Best IT Recipes

How to enable gzip compression in IIS 7.5

I want to compress my files using gzip. Can you share web.config code for compressing files using gzip?

Is there anything else I need to do after loading my web.config file?

+22
web-config gzip compression
Aug 30 '14 at 7:28
source share
5 answers

There are two approaches to this:

  • Static compression
  • Dynamic compression

Compression in IIS 7.x is configured with two .config files in space. Elements can be installed anywhere in the IIS / ASP.NET configuration pipeline completely from ApplicationHost.config to the local web.config file. The following is the default value in ApplicationHost.config (in% windir% \ System32 \ inetsrv \ config forlder) in IIS 7.5 with a few minor tweaks (added json output and enabled dynamic compression):

<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files"> <scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" staticCompressionLevel="9" /> <dynamicTypes> <add mimeType="text/*" enabled="true" /> <add mimeType="message/*" enabled="true" /> <add mimeType="application/x-javascript" enabled="true" /> <add mimeType="application/json" enabled="true" /> <add mimeType="*/*" enabled="false" /> </dynamicTypes> <staticTypes> <add mimeType="text/*" enabled="true" /> <add mimeType="message/*" enabled="true" /> <add mimeType="application/x-javascript" enabled="true" /> <add mimeType="application/atom+xml" enabled="true" /> <add mimeType="application/xaml+xml" enabled="true" /> <add mimeType="*/*" enabled="false" /> </staticTypes> </httpCompression> <urlCompression doStaticCompression="true" doDynamicCompression="true" /> </system.webServer> </configuration>

See http://weblog.west-wind.com/posts/2011/May/05/Builtin-GZipDeflate-Compression-on-IIS-7x for details

+32
Aug 30 '14 at 7:40
source share

GZip compression can be enabled directly through IIS.

First open IIS,

Go to the website on which you are hoping to configure and click on the Compression page. If Gzip is not installed, you will see something like the following:

iis-gzip

"Dynamic content compression module not installed." We have to fix it. Therefore, we go to "Enable or Disable Windows Features" and select "Dynamic Content Compression" and click "OK."

Now, if we go back to IIS, we will see that the compression page has changed. At this point, we need to make sure the dynamic compression check box is checked, and it was good to go. Compression is enabled and our dynamic content will be gzipped.

Testing - check if gzip compression is enabled

To check if compression works, use the developer tools in Chrome or Firebug for Firefox and make sure that the HTTP response header is configured:

 Content-Encoding: gzip
+25
Jan 24 '16 at 11:16
source share

If someone comes across this and is looking for a slightly more relevant answer or copy or paste answer to answer multiple versions than the JC Raja post, here is what I found:

Google got a pretty solid, understandable introduction to how it works and what is beneficial and not. https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/optimize-encoding-and-transfer They recommend the HTML5 project, which has solutions for different versions of IIS:

  • .NET version 3
  • .NET Version 4
  • .NET Version 4.5 / MVC 5

Available here: https://github.com/h5bp/server-configs-iis They have web.configs that you can copy and paste changes from your own and see the changes, much easier than digging a bunch of blog posts.

Here's the web.config settings for .NET version 4.5: https://github.com/h5bp/server-configs-iis/blob/master/dotnet%204.5/MVC5/Web.config

 <?xml version="1.0" encoding="utf-8"?> <configuration> <appSettings> <add key="webpages:Version" value="3.0.0.0" /> <add key="webpages:Enabled" value="false" /> <add key="ClientValidationEnabled" value="true" /> <add key="UnobtrusiveJavaScriptEnabled" value="true" /> </appSettings> <system.web> <!-- Set compilation debug="true" to insert debugging symbols into the compiled page. Because this affects performance, set this value to true only during development. --> <compilation debug="true" targetFramework="4.5" /> <!-- Security through obscurity, removes X-AspNet-Version HTTP header from the response --> <!-- Allow zombie DOS names to be captured by ASP.NET (/con, /com1, /lpt1, /aux, /prt, /nul, etc) --> <httpRuntime targetFramework="4.5" requestValidationMode="2.0" requestPathInvalidCharacters="" enableVersionHeader="false" relaxedUrlToFileSystemMapping="true" /> <!-- httpCookies httpOnlyCookies setting defines whether cookies should be exposed to client side scripts false (Default): client side code can access cookies true: client side code cannot access cookies Require SSL is situational, you can also define the domain of cookies with optional "domain" property --> <httpCookies httpOnlyCookies="true" requireSSL="false" /> <trace writeToDiagnosticsTrace="false" enabled="false" pageOutput="false" localOnly="true" /> </system.web> <system.webServer> <!-- GZip static file content. Overrides the server default which only compresses static files over 2700 bytes --> <httpCompression directory="%SystemDrive%\websites\_compressed" minFileSizeForComp="1024"> <scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" /> <staticTypes> <add mimeType="text/*" enabled="true" /> <add mimeType="message/*" enabled="true" /> <add mimeType="application/javascript" enabled="true" /> <add mimeType="application/json" enabled="true" /> <add mimeType="*/*" enabled="false" /> </staticTypes> </httpCompression> <httpErrors existingResponse="PassThrough" errorMode="Custom"> <!-- Catch IIS 404 error due to paths that exist but shouldn't be served (eg /controllers, /global.asax) or IIS request filtering (eg bin, web.config, app_code, app_globalresources, app_localresources, app_webreferences, app_data, app_browsers) --> <remove statusCode="404" subStatusCode="-1" /> <error statusCode="404" subStatusCode="-1" path="/notfound" responseMode="ExecuteURL" /> <remove statusCode="500" subStatusCode="-1" /> <error statusCode="500" subStatusCode="-1" path="/error" responseMode="ExecuteURL" /> </httpErrors> <directoryBrowse enabled="false" /> <validation validateIntegratedModeConfiguration="false" /> <!-- Microsoft sets runAllManagedModulesForAllRequests to true by default You should handle this according to need, but consider the performance hit. Good source of reference on this matter: http://www.west-wind.com/weblog/posts/2012/Oct/25/Caveats-with-the-runAllManagedModulesForAllRequests-in-IIS-78 --> <modules runAllManagedModulesForAllRequests="false" /> <urlCompression doStaticCompression="true" doDynamicCompression="true" /> <staticContent> <!-- Set expire headers to 30 days for static content--> <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="30.00:00:00" /> <!-- use utf-8 encoding for anything served text/plain or text/html --> <remove fileExtension=".css" /> <mimeMap fileExtension=".css" mimeType="text/css" /> <remove fileExtension=".js" /> <mimeMap fileExtension=".js" mimeType="text/javascript" /> <remove fileExtension=".json" /> <mimeMap fileExtension=".json" mimeType="application/json" /> <remove fileExtension=".rss" /> <mimeMap fileExtension=".rss" mimeType="application/rss+xml; charset=UTF-8" /> <remove fileExtension=".html" /> <mimeMap fileExtension=".html" mimeType="text/html; charset=UTF-8" /> <remove fileExtension=".xml" /> <mimeMap fileExtension=".xml" mimeType="application/xml; charset=UTF-8" /> <!-- HTML5 Audio/Video mime types--> <remove fileExtension=".mp3" /> <mimeMap fileExtension=".mp3" mimeType="audio/mpeg" /> <remove fileExtension=".mp4" /> <mimeMap fileExtension=".mp4" mimeType="video/mp4" /> <remove fileExtension=".ogg" /> <mimeMap fileExtension=".ogg" mimeType="audio/ogg" /> <remove fileExtension=".ogv" /> <mimeMap fileExtension=".ogv" mimeType="video/ogg" /> <remove fileExtension=".webm" /> <mimeMap fileExtension=".webm" mimeType="video/webm" /> <!-- Proper svg serving. Required for svg webfonts on iPad --> <remove fileExtension=".svg" /> <mimeMap fileExtension=".svg" mimeType="image/svg+xml" /> <remove fileExtension=".svgz" /> <mimeMap fileExtension=".svgz" mimeType="image/svg+xml" /> <!-- HTML4 Web font mime types --> <!-- Remove default IIS mime type for .eot which is application/octet-stream --> <remove fileExtension=".eot" /> <mimeMap fileExtension=".eot" mimeType="application/vnd.ms-fontobject" /> <remove fileExtension=".ttf" /> <mimeMap fileExtension=".ttf" mimeType="application/x-font-ttf" /> <remove fileExtension=".ttc" /> <mimeMap fileExtension=".ttc" mimeType="application/x-font-ttf" /> <remove fileExtension=".otf" /> <mimeMap fileExtension=".otf" mimeType="font/opentype" /> <remove fileExtension=".woff" /> <mimeMap fileExtension=".woff" mimeType="application/font-woff" /> <remove fileExtension=".crx" /> <mimeMap fileExtension=".crx" mimeType="application/x-chrome-extension" /> <remove fileExtension=".xpi" /> <mimeMap fileExtension=".xpi" mimeType="application/x-xpinstall" /> <remove fileExtension=".safariextz" /> <mimeMap fileExtension=".safariextz" mimeType="application/octet-stream" /> <!-- Flash Video mime types--> <remove fileExtension=".flv" /> <mimeMap fileExtension=".flv" mimeType="video/x-flv" /> <remove fileExtension=".f4v" /> <mimeMap fileExtension=".f4v" mimeType="video/mp4" /> <!-- Assorted types --> <remove fileExtension=".ico" /> <mimeMap fileExtension=".ico" mimeType="image/x-icon" /> <remove fileExtension=".webp" /> <mimeMap fileExtension=".webp" mimeType="image/webp" /> <remove fileExtension=".htc" /> <mimeMap fileExtension=".htc" mimeType="text/x-component" /> <remove fileExtension=".vcf" /> <mimeMap fileExtension=".vcf" mimeType="text/x-vcard" /> <remove fileExtension=".torrent" /> <mimeMap fileExtension=".torrent" mimeType="application/x-bittorrent" /> <remove fileExtension=".cur" /> <mimeMap fileExtension=".cur" mimeType="image/x-icon" /> <remove fileExtension=".webapp" /> <mimeMap fileExtension=".webapp" mimeType="application/x-web-app-manifest+json; charset=UTF-8" /> </staticContent> <httpProtocol> <customHeaders> <!