MicrosoftDocs · Rick-Anderson · Mar 3, 2025 · May 23, 2024 · May 23, 2024 · May 23, 2024
@@ -282,10 +282,6 @@
           href: manage/configuring-security/analyzing-client-usage-data-with-iis-user-access-logging.md
         - name: Configure Request Filtering in IIS
           href: manage/configuring-security/configure-request-filtering-in-iis.md
-        - name: IIS 8 - Certificate Management and Deployment
-          href: manage/configuring-security/iis-8-certificate-management-and-deployment.md
-        - name: IIS 8 - Sandboxing and Security
-          href: manage/configuring-security/iis-8-sandboxing-and-security.md
     - name: Managing Performance Settings
       items: 
         - name: Improving Performance with Native Output Caching
@@ -296,8 +292,6 @@
           href: manage/managing-performance-settings/walkthrough-iis-output-caching.md
         - name: Configure IIS 7 Output Caching
           href: manage/managing-performance-settings/configure-iis-7-output-caching.md
-        - name: Use Bit Rate Throttling
-          href: manage/managing-performance-settings/use-bit-rate-throttling.md
     - name: Managing your Configuration Settings
       items: 
         - name: Delegating Configuration to web.config Files
@@ -602,8 +596,6 @@
           href: troubleshoot/using-failed-request-tracing/troubleshooting-failed-requests-using-tracing-in-iis.md
         - name: Using Failed Request Tracing Rules to Troubleshoot Application Request Routing
           href: troubleshoot/using-failed-request-tracing/using-failed-request-tracing-rules-to-troubleshoot-application-request-routing-arr.md
-        - name: Troubleshoot with Failed Request Tracing
-          href: troubleshoot/using-failed-request-tracing/troubleshoot-with-failed-request-tracing.md
         - name: Troubleshooting Failed Requests Using Tracing in IIS 8.5
           href: troubleshoot/using-failed-request-tracing/troubleshooting-failed-requests-using-tracing-in-iis-85.md
     - name: Performance Issues
@@ -707,8 +699,6 @@
           href: extensions/troubleshooting-application-request-routing/troubleshooting-502-errors-in-arr.md
     - name: URL Rewrite Module
       items: 
-        - name: URL Rewrite Module - Video Walkthrough
-          href: extensions/url-rewrite-module/url-rewrite-module-video-walkthrough.md
         - name: Using the URL Rewrite Module
           href: extensions/url-rewrite-module/using-the-url-rewrite-module.md
         - name: Creating Rewrite Rules for the URL Rewrite Module
@@ -773,8 +763,6 @@
           href: extensions/introduction-to-iis-express/iis-75-express-readme.md
         - name: IIS 8.0 Express Readme
           href: extensions/introduction-to-iis-express/iis-80-express-readme.md
-        - name: IIS 8 - IIS Express for Developers
-          href: extensions/introduction-to-iis-express/iis-8-iis-express-for-developers.md
     - name: Using IIS Express
       items: 
         - name: Using the Windows System Tray to Manage Websites and Applications
@@ -972,8 +960,6 @@
           href: web-hosting/getting-started/deploying-a-static-content-server.md
         - name: Using Windows SharePoint Services 3.0 on IIS 7.0
           href: web-hosting/getting-started/using-windows-sharepoint-services-30-on-iis.md
-        - name: Microsoft Web Platform Privacy Statements
-          href: web-hosting/getting-started/microsoft-web-platform-privacy-statements.md
     - name: Frequently Asked Questions (FAQ)
       items: 
         - name: Tools and Utilities Questions
@@ -998,12 +984,8 @@
           href: web-hosting/migrate-to-the-microsoft-web-platform/breaking-changes-for-aspnet-4-apps-running-on-iis-7-integrated-mode.md
         - name: IIS 7 for Apache Administrators
           href: web-hosting/migrate-to-the-microsoft-web-platform/iis-for-apache-administrators.md
-        - name: Migrate to a Windows-Based Platform
-          href: web-hosting/migrate-to-the-microsoft-web-platform/migrate-to-a-windows-based-platform.md
         - name: Migrate from MySQL to SQL Server 2008
           href: web-hosting/migrate-to-the-microsoft-web-platform/migrate-from-mysql-to-sql-server-2008.md
-        - name: How to Migrate to the Microsoft Web Platform
-          href: web-hosting/migrate-to-the-microsoft-web-platform/how-to-migrate-to-the-microsoft-web-platform.md
     - name: Configuring Components
       items: 
         - name: Enabling LINQ with ASP.NET
@@ -1054,8 +1036,6 @@
           href: web-hosting/configuring-servers-in-the-windows-web-platform/sql-server-2005.md
         - name: SQL 2008 for Hosters
           href: web-hosting/configuring-servers-in-the-windows-web-platform/sql-2008-for-hosters.md
-        - name: Configure your Servers for the Windows Web Hosting Platform
-          href: web-hosting/configuring-servers-in-the-windows-web-platform/configure-your-servers-for-the-windows-web-hosting-platform.md
     - name: Installing Infrastructure Components
       items: 
         - name: Planning the Deployment

@@ -101,7 +101,7 @@ You can add `<binding>` elements within the `<bindings>` element for each site i
 | --- | --- |
 | `bindingInformation` | Required string attribute.<br><br>Specifies information to communicate with a site. For example, a Web site binding includes the IP address (or unspecified IP addresses), the port number, and an optional host header used to communicate with the site. |
 | `protocol` | Required string attribute.<br><br>Specifies the protocol for communicating with a site. |
-| `sslFlags` | Optional uint attribute.<br><br>Specifies the type of binding used for Secure Sockets Layer (SSL) certificates.<br><ul> <li>A value of "0" specifies that the secure connection be made using an IP/Port combination. Only one certificate can be bound to a combination of IP address and the port.</li> <li>A value of "1" specifies that the secure connection be made using the port number and the host name obtained by using Server Name Indication (SNI).</li> <li>A value of "2" specifies that the secure connection be made using the centralized SSL certificate store without requiring a Server Name Indicator.</li> <li>A value of "3" specifies that the secure connection be made using the centralized SSL certificate store while requiring Server Name Indicator</li></ul> Centralized SSL certificate support enables you to create a centralized certificate store that can contain multiple certificate files. You can name the certificate files to correspond to the host names that they contain. This enables you to create a binding that only requires a port, rather than an IP/port or a host name/port combination. When a request comes in, IIS matches the port, determines the host name from the request, and searches the centralized certificate store for a certificate file with a matching name. It uses that certificate. <br><br> With a Server Name Indicator (SNI), the host name is exchanged as part of the SSL handshake. SNI is enabled in the Add Site Binding dialog box when you add a binding with a type of HTTPS. This is especially useful for SSL connections that host multiple servers on a single network address. For more information, see [IIS 8.0 Server Name Indication (SNI): SSL Scalability](/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability). <br><br>The sslFlags attribute is only set when the protocol is **https**. The default value is `0`. |
+| `sslFlags` | Optional `uint` attribute that works like flags type, with the following possible flags: <table> <tbody> <tr> <th>Value</th> <th>Description</th></tr> <tr> <th><code>0</code></th> <td>The secure connection made using an IP/Port combination. Only one certificate can be bound to a combination of IP address and the port.</td></tr> <tr> <th><code>1</code></th> <td>The secure connection made using the port number and the host name obtained by using Server Name Indication (SNI).</td></tr> <tr> <th><code>2</code></th> <td>The secure connection be made using the centralized SSL certificate store.</td></tr> <tr> <th><code>4</code></th> <td>Disable HTTP/2.</td></tr> <tr> <th><code>8</code></th> <td>Disable OCSP Stapling.</td></tr> <tr> <th><code>16</code></th> <td>Disable QUIC.</td></tr> <tr> <th><code>32</code></th> <td>Disable TLS 1.3 over TCP.</td></tr> <tr> <th><code>64</code></th> <td>Disable Legacy TLS.</td></tr> </tbody></table> Centralized SSL certificate support enables creating a centralized certificate store that can contain multiple certificate files. The certificate files can be named to correspond to the host names that they contain. This enables creating a binding that only requires a port, rather than an IP/port or a host name/port combination. When a request comes in, IIS matches the port, determines the host name from the request, and searches the centralized certificate store for a certificate file with a matching name. It uses that certificate. <br><br> With a Server Name Indicator (SNI), the host name is exchanged as part of the SSL handshake. SNI is enabled in the **Add Site Binding** dialog box when adding a binding with a type of HTTPS. This is useful for SSL connections that host multiple servers on a single network address. <br><br> Values greater than 4 are only supported in IIS 10 version 1809 and higher. The default value is `0`. |
 
 ### Child Elements
 

@@ -76,7 +76,7 @@ You can add default `<binding>` elements within the `<bindings>` element in the
 | --- | --- |
 | `bindingInformation` | Required string attribute.<br><br>Specifies information to communicate with a site. For example, a Web site binding includes the IP address (or unspecified IP addresses), the port number, and an optional host header used to communicate with the site. |
 | `protocol` | Required string attribute.<br><br>Specifies the protocol for communicating with a site. |
-| `sslFlags` | Optional uint attribute.<br><br>Specifies the type of binding used for Secure Sockets Layer (SSL) certificates.<br><ul> <li>A value of "0" specifies that the secure connection be made using an IP/Port combination. Only one certificate can be bound to a combination of IP address and the port.</li> <li>A value of "1" specifies that the secure connection be made using the port number and the host name obtained by using Server Name Indication (SNI).</li> <li>A value of "2" specifies that the secure connection be made using the centralized SSL certificate store without requiring Server Name Indicator (SNI)</li> <li>A value of "3" specifies that the secure connection be made using the centralized SSL certificate store while requiring Server Name Indicator (SNI)</li></ul> Centralized SSL certificate support enables you to create a centralized certificate store that can contain multiple certificate files. You can name the certificate files to correspond to the host names that they contain. This enables you to create a binding that only requires a port, rather than an IP/port or a host name/port combination. When a request comes in, IIS matches the port, determines the host name from the request, and searches the centralized certificate store for a certificate file with a matching name. It uses that certificate. <br><br> With a Server Name Indicator (SNI), the host name is exchanged as part of the SSL handshake. SNI is enabled in the Add Site Binding dialog box when you add a binding with a type of HTTPS. This is especially useful for SSL connections that host multiple servers on a single network address. <br><br> The default value is `0`. |
+| `sslFlags` | Optional `uint` attribute that works like flags type, with the following possible flags: <table> <tbody> <tr> <th>Value</th> <th>Description</th></tr> <tr> <th><code>0</code></th> <td>The secure connection made using an IP/Port combination. Only one certificate can be bound to a combination of IP address and the port.</td></tr> <tr> <th><code>1</code></th> <td>The secure connection made using the port number and the host name obtained by using Server Name Indication (SNI).</td></tr> <tr> <th><code>2</code></th> <td>The secure connection be made using the centralized SSL certificate store.</td></tr> <tr> <th><code>4</code></th> <td>Disable HTTP/2.</td></tr> <tr> <th><code>8</code></th> <td>Disable OCSP Stapling.</td></tr> <tr> <th><code>16</code></th> <td>Disable QUIC.</td></tr> <tr> <th><code>32</code></th> <td>Disable TLS 1.3 over TCP.</td></tr> <tr> <th><code>64</code></th> <td>Disable Legacy TLS.</td></tr> </tbody></table> Centralized SSL certificate support enables creating a centralized certificate store that can contain multiple certificate files. The certificate files can be named to correspond to the host names that they contain. This enables creating a binding that only requires a port, rather than an IP/port or a host name/port combination. When a request comes in, IIS matches the port, determines the host name from the request, and searches the centralized certificate store for a certificate file with a matching name. It uses that certificate. <br><br> With a Server Name Indicator (SNI), the host name is exchanged as part of the SSL handshake. SNI is enabled in the **Add Site Binding** dialog box when adding a binding with a type of HTTPS. This is useful for SSL connections that host multiple servers on a single network address. <br><br> Values greater than 4 are only supported in IIS 10 version 1809 and higher. The default value is `0`. |
 
 ### Child Elements
 

@@ -15,7 +15,7 @@ This walkthrough will guide you through how to use custom rewrite providers with
 
 ## Install URL Rewrite Extensibility Samples
 
-In order to complete this walkthrough, download and install URL Rewrite Extensibility Samples (`https://www.microsoft.com/download/details.aspx?id=43353`). The Extensibility Samples installation package includes .NET assemblies and the source code with full implementation of rewrite providers for the three most common use cases:
+In order to complete this walkthrough, download and install [IIS URL Rewrite 2.1](https://iis-umbraco.azurewebsites.net/downloads/microsoft/url-rewrite). The URL Rewrite Extensibility Samples for 2.0 are no longer available.
 
