Thursday, October 12, 2017

IIS Server configs

If you are hosting your ASP.NET applications inside IIS I have a great tip for you: https://github.com/h5bp/server-configs-iis

This GitHub project contains a list of boilerplate web.config files applying some best practices(like security hardening) and taking maximal advantage of the powerfull functionality that IIS has to offer.

It shows and explains how to:

  • Apply security through obscurity by not exposing specific information through the headers
  • Apply GZIP compression on static content
  • Disable tracing
  • Secure your cookies
  • Cache static content
  • Support cache busting

No comments: