Eric lippert - Amazon Web Services
Eric lippert - Amazon Web Services
Eric lippert - Amazon Web Services
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
NETWORK_SERVICE, IUSR and IIS APPPOOL\.<br />
• Enable Static and Dynamic Compression.<br />
• Turn on Content Expiration from IIS > <strong>Web</strong>site > HTTP headers<br />
> Common Headers. Set to 30 days. This makes all the static file<br />
cacheable on the browser. You will get significant reduction in web<br />
traffic when you turn this on.<br />
• From IIS > <strong>Web</strong>site > Bindings, we map both www.yourdomain.<br />
com and yourdomain.com. Alternatively we setup a redirector<br />
website to redirect traffic on yourdomain.com to www.yourdomain.<br />
com. The later is better because this way users are never<br />
browsing your website over yourdomain.com and they will always<br />
be on www.yourdomain.com. If your website is such that users<br />
copy and share links to pages frequently, you should go for such<br />
redirection.<br />
• From IIS Logging, turn on “Bytes Sent” and “Bytes Received” fields.<br />
Change creating log files to hourly ,if you have heavy traffic. This<br />
way each log file size will be within the manageable size and if<br />
you have to parse the log files, it won’t take too long. Whenever<br />
we have to diagnose slow pages, we first look into the IIS log<br />
and ensure if a page is taking a long time to execute, and it is not<br />
because of large “Bytes Sent”.<br />
• Map 404 to a well defined error page from IIS > <strong>Web</strong>site > Error<br />
Pages > 404. You can set it to redirect to your websites homepage.<br />
• Copy website code to each server and synchronize the files last<br />
modification date and time. This way, each file will have the exact<br />
same last modified date time on each server. That means, if a<br />
browser gets jquery.js file from webserver1, and it tries to hit<br />
webserver2 on another page visit and asks webserver2 about the<br />
last modified datetime of jquery.js, it will get the exact same date<br />
time and it won’t download the whole file again.<br />
• Create a static website hosted on a different domain. Eg.<br />
Staticyourdomain.com and have all static files served from this<br />
domain. It prevents large ASP.NET cookies from being sent over<br />
static files.<br />
These are some techniques we have learnt over the years to avoid<br />
common mistakes and tune websites to serve well cached traffic to<br />
the browser, delivering faster page load performance.<br />
05<br />
Removing unwanted HTTP headers<br />
There are some HTTP response headers that make hackers lives<br />
easier in order to detect what version of IIS you are running on<br />
and what .NET version you are on. You can remove most of these<br />
headers using web.config. But there are some that cannot be<br />
removed using the config file and you need to write a custom<br />
HttpModule to remove those from every response; especially the<br />
ETag header that IIS 7 has made it impossible to remove via any<br />
configuration.<br />
Removing ETag is one of the best ways to get better caching from<br />
browser for the static files on your website. Here’s a HTTP Module<br />
that can remove the headers that you don’t need:<br />
public class RemoveASPNETStuff : IHttpModule<br />
{<br />
public void Init(HttpApplication app)<br />
{<br />
app.PostReleaseRequestState += app_<br />
PostReleaseRequestState;<br />
}<br />
void app_PostReleaseRequestState(object sender, EventArgs<br />
e)<br />
{ var headers = HttpContext.Current.Response.Headers;<br />
headers.Remove(“Server”);<br />
headers.Remove(“X-AspNet-Version”);<br />
headers.Remove(“ETag”);<br />
}<br />
Before the HttpModule:<br />
Cache-Control:private<br />
Content-Length:445<br />
Content-Type:text/html; charset=utf-8<br />
Date:Sun, 31 Mar 2013 11:19:36 GMT<br />
Server:Microsoft-IIS/8.0<br />
Vary:Accept-Encoding<br />
X-AspNet-Version:4.0.30319<br />
After the HttpModule:<br />
Cache-Control:private<br />
Content-Length:445<br />
Content-Type:text/html; charset=utf-8<br />
Date:Sun, 31 Mar 2013 11:16:03 GMT<br />
Vary:Accept-Encoding<br />
DNcmagazine www.dotnetcurry.com | 7