 - Storing of the rewrite or redirect mappings in a SQL database;
 - Storing of the rewrite or redirect mappings in a text file;

@@ -87,10 +87,6 @@ These articles cover the functionality of the URL Rewrite Module and explain how
 - [URL Rewrite for ASP.NET Web Forms](url-rewriting-for-aspnet-web-forms.md)
 - [Developing rule templates for the URL Rewrite module](developing-rule-template-for-url-rewrite-module.md)
 
-### Video walkthrough
-
-- [Using the URL rewrite module - video walkthrough](url-rewrite-module-video-walkthrough.md)
-
 ## Changes since Go Live release
 
 The following additions, changes, and important bug fixes have been made to URL rewrite module since the Go Live release:

@@ -28,7 +28,7 @@ Learn more: [Introducing IIS on Nano Server](introducing-iis-on-nano-server.md)
 
 Windows Server 2016 and Windows 10 with the Anniversary Update add support for containers which are isolated, resource controlled, and portable operating environments. Windows Server 2016 and Windows 10 support two different container runtimes with a different degree of isolation: Windows containers achieve isolation through process and namespace isolation, while Hyper-V containers achieve isolation through lightweight virtual machines. IIS 10.0 runs in both container runtimes as well as on both base OS images, Server Core and Nano Server, allowing you to choose the best Windows container environment for your web workloads.
 
-Get started with [IIS base images available on Docker Hub](https://hub.docker.com/r/microsoft/iis/) or follow this tutorial to [deploy an ASP.NET MVC application to IIS running inside a container](/aspnet/mvc/overview/deployment/docker-aspnetmvc).
+Get started with [IIS base images available on Docker Hub](https://hub.docker.com/r/microsoft/windows-servercore-iis/) or follow this tutorial to [deploy an ASP.NET MVC application to IIS running inside a container](/aspnet/mvc/overview/deployment/docker-aspnetmvc).
 
 ## Managing IIS
 

@@ -54,11 +54,11 @@ You can try this by selecting a file in Windows Explorer and adding the "Default
 4. Select the **Security** tab
 5. Click the **Edit** button and then **Add** button
 6. Click the **Locations** button and make sure that you select your computer.
-
-    ![Screenshot of the Select Users or Groups dialog.](application-pool-identities/_static/image9.jpg)
 7. Enter **IIS AppPool\DefaultAppPool** in the **Enter the object names to select:** text box.
 8. Click the **Check Names** button and click **OK**.
 
+    ![Screenshot of the Select Users or Groups dialog.](application-pool-identities/_static/image9.jpg)
+
 By doing this, the file or directory you selected will now also allow the **DefaultAppPool** identity access.
 
 You can do this via the command-line by using the ICACLS tool. The following example gives full access to the DefaultAppPool identity.

@@ -1,6 +1,6 @@
 ---
 title: "Using Dynamic IP Restrictions"
-author: naziml
+author: naziml,esshrouf
 description: "The Dynamic IP Restrictions (DIPR) module for IIS 7.0 and above provides protection against denial of service and brute force attacks on web servers and web..."
 ms.date: 02/16/2009
 ms.assetid: a6881b7d-4080-440c-ab71-cb274ac6f128
@@ -15,6 +15,10 @@ by [Nazim Lala](https://github.com/naziml)
 
 The Dynamic IP Restrictions (DIPR) module for IIS 7.0 and above provides protection against denial of service and brute force attacks on web servers and web sites. To provide this protection, the module temporarily blocks IP addresses of HTTP clients that make an unusually high number of concurrent requests or that make a large number of requests over small period of time.
 
+## When to use Dynamic IP Restrictions?
+
+When you need to allow/deny access to a website (or allow all but log conditions met) based on the number of concurrent requests originating from an IP address or based on the number of requests from the IP over a period of time. 
+
 ## Features
 
 The Dynamic IP Restrictions module includes these key features:
@@ -47,7 +51,9 @@ If you are using the **first** **Beta** release of the DIPR module, you must uni
 
 If you are using the **Beta 2** release of the DIPR module you can upgrade directly to the final release. Your configuration settings will be preserved. 
 
-## Configuring Dynamic IP Restrictions
+## Accessing and Configuring Dynamic IP Restrictions
+
+Note: When configuring IP Restrictions, you need to consider both IIS level as well as site level configuration, as site level will override IIS level (this is a common IIS behavior and not specific to IP Restrictions feature). 
 
 The Dynamic IP Restrictions can be configured by using either IIS Manager, IIS configuration APIs or by using command line tool **appcmd**.
 
@@ -57,54 +63,145 @@ To access Dynamic IP Restriction settings in IIS Manager follow these steps:
 2. In the left-hand side tree view select server node if you want to configure server-wide settings, or select a site node to configure site-specific settings.
 3. In the Features View click "Dynamic IP Restrictions"  
     ![Screenshot of I I S Manager showing the features list in the main pane, Dynamic IP Restrictions is selected.](using-dynamic-ip-restrictions/_static/image1.jpg)
-4. In the "Dynamic IP Restrictions" main page you can enable and specify the configuration for any of the features. To add an IP address to the Allow list you can click on the "Show Allowed Addresses" link on the right:  
-    ![Screenshot of I I S Manager showing Dynamic I P Restrictions in the main pane. Show Allowed Addresses is selected in the Actions pane.](using-dynamic-ip-restrictions/_static/image3.jpg)
-5. Selecting the "Show Allowed Addresses" link above will bring up a window as shown below where you can see all the IP addresses that are allowed to bypass Dynamic IP Restriction validation. You can add more IP addresses to the list by selecting the "Add Allow Entry" link on the right.  
-    ![Screenshot of I I S Manager showing the Add Allow Restriction Rule dialog. Add Allow Entry is highlighted in the Actions pane behind the dialog.](using-dynamic-ip-restrictions/_static/image5.jpg)
 
-### Blocking of IP address based on number of concurrent requests
+### Example 1: Blocking of IP address based on number of concurrent requests using appcmd
 
 When using this option, the server will allow any client's IP address to make only a configurable number of concurrent requests. Any additional requests that exceed the specified limit will be denied.
 
-A simple way to test this feature is to set the maximum number of concurrent requests to 2 by either using UI or by executing appcmd command:
+A simple way to test this feature is to set the maximum number of concurrent requests to 2 by executing appcmd command:
 
 [!code-console[Main](using-dynamic-ip-restrictions/samples/sample1.cmd)]
 
-In the root folder of your web site create a file test.aspx and paste the following content into it:
-
-[!code-aspx[Main](using-dynamic-ip-restrictions/samples/sample2.aspx)]
-
-This ASP.NET page for 3 seconds before returning any response. Save the file and then open web browser, request `http://localhost/test.aspx` and then continuously hit F5 to refresh the browser. This will result in browser making more than 2 concurrent requests so as a result you will see the 403 - Forbidden error from server:
-
-![Screenshot of a server error page. The Error Summary shows H T T P Error 403.7 Forbidden.](using-dynamic-ip-restrictions/_static/image7.png)
-
 > [!IMPORTANT]
 > When configuring number of concurrent requests for a real web application, thoroughly test the limit that you pick to ensure that valid HTTP clients do not get blocked. This is especially important for Rich Internet Applications that have AJAX enabled web pages and serve media content.
 
-### Blocking of IP addresses based on number of requests over time
+### Example 2: Blocking of IP addresses based on number of requests over time using appcmd
 
 When using this option the server will deny requests from any HTTP client's IP address that makes more than configurable number of requests over a period of time. The IP address will remain blocked until the number of requests within a time period drops below the configured limit.
 
-To test this feature set the "Maximum number of requests" to 5 and "Time period" to 5000 by using either IIS Manager or by executing appcmd command:
+To test this feature set the "Maximum number of requests" to 5 and "Time period" to 5000 by executing appcmd command:
 
 [!code-console[Main](using-dynamic-ip-restrictions/samples/sample3.cmd)]
 
-Open web browser, request `http://localhost/welcome.png` and then hit F5 to continuously refresh the page. This will generate more than 5 requests over 5 seconds so as a result you will see server responding with 403 - Forbidden status code:
-
-![Screenshot of a server error page. The Error Summary shows H T T P Error 403.8 Forbidden.](using-dynamic-ip-restrictions/_static/image11.png)
+Open web browser, request http://localhost/welcome.png and then hit F5 to continuously refresh the page. This will generate more than 5 requests over 5 seconds so as a result you will see server responding with 403 - Forbidden status code.
 
 If you wait for another 5 seconds when all the previous requests have executed and then make a request, the request will succeed.
 
 > [!IMPORTANT]
 > When configuring number of allowed requests over time for a real web application, thoroughly test the limits that you pick to ensure that valid HTTP clients do not get blocked. This is especially important for Rich Internet Applications that have AJAX enabled web pages and serve media content.
 
