Comment activer la compression GZIP dans IIS 7.5
Je veux compresser mes fichiers en utilisant GZIP. Pouvez-vous partager le code web.config pour la compression de fichiers avec GZIP?
Après avoir téléchargé mon fichier web.config, puis-je faire quelque chose de plus?
La compression GZip peut être activée directement via IIS.
Tout d'abord, ouvrez IIS,
allez sur le site Web que vous espérez modifier et cliquez sur la page Compression. Si Gzip n'est pas installé, vous verrez quelque chose comme ce qui suit:
"Le module de compression de contenu dynamique n'est pas installé." Nous devrions résoudre ce problème. Nous allons donc dans la section «Activer ou désactiver les fonctionnalités Windows», sélectionner «Compression de contenu dynamique», puis cliquez sur le bouton OK.
Maintenant, si nous revenons à IIS, nous devrions voir que la page de compression a changé. À ce stade, nous devons nous assurer que la case de compression dynamique est cochée et que nous pouvons continuer. La compression est activée et notre contenu dynamique sera compressé.
Test - Vérifier si la compression GZIP est activée
Pour vérifier si la compression fonctionne ou non, utilisez les outils de développement de Chrome ou Firebug pour Firefox et assurez-vous que l'en-tête de réponse HTTP est défini:
Content-Encoding: gzip
Si quelqu'un rencontre cela et cherche une réponse un peu plus à jour ou une réponse copier-coller ou une réponse ciblant plusieurs versions que le message de JC Raja, voici ce que j'ai trouvé:
Google a une introduction assez solide et facile à comprendre sur la façon dont cela fonctionne et ce qui est avantageux ou non. https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/optimize-encoding-and-transfer Ils recommandent le projet HTML5 Boilerplate, qui propose des solutions pour différentes versions d'IIS:
- .NET version 3
- .NET version 4
- .NET version 4.5/MVC 5
Disponible ici: https://github.com/h5bp/server-configs-iis Ils ont web.configs que vous pouvez copier et coller les modifications de la leur vers la vôtre et voir les modifications, beaucoup plus facile que de creuser à travers un tas de messages de blog.
Voici les paramètres web.config pour .NET version 4.5: https://github.com/h5bp/server-configs-iis/blob/master/dotnet%204.5/MVC5/Web.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true" targetFramework="4.5" />
<!-- Security through obscurity, removes X-AspNet-Version HTTP header from the response -->
<!-- Allow zombie DOS names to be captured by ASP.NET (/con, /com1, /lpt1, /aux, /prt, /nul, etc) -->
<httpRuntime targetFramework="4.5" requestValidationMode="2.0" requestPathInvalidCharacters="" enableVersionHeader="false" relaxedUrlToFileSystemMapping="true" />
<!-- httpCookies httpOnlyCookies setting defines whether cookies
should be exposed to client side scripts
false (Default): client side code can access cookies
true: client side code cannot access cookies
Require SSL is situational, you can also define the
domain of cookies with optional "domain" property -->
<httpCookies httpOnlyCookies="true" requireSSL="false" />
<trace writeToDiagnosticsTrace="false" enabled="false" pageOutput="false" localOnly="true" />
</system.web>
<system.webServer>
<!-- GZip static file content. Overrides the server default which only compresses static files over 2700 bytes -->
<httpCompression directory="%SystemDrive%\websites\_compressed" minFileSizeForComp="1024">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
<staticTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/javascript" enabled="true" />
<add mimeType="application/json" enabled="true" />
<add mimeType="*/*" enabled="false" />
</staticTypes>
</httpCompression>
<httpErrors existingResponse="PassThrough" errorMode="Custom">
<!-- Catch IIS 404 error due to paths that exist but shouldn't be served (e.g. /controllers, /global.asax) or IIS request filtering (e.g. bin, web.config, app_code, app_globalresources, app_localresources, app_webreferences, app_data, app_browsers) -->
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" subStatusCode="-1" path="/notfound" responseMode="ExecuteURL" />
<remove statusCode="500" subStatusCode="-1" />
<error statusCode="500" subStatusCode="-1" path="/error" responseMode="ExecuteURL" />
</httpErrors>
<directoryBrowse enabled="false" />
<validation validateIntegratedModeConfiguration="false" />
<!-- Microsoft sets runAllManagedModulesForAllRequests to true by default
You should handle this according to need but consider the performance hit.