--#### SECURITY Related Headers ### More information: https://www.owasp.org/index.php/List_of_useful_HTTP_headers --> <!-- # Access-Control-Allow-Origin The 'Access Control Allow Origin' HTTP header is used to control which sites are allowed to bypass same origin policies and send cross-origin requests. Secure configuration: Either do not set this header, or return the 'Access-Control-Allow-Origin' header restricting it to only a trusted set of sites. http://enable-cors.org/ <add name="Access-Control-Allow-Origin" value="*" /> --> <!-- # Cache-Control The 'Cache-Control' response header controls how pages can be cached either by proxies or the users browser. This response header can provide enhanced privacy by not caching sensitive pages in the users browser cache. <add name="Cache-Control" value="no-store, no-cache"/> --> <!-- # Strict-Transport-Security The HTTP Strict Transport Security header is used to control if the browser is allowed to only access a site over a secure connection and how long to remember the server response for, forcing continued usage. Note* Currently a draft standard which only Firefox and Chrome support. But is supported by sites like PayPal. <add name="Strict-Transport-Security" value="max-age=15768000"/> --> <!-- # X-Frame-Options The X-Frame-Options header indicates whether a browser should be allowed to render a page within a frame or iframe. The valid options are DENY (deny allowing the page to exist in a frame) or SAMEORIGIN (allow framing but only from the originating host) Without this option set the site is at a higher risk of click-jacking. <add name="X-Frame-Options" value="SAMEORIGIN" /> --> <!-- # X-XSS-Protection The X-XSS-Protection header is used by Internet Explorer version 8+ The header instructs IE to enable its inbuilt anti-cross-site scripting filter. If enabled, without 'mode=block', there is an increased risk that otherwise non-exploitable cross-site scripting vulnerabilities may potentially become exploitable <add name="X-XSS-Protection" value="1; mode=block"/> --> <!-- # MIME type sniffing security protection Enabled by default as there are very few edge cases where you wouldn't want this enabled. Theres additional reading below; but the tldr, it reduces the ability of the browser (mostly IE) being tricked into facilitating driveby attacks. http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx --> <add name="X-Content-Type-Options" value="nosniff" /> <!-- A little extra security (by obscurity), removings fun but adding your own is better --> <remove name="X-Powered-By" /> <add name="X-Powered-By" value="My Little Pony" /> <!-- With Content Security Policy (CSP) enabled (and a browser that supports it (http://caniuse.com/#feat=contentsecuritypolicy), you can tell the browser that it can only download content from the domains you explicitly allow CSP can be quite difficult to configure, and cause real issues if you get it wrong There is website that helps you generate a policy here http://cspisawesome.com/ <add name="Content-Security-Policy" "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.google-analytics.com;" /> --> <!--//#### SECURITY Related Headers ###--> <!-- Force the latest IE version, in various cases when it may fall back to IE7 mode github.com/rails/rails/commit/123eb25#commitcomment-118920 Use ChromeFrame if it installed for a better experience for the poor IE folk --> <add name="X-UA-Compatible" value="IE=Edge,chrome=1" /> <!-- Allow cookies to be set from iframes (for IE only) If needed, uncomment and specify a path or regex in the Location directive <add name="P3P" value="policyref=&quot;/w3c/p3p.xml&quot;, CP=&quot;IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT&quot;" /> --> </customHeaders> </httpProtocol> <!-- <rewrite> <rules> Remove/force the WWW from the URL. Requires IIS Rewrite module http://learn.iis.net/page.aspx/460/using-the-url-rewrite-module/ Configuration lifted from http://nayyeri.net/remove-www-prefix-from-urls-with-url-rewrite-module-for-iis-7-0 NOTE* You need to install the IIS URL Rewriting extension (Install via the Web Platform Installer) http://www.microsoft.com/web/downloads/platform.aspx ** Important Note using a non-www version of a webpage will set cookies for the whole domain making cookieless domains (eg. fast cdn-like access of static resources like css, js and images) impossible. # IMPORTANT: THERE ARE TWO RULES LISTED. NEVER USE BOTH RULES AT THE SAME TIME! <rule name="Remove WWW" stopProcessing="true"> <match url="^(.*)$" /> <conditions> <add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" /> </conditions> <action type="Redirect" url="http://example.com{PATH_INFO}" redirectType="Permanent" /> </rule> <rule name="Force WWW" stopProcessing="true"> <match url=".*" /> <conditions> <add input="{HTTP_HOST}" pattern="^example.com$" /> </conditions> <action type="Redirect" url="http://www.example.com/{R:0}" redirectType="Permanent" /> </rule> # E-TAGS E-Tags are actually quite useful in cache management especially if you have a front-end caching server such as Varnish. http://en.wikipedia.org/wiki/HTTP_ETag / http://developer.yahoo.com/performance/rules.html#etags But in load balancing and simply most cases ETags are mishandled in IIS; and it can be advantageous to remove them. # removed as in https://stackoverflow.com/questions/7947420/iis-7-5-remove-etag-headers-from-response <rewrite> <outboundRules> <rule name="Remove ETag"> <match serverVariable="RESPONSE_ETag" pattern=".+" /> <action type="Rewrite" value="" /> </rule> </outboundRules> </rewrite> --> <!-- ### Built-in filename-based cache busting In a managed language such as .net you should really be using the internal bundler for css + js or getCassette or similar. If you're not using the build script to manage your filename version revving, you might want to consider enabling this, which will route requests for /css/style.20110203.css to /css/style.css To understand why this is important and a better idea than all.css?v1231, read: github.com/h5bp/html5-boilerplate/wiki/Version-Control-with-Cachebusting <rule name="Cachebusting"> <match url="^(.+)\.\d+(\.(js|css|png|jpg|gif)$)" /> <action type="Rewrite" url="{R:1}{R:2}" /> </rule> </rules> </rewrite>--> </system.webServer> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-5.0.0.0" newVersion="5.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" /> </dependentAssembly> </assemblyBinding> </runtime> </configuration>
+15
Dec 16 '14 at 3:13
source share

Global Gzip in HttpModule

If you do not have access to shared hosting - the final instance of IIS. You can create an HttpModule that adds this code to every HttpApplication.Begin_Request event: -

 HttpContext context = HttpContext.Current; context.Response.Filter = new GZipStream(context.Response.Filter, CompressionMode.Compress); HttpContext.Current.Response.AppendHeader("Content-encoding", "gzip"); HttpContext.Current.Response.Cache.VaryByHeaders["Accept-encoding"] = true;
+4
Nov 28 '14 at 9:30
source share

Submission of this file under #wow

It turns out that IIS has different compression levels, configurable from 1-9.

Some of my dynamic SOAP requests have recently gotten out of control. When uncompressed SOAP is about 14 MB and 3 MB is compressed.

I noticed that in Fiddler, when I compressed my request in Transformer , it reached about 470 KB instead of 3 MB - so I decided there had to be some way to improve compression.

Finally found this very informative blog post

http://weblogs.asp.net/owscott/iis-7-compression-good-bad-how-much

I went ahead and ran this command (followed by iisreset):

C:\Windows\System32\Inetsrv\Appcmd.exe set config -section:httpCompression -[name='gzip'].staticCompressionLevel:9 -[name='gzip'].dynamicCompressionLevel:9

The dynamic level has been changed to 9, and now my compressed soap corresponds to what Fiddler gave me - and this is about 1/7 of the size of the existing compressed file .

Milage will change, but for SOAP this is a massive significant improvement.

+2
Sep 18 '16 at 11:01
source share


More articles:


All Articles