+### Example 3: Blocking of IP address based on number of concurrent requests using UI
+
+On my IIS level, I have below configuration:
+
+From “Edit Feature Settings”:
+
+![alt text](image.png)
+
+![alt text](image-1.png)
+
+From “Edit Dynamic Restriction Settings…”:
+
+![alt text](image-2.png)
+
+![alt text](image-3.png)
+
+On my site level I have below configuration: 
+
+![alt text](image-4.png)
+
+![alt text](image-5.png)
+
+This means that up to 2 simultaneous requests will be allowed to the site (due to number 2 set above), and a status code of 403 will be received for any other concurrent request (due to “Forbidden” action configured above) as can be seen in browser developer tools (I clicked “disable cache” to make it clear and avoid browser side caching):
+
+![alt text](image-6.png)
+
+Note: You might be wondering why do you see 3 allowed requests and not just two; that's because the first two requests were concurrently opened and once finished it happened that the third request reached the application, meaning the third request was the only one (hence only 1 concurrent requests) when it happened.
+
+The “Allow” action configured above means that any IP address is okay to send requests and that the rules configured specify on which conditions these allowed IPs will be denied access.
+
+As you noticed, site level config of “Allow” overridden IIS’s level “Deny”, and site's level config of “Forbidden” overridden IIS's level config of “Not Found”, and hence 403 status code was sent instead of 404.
+
+If I however change site's level “Allow” to “Deny” then all IPs will be denied access regardless of whether they made 2 concurrent requests or otherwise:
+
+![alt text](image-7.png)
+
+### Example 4: Blocking of IP address based on number of concurrent requests & number of requests over time, using UI
+
+Now let's change the configuration from Example 3 a bit on site level. IIS level is same as before in Example 3:
+
+![alt text](image-8.png)
+
+While site level configuration is now: 
+
+![alt text](image-9.png)
+
+Now when making request from browser:
+
+![alt text](image-10.png)
+
+Each colored line (example highlighted) represents the lifetime of one request. The rule specifies two conditions as you can see. This means that any condition that gets met first then the denial will be applied. The rule will allow only up to two requests within 200 msec, and any further requests within this timeframe will be denied. As can be seen, the third request was triggered almost 20 msec after the first one, meaning now we have more than two requests within the 200 msec frame and hence the third one will be denied, and so will be the 4th and 5th and 6th.  
+
+## Logging
+
+You will see the below in IIS logs (for Example 2 above):
+
+2024-07-22 14:17:48 ::1 GET / - 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 - 200 0 0 1
+
+2024-07-22 14:17:48 ::1 GET /Content/css v=7n95mJcoE9tVcdjbEUwG1-urp8oL9Yf2bFpa2lb4Nq41 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 200 0 0 3
+
+2024-07-22 14:17:48 ::1 GET /bundles/modernizr v=inCVuEFe6J4Q07A0AcRsbJic_UE5MwpRMNGcOtk94TE1 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 403 502 0 5
+
+2024-07-22 14:17:48 ::1 GET /bundles/jquery v=JVBM4Dk7eZ-fjWvmxvoCeVR5MAt_3YXn4K7MRdHsuR81 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 403 502 0 7
+
+2024-07-22 14:17:48 ::1 GET /bundles/bootstrap v=X8gnNIYDSsAzCxLBuTaZy64JJqo9mzWM5GPsE4TJLNI1 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 403 502 0 7
+
+2024-07-22 14:17:48 ::1 GET /favicon.ico - 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 403 502 0 0
+
+2024-07-22 14:17:48 ::1 GET /Content/bootstrap.min.css.map - 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 - 403 502 0 0
+
+Http status code for denied requests in this example will be 403 and sub status code will be 502. This way you can tell the difference between normal Forbidden status code set by the application code and between the Forbidden set by the IIS IP Restrictions feature.
+List of (status codes) set by IP Restriction feature are discussed below.
+
 ### Deny Actions
 
 The module can be configured to perform the following actions when denying requests for IP addresses:
 