Good source of reference on this matter: http://www.west-wind.com/weblog/posts/2012/Oct/25/Caveats-with-the-runAllManagedModulesForAllRequests-in-IIS-78
-->
<modules runAllManagedModulesForAllRequests="false" />
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
<staticContent>
<!-- Set expire headers to 30 days for static content-->
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="30.00:00:00" />
<!-- use utf-8 encoding for anything served text/plain or text/html -->
<remove fileExtension=".css" />
<mimeMap fileExtension=".css" mimeType="text/css" />
<remove fileExtension=".js" />
<mimeMap fileExtension=".js" mimeType="text/javascript" />
<remove fileExtension=".json" />
<mimeMap fileExtension=".json" mimeType="application/json" />
<remove fileExtension=".rss" />
<mimeMap fileExtension=".rss" mimeType="application/rss+xml; charset=UTF-8" />
<remove fileExtension=".html" />
<mimeMap fileExtension=".html" mimeType="text/html; charset=UTF-8" />
<remove fileExtension=".xml" />
<mimeMap fileExtension=".xml" mimeType="application/xml; charset=UTF-8" />
<!-- HTML5 Audio/Video mime types-->
<remove fileExtension=".mp3" />
<mimeMap fileExtension=".mp3" mimeType="audio/mpeg" />
<remove fileExtension=".mp4" />
<mimeMap fileExtension=".mp4" mimeType="video/mp4" />
<remove fileExtension=".ogg" />
<mimeMap fileExtension=".ogg" mimeType="audio/ogg" />
<remove fileExtension=".ogv" />
<mimeMap fileExtension=".ogv" mimeType="video/ogg" />
<remove fileExtension=".webm" />
<mimeMap fileExtension=".webm" mimeType="video/webm" />
<!-- Proper svg serving. Required for svg webfonts on iPad -->
<remove fileExtension=".svg" />
<mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
<remove fileExtension=".svgz" />
<mimeMap fileExtension=".svgz" mimeType="image/svg+xml" />
<!-- HTML4 Web font mime types -->
<!-- Remove default IIS mime type for .eot which is application/octet-stream -->
<remove fileExtension=".eot" />
<mimeMap fileExtension=".eot" mimeType="application/vnd.ms-fontobject" />
<remove fileExtension=".ttf" />
<mimeMap fileExtension=".ttf" mimeType="application/x-font-ttf" />
<remove fileExtension=".ttc" />
<mimeMap fileExtension=".ttc" mimeType="application/x-font-ttf" />
<remove fileExtension=".otf" />
<mimeMap fileExtension=".otf" mimeType="font/opentype" />
<remove fileExtension=".woff" />
<mimeMap fileExtension=".woff" mimeType="application/font-woff" />
<remove fileExtension=".crx" />
<mimeMap fileExtension=".crx" mimeType="application/x-chrome-extension" />
<remove fileExtension=".xpi" />
<mimeMap fileExtension=".xpi" mimeType="application/x-xpinstall" />
<remove fileExtension=".safariextz" />
<mimeMap fileExtension=".safariextz" mimeType="application/octet-stream" />
<!-- Flash Video mime types-->
<remove fileExtension=".flv" />
<mimeMap fileExtension=".flv" mimeType="video/x-flv" />
<remove fileExtension=".f4v" />
<mimeMap fileExtension=".f4v" mimeType="video/mp4" />
<!-- Assorted types -->
<remove fileExtension=".ico" />
<mimeMap fileExtension=".ico" mimeType="image/x-icon" />
<remove fileExtension=".webp" />
<mimeMap fileExtension=".webp" mimeType="image/webp" />
<remove fileExtension=".htc" />
<mimeMap fileExtension=".htc" mimeType="text/x-component" />
<remove fileExtension=".vcf" />
<mimeMap fileExtension=".vcf" mimeType="text/x-vcard" />
<remove fileExtension=".torrent" />
<mimeMap fileExtension=".torrent" mimeType="application/x-bittorrent" />
<remove fileExtension=".cur" />
<mimeMap fileExtension=".cur" mimeType="image/x-icon" />
<remove fileExtension=".webapp" />
<mimeMap fileExtension=".webapp" mimeType="application/x-web-app-manifest+json; charset=UTF-8" />
</staticContent>
<httpProtocol>
<customHeaders>
<!--#### SECURITY Related Headers ###
More information: https://www.owasp.org/index.php/List_of_useful_HTTP_headers
-->
<!--
# Access-Control-Allow-Origin
The 'Access Control Allow Origin' HTTP header is used to control which
sites are allowed to bypass same-Origin policies and send cross-Origin requests.
Secure configuration: Either do not set this header or return the 'Access-Control-Allow-Origin'
header restricting it to only a trusted set of sites.
http://enable-cors.org/
<add name="Access-Control-Allow-Origin" value="*" />
-->
<!--
# Cache-Control
The 'Cache-Control' response header controls how pages can be cached
either by proxies or the user's browser.
This response header can provide enhanced privacy by not caching
sensitive pages in the user's browser cache.
<add name="Cache-Control" value="no-store, no-cache"/>
-->
<!--
# Strict-Transport-Security
The HTTP Strict Transport Security header is used to control
if the browser is allowed to only access a site over a secure connection
and how long to remember the server response for, forcing continued usage.
