Turning off IE’s Enhanced Security Configuration on Windows Server 2012

Dec 22, 2013. | By: oliver

Since I was reading Scott Hanselman’s blog post on how to using a Surface RT in combination with Azure VM I more and more find myself using this setup. No matter if you’re working under Linux or Windows, you can get the full power of a full-grown 16 core, 64 GB RAM number crunching monster right in your lightweight and handy Surface device (or any other device with an RDP app). Welcome back thin-clients!

Now what’s really annoying when you’re working the first time with a Windows Server 2012 VM under Azure is IE’s security settings.

[Read More]

Weinre on Azure in Combination with Browserstack

Nov 16, 2013. | By: oliver


Quickly setting up a service in only a few minutes on Azure that allows us to debug both our locally and remotely deployed apps and web applications on almost every device and platform you can imagine via Browserstack through one common debugging tool.

Debugging Mobile

Debugging HTML5 mobile apps or web applications on mobile devices isn’t big fun nowadays unless you are enjoying the land of alert-debugging due to mostly absent debugging tools for DOM inspection or even a JavaScript console.

[Read More]

Setting IP-Ranges in Microsoft Azure

Nov 1, 2013. | By: oliver

Often you need to restrict or exclusively grant access to your web page based on certain IP ranges. For example you might want to make sure that only certain IP ranges are allowed to access your test environment in Microsoft Azure. Remember, websites and cloud services are all public per default. It’s straightforward to configure IP ranges in IIS through a UI, but of course things should work automatically when a new instance of a web/worker role is deployed. Fortunately, all you need is a little powershell script that will do the job for you:

 1 import-module servermanager
 2 import-module webadministration
 3 Add-WindowsFeature Web-IP-Security
 4 # Disabling access for anyone per default
 5 Set-WebConfigurationProperty -Filter /system.webserver/security/ipsecurity -Name allowUnlisted -Value $false -PSPath 'IIS:'
 6 # Explicitly setting allowed ip ranges for...
 7 # Some IP Range (XXX.XXX.XXX.*)
 8 Add-WebConfiguration -Filter /system.webserver/security/ipsecurity -PSPath 'IIS:' -Value @{ipAddress='XXX.XXX.XXX.XXX';subnetMask='';allowed=$true
 9 # Some other IP Range (XXX.XXX.XXX.*)
10 Add-WebConfiguration -Filter /system.webserver/security/ipsecurity -PSPath 'IIS:' -Value @{ipAddress='XXX.XXX.XXX.XXX';subnetMask='';allowed=$true

Key is to add the Windows feature Web-IP-Security which allows you to configure allowed/disallowed IP ranges.In line 5 of this script we then disable access for any IP address per default. In line 8 and 10 we then explicitly grant access to some IP ranges. All that is left to do is to call this script from a startup task to ensure that every time a new instance is deployed IIS is automatically configured accordingly.

Have fun!

[Read More]


Oliver Arafat is an Evangelist at Amazon Web Services covering Germany. Father of two, husband, serious runner and cycler.

Social Links