-- Send 403 (Forbidden) response to the client;
-- Send 404 (File not found) response to the client;
-- Abort request by closing the HTTP connection, without sending any response to the client.
+•	Forbidden: 403
+•	Unauthorized: 401
+•	Not Found: 404
+•	Abort: the TCP connection will simply be reset and http will not be established. This is also nice in case main page is denied and you don't want the end user to see the sub status code 502 (to not know this was because of IP Restriction feature). User will instead see the below: 
+![alt text](image-11.png)
+
+And here's the possible (substatus codes) by IP Restriction feature:
+501, 502.
+Substatus code will either be 501 or 502 depending on which one of the two conditions got met and hence client was denied access: 
+501 -> Dynamic IP Restriction: too many concurrent requests were made from the same client IP.  
+502 -> Dynamic IP Restriction: the maximum number of requests from the same client IP within a specified time limit was reached.
+
+Above codes are documented here: HTTP status code overview - Internet Information Services | Microsoft Learn
+
+## Enable Logging Only Mode: 
+
+Now in case of “Enable Logging Only Mode” there will be no clients denied by this feature, meaning status code will be the expected result (normally 200 but it also depends on your application) and clients will receive the expected normal response, however, substatus code indicating that one of the two conditions was met will be logged in IIS logs. Below is an example:
+
+2024-07-28 06:57:35 ::1 GET / - 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 - 200 0 0 3
+2024-07-28 06:57:35 ::1 GET /bundles/modernizr v=inCVuEFe6J4Q07A0AcRsbJic_UE5MwpRMNGcOtk94TE1 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 200 501 0 3
+
+2024-07-28 06:57:35 ::1 GET /bundles/bootstrap v=X8gnNIYDSsAzCxLBuTaZy64JJqo9mzWM5GPsE4TJLNI1 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 200 502 0 8
+
+2024-07-28 06:57:35 ::1 GET /Content/css v=7n95mJcoE9tVcdjbEUwG1-urp8oL9Yf2bFpa2lb4Nq41 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 200 0 0 9
+
+2024-07-28 06:57:35 ::1 GET /bundles/jquery v=JVBM4Dk7eZ-fjWvmxvoCeVR5MAt_3YXn4K7MRdHsuR81 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 200 501 0 8
+2024-07-28 06:57:35 ::1 GET /Content/bootstrap.min.css.map - 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 - 200 502 0 19
+
+2024-07-28 06:57:35 ::1 GET /Content/bootstrap.min.css.map - 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 - 200 502 0 37
+
+2024-07-28 06:57:35 ::1 GET /bundles/bootstrap.min.js.map - 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 - 404 502 2 0
+
+And the client will get this on its side: 
+
+![alt text](image-12.png)
 
 ### Support for web servers behind proxy
 

@@ -23,9 +23,9 @@ The WebsitePanel features list includes:
 
 · Long list of [supported software and platforms](http://websitepanel.net/SupportedSoftware.aspx)
 
-· Close integration with [Microsoft Web App Gallery](https://www.microsoft.com/web/gallery/Categories.aspx)
+· Close integration with Microsoft Web App Gallery
 
-· Microsoft Web Platform Installer ([WPI](https://www.microsoft.com/web/gallery/Categories.aspx)) integration
+· Microsoft Web Platform Installer (WPI) integration
 
 · Strong community support
 

@@ -13,7 +13,7 @@ by [Elliott Hamai](https://github.com/ehamai)
 
 ## Introduction
 
-In V3, Web Deploy is introducing an automatic server-side backup feature for IIS 7 and above. When automatic backups are configured on the server and a user publishes to his site using Web Deploy, it will first take a backup of the live site and store it on the server before committing any changes to the site. If the publish failed for some reason or the user wants to restore an earlier version of his website, he will be able to restore from these backups without involving a server administrator. This feature needs to be enabled and configured by a server administrator before an end user may take advantage of it.
+In V3, Web Deploy is introducing an automatic server-side backup feature for IIS 7 and above. When automatic backups are configured on the server and a user publishes to his site using Web Deploy, it will first take a backup of the live site and store it on the server before committing any changes to the site. If the publish failed for some reason or the user wants to restore an earlier version of his website, they will be able to restore from these backups without involving a server administrator. This feature needs to be enabled and configured by a server administrator before an end user may take advantage of it.
 
 ## When Backups are created
 

@@ -246,7 +246,7 @@ Examples:
 
 [!code-console[Main](web-deploy-powershell-cmdlets/samples/sample31.cmd)]
 
-Description: This cmdlet can be used to apply any Web Deploy package. There are several ways to create or obtain a Web Deploy package, such as by downloading an open source Application Gallery package, creating a package in Visual Studio, using the msdeploy.exe command-line tool ([more info](https://technet.microsoft.com/library/dd568996(WS.10).aspx)), or using the Backup-WD\* cmdlets noted earlier in the document. For e.g. for installing wordpress on an IIS Server Default web site as an app named wordpress download the wordpress package from [the app gallery](https://www.microsoft.com/web/gallery/wordpress.aspx) into a folder called packages. All the default values for the wordpress package parameters will work as is but just need to specify the values for two required parameters: admin and non admin mysql password.
+Description: This cmdlet can be used to apply any Web Deploy package. There are several ways to create or obtain a Web Deploy package, such as by downloading an open source Application Gallery package, creating a package in Visual Studio, using the msdeploy.exe command-line tool ([more info](https://technet.microsoft.com/library/dd568996(WS.10).aspx)), or using the Backup-WD\* cmdlets noted earlier in the document. For e.g. for installing wordpress on an IIS Server Default web site as an app named wordpress download the wordpress package from the app gallery into a folder called packages. All the default values for the wordpress package parameters will work as is but just need to specify the values for two required parameters: admin and non admin mysql password.
 
