Prevent SQL injection by using IIS URL Rewrite

Nowadays, a bad or unoptimizes SQL query could easily compromised or get attacked. However you may try to reduce or prevent (Don’t say avoid, it is not possible, keke) the SQL injection through your expression rules.

If you are using IIS as your web engine, you may use some expression to reduce the SQL injection.


Continue reading Prevent SQL injection by using IIS URL Rewrite

Classic ASP script error messages are no longer shown in a Web browser by default

With IIS 7.x, ASP error is disabled by default. Hence, the web programmer will not know what is the detailed error from your scripting and the following error shown.

An error occurred on the server when processing the URL. Please contact the system administrator.

To work around this problem, you could set the detailed error through IIS or web.config file.

Method 1:

1. Open IIS or run inetmgr.
2. Click on the websites.
3. Click on the ASP icon.
4. Expand the Debugging Properties.
5. On Send Errors To Browser parameter set to True.

Method 2:

Open your web web.config file, add the following command.

<asp scriptErrorSentToBrowser="true" />

Method 3:

Run the following command to enabled from server end.

%windir%\system32\inetsrv\appcmd set config -section:asp -scriptErrorSentToBrowser:true