the woff file was being requested but not downloaded.

By adding the media type for woff to IIS I was able to resolve this problem.

Add font Media Type

Font media types are added to IIS as per any media type.

IIS adding font familiy support

From within the IIS manager select the server root in the left menu to show its home menu, with options for IIS, management and not shown in this view, ASP.NET, FTP.

IIS adding font familiy support mime types

Click on the MIME Types, within the IIS section to show a list of those configured.

IIS adding font familiy support add mime type

At the top right corner click on Add.

IIS adding font familiy support add mime type woff

To add a new MIME type enter the extension and the MIME type within the Add MIME Type popup window:

IIS adding font familiy support mime types includes woff

The addition of the woff font added to the list of installed MIME Types.

IIS Media Types

The table below gives the media types for the common font types

Extension Media Type
.eot application/vnd.ms-fontobject
.ttf application/octet-stream
.otf application/font-sfnt
.svg image/svg+xml
.woff application/font-woff
.woff2 application/font-woff2

Looking at the IIS mime support for the font types I observed the following default font support:

Media Type Extension Configured by default
TrueType .ttf Yes
Embedded OpenType .eot Yes
OpenType .otf No
Web Open Font Format .woff No

Windows RDP Change User Password

In a remote desktop session (RDP) accessing the account password settings with <CTRL> + <ALT + <DELETE> is not available. An alternative method is required.

On a Windows computer pressing <CTRL> + <ALT> + <DELETE> provides access to profile settings such as the user password.

From within remote desktop the <CTRL> + <ALT> + <DELETE> key combination is transferred back to the parent computer, with loss of control from the active remote desktop session.

Therefore a different key combination to the usual ctrl alt del is required to access the user password configuration when used from within a remote desktop session.

I found that using the key combination <CTRL + <ALT> + <END> leaves the remote desktop active, focus is not withdrawn back to the parent computer. The active screen is replaced by a summary action  screen showing the options:

  • Lock this computer
  • Log off
  • Change a password…
  • Start Task Manager

Click on Change a password. On the following screen enter the existing password, followed by the new password and a second entry to ensure that it was typed correctly. Click on OK to complete.

From within a Windows RDP I am able to update an expired password. However, for Android and Linux originated sessions I find that access to the server is not given.

Regularly updating your password is good security practice and ensures that Windows doesn’t lock you out following the expiry of the current password.

HTTP Error 503. The Service is Unavailable

Re-activating an old website on IIS the browser showed HTTP Error 503.

More fully the error given within the browser was:

HTTP Error 503. The Service is Unavailable

The website was a development site which had been stopped and was now to be re-activated.

Reviewing the IIS settings for the website, nothing looked to be wrong. It was running.

A review of the assigned application pool showed this to have also been stopped , at the time the website was taken off-line.

This error was caused by the application pool not being enabled in IIS.

In IIS click on the Application Pools menu item in the left hand tree menu to show a list of the Application Pools.

If the application pool is stopped, click on its line item and then in the right column click on Start.

IIS8 add Server Certificates Icon

By default the Server Certificates icon, along with many more, is missing. The missing icons are added through the Add Roles and Features Wizard.

As a part of installing a certificate on IIS 7 there is the requirement to double click on the Server Certificates icon within the central pane in the IIS control panel.

Begin by clicking on the Server manager Icon located in the bottom bar. In the Add Roles and Features Wizard window click on Next to move forward showing the Installation Type.

From the wizard select Role-based installation.

IIS7 Server Certificates Add Roles and Features Wizard

Select webserver (IIS) followed by then web server security and its sub section of client certificate mapping authentication,

iis7 Server Certificates Add Roles and Features Wizard

Follow the remaining steps as appropriate passing through server select, Server Roles and Features, confirmation and results.

Clicking on Install I have found that whilst the message indicates that the window may be closed – it can’t be.

Also don’t give up hope the feature will be installed, it just seems to take an inordinate amount of time.

Windows 2012 Server Change Administrator Password

Changing the Windows Server 2012 Administrator password via a Remote Desktop RDP connection as actioned via the Local Users and Groups section of the Computer Management.