 Parameters:
 

@@ -18,7 +18,7 @@ HRESULT GetClientCertificate(
 
 ### Parameters  
  `ppClientCertInfo`  
- [OUT] A pointer to an [HTTP_SSL_CLIENT_CERT_INFO](https://go.microsoft.com/fwlink/?LinkId=63150) structure.  
+ [OUT] A pointer to an [HTTP_SSL_CLIENT_CERT_INFO](https://learn.microsoft.com/windows/win32/api/http/ns-http-http_ssl_client_cert_info) structure.  
 
  `pfClientCertNegotiated`  
  [OUT] `true` if the client certificate has been negotiated already; otherwise, `false`. For more information, see the Remarks section.  
@@ -42,7 +42,7 @@ HRESULT GetClientCertificate(
  For URLs that do not require a client certificate, you can call the [NegotiateClientCertificate](../../web-development-reference/native-code-api-reference/ihttprequest-negotiateclientcertificate-method.md) method before you call `GetClientCertificate` to attempt a manual loading of the client certificate.  
 
 ## Example  
- The following example demonstrates how to get a pointer to the [HTTP_SSL_CLIENT_CERT_INFO](https://go.microsoft.com/fwlink/?LinkId=63150) structure by implementing the [CHttpModule::OnBeginRequest](../../web-development-reference/native-code-api-reference/chttpmodule-onbeginrequest-method.md) method.  
+ The following example demonstrates how to get a pointer to the [HTTP_SSL_CLIENT_CERT_INFO](https://learn.microsoft.com/windows/win32/api/http/ns-http-http_ssl_client_cert_info) structure by implementing the [CHttpModule::OnBeginRequest](../../web-development-reference/native-code-api-reference/chttpmodule-onbeginrequest-method.md) method.  
 
  [!code-cpp[IHttpRequestGetClientCertificate#2](../../../samples/snippets/cpp/VS_Snippets_IIS/IIS7/IHttpRequestGetClientCertificate/cpp/mymodule.cpp#2)]  
 

@@ -53,7 +53,7 @@ by [Walter Oliver](https://github.com/walterov)
 1. [Provisioning Sample in C#](powershell-scripts/_static/powershell-scripts-327-iis7provisioningsample1.zip) is a set of C# samples to perform several common provisioning tasks, See details in the [Provisioning Sample in C#](../../manage/provisioning-and-managing-iis/provisioning-sample-in-c.md) article.
 2. [Hosting Services Sample](powershell-scripts/_static/hssample_4-11.zip) is an extensive C# code sample for provisioning Sites, User accounts, SQL db, and others. See details in the [Hosting Services Code Sample](../../manage/provisioning-and-managing-iis/index.md) article.
 3. [Code Samples and Scripts](../../manage/provisioning-and-managing-iis/index.md) provides sample code snippets for creating IIS 7.0 Sites and Configuration tasks.
-4. [IIS Sites Provisioning PowerShell Scripts](https://www.iis.net/community/files/hosting/ProvisioningScripts 4-7-2008.zip "IIS Sites PowerShell Scripts"). These are 6 PowerShell Scripts to help you automate the provisioning of AppPools, Sites, Applications, Virtual Directories, and Bindings. They use the Microsoft.Web.Administration managed code namespace interfaces to provision these objects. Here is an example for each of them:  
+4. [IIS Sites Provisioning PowerShell Scripts](https://www.iis.net/community/files/hosting/ProvisioningScripts%204-7-2008.zip "IIS Sites PowerShell Scripts"). These are 6 PowerShell Scripts to help you automate the provisioning of AppPools, Sites, Applications, Virtual Directories, and Bindings. They use the Microsoft.Web.Administration managed code namespace interfaces to provision these objects. Here is an example for each of them:  
 
     4.1. **To create any number of AppPools, Sites, Applications, Virtual Directories, and Bindings arranged in accordance to a configuration data file** use Sample\_AppPool\_Site\_AppCreation. This script calls all the others to create each object in accordance to the configuration data found in the ProvisioningConfig.xml XML file.