Comments (16)
@EatonZ I like this idea :) Will try to implement it. Thanks for the suggestion again.
from iis.compression.
@EatonZ The new release (v1.0.3219) has been published and is available through the same download link. The issue has been fixed in the new release - both iiszlib and iisbrotli auto-adjust the out-of-bound compression level to the maximum allowed value and produce a warning to event log (but only emit a single warning event per worker process life time).
from iis.compression.
@EatonZ 10 is not a valid compression level for the iiszlib.dll
provider.
See the docs at https://docs.microsoft.com/en-us/iis/extensions/iis-compression/using-iis-compression#compression-level
cc @bangbingsyb
from iis.compression.
My fault for missing that - the max was 10 in the built-in providers so I assumed that was the case here.
I feel as though you could maybe change this crash behavior to instead log a warning and internally use the max value if the value in the settings is larger (so it won't crash).
from iis.compression.
@EatonZ : thanks for raising the issue. Here is my personal thought on this. A potential improvement could be the compression scheme checks the range and returns an error to IIS once the configured level is out of the allowed range. In this case, IIS might return 500 to the client. For developers or admins this might be relatively easy to troubleshoot using IIS failed request tracing (FREB log).
Note that a compression scheme has extremely limited control over the response, since it doesn't directly access the headers, status code, and only accesses the contents buffer by buffer. So to really raise a meaningful warning (e.g. a event) it might require support from IIS static/dynamic compression modules. I will look into the compression modules to see if we have already had such mechanism either through event log or through FREB log.
I personally think modifying the out-of-bound compression level to a valid one on behalf of the user is probably a bit misleading, and fail the request in a graceful way with easy access diagnosis info might be the best approach.
from iis.compression.
@bangbingsyb Can the module write to the Event Viewer? A simple message there like "Compression level out of bounds." would be helpful and shouldn't involve any big IIS changes. I get messages from ASP.NET that say "A potentially dangerous Request.Path value was detected from the client" in the Event Viewer, so this seems like a reasonable thing to add.
from iis.compression.
Resolved by #17
from iis.compression.
@bangbingsyb Thank you for a great-looking fix!
When will updated installers be available?
from iis.compression.
@EatonZ Will work on the installer change this week, and we will have a new release hopefully next week.
from iis.compression.
@bangbingsyb Let me know when the new installer is available.
from iis.compression.
@EatonZ Sure. Sorry for the delay. I completed the installer update last week in our internal repository, and basically all necessary code changes for the new release have been in place. I need to make some minor fix to our build definition before the release. I'm having a tight schedule last and this week for other tasks. Will keep you updated once the installer is ready.
from iis.compression.
@bangbingsyb Is the new version available yet?
from iis.compression.
@bangbingsyb Checking in again ^
from iis.compression.
@bangbingsyb @shirhatti Did you decide against publishing an update for this?
from iis.compression.
@EatonZ sorry for the long delay. I was switched out to other tasks and we also had infrastructure changes during the period. Now I've moved all the installer pieces to the same repository, and will work on a new release soon.
from iis.compression.
@bangbingsyb Great - thanks!
from iis.compression.
Related Issues (19)
- Installed but upon browser network insepction of https site, supported compressible files still compressed as gzip HOT 2
- Update README.md with links to the official docs HOT 1
- Support to Azure Web Apps (or confirm compiled binary redistribution license) HOT 6
- Move installer project to GitHub
- IIS always use deflate HOT 1
- Upload the module to Chocolatey HOT 7
- Make repo public HOT 5
- The PR validation pipeline isn't working.
- New release has version nr lower that the previous HOT 4
- Win Server 2019 : Brotli compression InProcess extreme memory usage HOT 16
- system.webServer/httpCompression settings don't apply after the first tune HOT 1
- content-encoding: gzip instead of brotli HOT 1
- Need to remove agentPoolDemandTeam: 'IISAdmin'
- Add minimum system requirements to the docs and wiki page
- Upgrade brotli to 1.0.9: integer overflow flaw HOT 1
- This repo is missing important files HOT 1
- Cannot run nuget restore - this repo uses private sources?
- In what state is this in? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from iis.compression.