To access the Computer Management hover in the top right corner of the desktop to get the three icons: Search; Start and Settings; to appear at the right edge of the screen. click on the Search icon and enter Computer Management in the box.

Windows 2012 Server Change Administrator Password
Click on the Computer Management search result, shown at the left, below the Apps title in the image above.

Windows 2012 Server Change Administrator Password Computer Management

In the Computer Management console expand the section Local Users and Groups in the tree menu at the left hand side. click on Users to show the available users.

Windows 2012 Server Change Administrator Password Local Users Groups

Right click on the Administrator account and select Set Password from the pop-up menu.

Windows 2012 Server Change Administrator Password Set Password

This will open a pop-up alert message warning. Click on Proceed to access the Set Password for Administrator window

Windows 2012 Server Change Administrator Password set Password for Administrator

Finally enter the new password in both fields and click on OK.

How to Fix Bad Request (Invalid Hostname)

The Bad Request error is most likely due to a missing entry in the bindings for an IIS site instance.

The error is shown simply in the browser with no other content as:

Bad Request (Invalid Hostname)

To correct the error the website URL is to be added to the site’s bindings.

On the web server open the IIS manager.

At the left expand the treeview menu of sites to show the site with the associated error.

Click on this site to show its property icons in the middle screen and items such as bindings, permissions and settings in the narrow pane at the right.

Click on the bindings icon.

In the pop-up Site Bindings window review the entries. ensure there are entries for the domain with (and without) www.

If you are running the popular  DotNetNuke CMS the follow-on error may be

404 – File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.

This is caused by having the correct bindings in IIS but the DNN CMS not having the necessary entry to handle the domain.


Disable SSLv3

The SSLv3 protocol is disabled in Windows by configuring Registry keys and values.

SSLv3 and the older SSLv2 protocols are both vulnerable by their implementation and should now be disabled. Newer protocols are available for use.

Open the Registry editor with the command regedit.exe. Changes to the Registry can make your computer unusable, proceed with care and preferably make a backup of the registry before making any changes.

After completing this task the computer will need to be rebooted.

In the Registry navigate to:


At this point a new sub-key is added for the protocol.

Right click on Protocols and from the pop-up window select New followed by Key. For the Key name enter SSL 3.0

Add New Registry KeyTo be added below this key are additional keys for Server (and later Client). Add the Server key as above.

A new DWORD is to be added under the Server key.

Right click on SSL 3.0, in the left navigation tree and select New followed by DWORD. Give it the name of Enabled with a value of 0.

Disable SSLv3 Registry Keys Server

If you wish to block the protocol on the client side too then add the DWORD DisabledByDefault with a value of 0.

This is illustrated in the image below which shows the addition of a Client key below the SSL 3.0

Disable SSLv3 Registry Keys Client

Just as the additional registry keys have been added to control the use of the SSLv3.0 protocol the same may be done for the earlier SSLv2.0 protocol. In the image above the entry for SSL 2.0 is shown.

Is IIS Running 64-bit or 32-bit

Discover if an IIS website running in 32 bit or 64 bit mode from the application pool settings or the task manager.

Whether a particular IIS website application pool is running in 32 bit or 64 bit mode can be relevant to the operation of the website.

Some features, written to be integrated in a CMS style website may only work in 64 bit mode. Checking a recent installation the default mode configured for an IIS Aplication pool was 32-bit mode.

To review the mode configured click on the desired application pool, don’t double click this gives the short form settings

In the right hand column of setting options click on Advanced Settings to open a pop-up of Advanced Settings for the chosen Application Pool.

Scroll down to find the setting called enable 32bit apps. If this is set to true, that means the worker process is forced to run in 32 bit. If the setting is false, then the apppool is running in 64 bit mode.

Task manager maybe used to determine whether IIS is running 32 or 64 bit mode. To do so requires identification of the process associated with a particular application pool. If the application pool is running as 64 bit it will be shown as w3wp.exe, whilst 32 bit will be shown as w3wp*32.exe.