Note* Currently a draft standard which only Firefox and Chrome support. But is supported by sites like Paypal.
<add name="Strict-Transport-Security" value="max-age=15768000"/>
-->
<!--
# X-Frame-Options
The X-Frame-Options header indicates whether a browser should be allowed
to render a page within a frame or iframe.
The valid options are DENY (deny allowing the page to exist in a frame)
or SAMEORIGIN (allow framing but only from the originating Host)
Without this option set, the site is at a higher risk of click-jacking.
<add name="X-Frame-Options" value="SAMEORIGIN" />
-->
<!--
# X-XSS-Protection
The X-XSS-Protection header is used by Internet Explorer version 8+
The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
If enabled, without 'mode=block', there is an increased risk that
otherwise, non-exploitable cross-site scripting vulnerabilities may potentially become exploitable
<add name="X-XSS-Protection" value="1; mode=block"/>
-->
<!--
# MIME type sniffing security protection
Enabled by default as there are very few Edge cases where you wouldn't want this enabled.
Theres additional reading below; but the tldr, it reduces the ability of the browser (mostly IE)
being tricked into facilitating driveby attacks.
http://msdn.Microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
-->
<add name="X-Content-Type-Options" value="nosniff" />
<!-- A little extra security (by obscurity), removings fun but adding your own is better -->
<remove name="X-Powered-By" />
<add name="X-Powered-By" value="My Little Pony" />
<!--
With Content Security Policy (CSP) enabled (and a browser that supports it (http://caniuse.com/#feat=contentsecuritypolicy),
you can tell the browser that it can only download content from the domains you explicitly allow
CSP can be quite difficult to configure, and cause real issues if you get it wrong
There is website that helps you generate a policy here http://cspisawesome.com/
<add name="Content-Security-Policy" "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.google-analytics.com;" />
-->
<!--//#### SECURITY Related Headers ###-->
<!--
Force the latest IE version, in various cases when it may fall back to IE7 mode
github.com/Rails/rails/commit/123eb25#commitcomment-118920
Use ChromeFrame if it's installed for a better experience for the poor IE folk
-->
<add name="X-UA-Compatible" value="IE=Edge,chrome=1" />
<!--
Allow cookies to be set from iframes (for IE only)
If needed, uncomment and specify a path or regex in the Location directive
<add name="P3P" value="policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"" />
-->
</customHeaders>
</httpProtocol>
<!--
<rewrite>
<rules>
Remove/force the WWW from the URL.
Requires IIS Rewrite module http://learn.iis.net/page.aspx/460/using-the-url-rewrite-module/
Configuration lifted from http://nayyeri.net/remove-www-prefix-from-urls-with-url-rewrite-module-for-iis-7-0
NOTE* You need to install the IIS URL Rewriting extension (Install via the Web Platform Installer)
http://www.Microsoft.com/web/downloads/platform.aspx
** Important Note
using a non-www version of a webpage will set cookies for the whole domain making cookieless domains
(eg. fast CD-like access to static resources like CSS, js, and images) impossible.
# IMPORTANT: THERE ARE TWO RULES LISTED. NEVER USE BOTH RULES AT THE SAME TIME!
<rule name="Remove WWW" stopProcessing="true">
<match url="^(.*)$" />
<conditions>
<add input="{HTTP_Host}" pattern="^(www\.)(.*)$" />
</conditions>
<action type="Redirect" url="http://example.com{PATH_INFO}" redirectType="Permanent" />
</rule>
<rule name="Force WWW" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_Host}" pattern="^example.com$" />
</conditions>
<action type="Redirect" url="http://www.example.com/{R:0}" redirectType="Permanent" />
</rule>
# E-TAGS
E-Tags are actually quite useful in cache management especially if you have a front-end caching server such as Varnish. http://en.wikipedia.org/wiki/HTTP_ETag / http://developer.yahoo.com/performance/rules.html#etags
But in load balancing and simply most cases ETags are mishandled in IIS, and it can be advantageous to remove them.
# removed as in https://stackoverflow.com/questions/7947420/iis-7-5-remove-etag-headers-from-response
<rewrite>
<outboundRules>
<rule name="Remove ETag">
<match serverVariable="RESPONSE_ETag" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
</rewrite>
-->
<!--
### Built-in filename-based cache busting
In a managed language such as .net, you should really be using the internal bundler for CSS + js
or get cassette or similar.
If you're not using the build script to manage your filename version revving,
you might want to consider enabling this, which will route requests for
/css/style.20110203.css to /css/style.css
To understand why this is important and a better idea than all.css?v1231,
read: github.com/h5bp/html5-boilerplate/wiki/Version-Control-with-Cachebusting
<rule name="Cachebusting">
<match url="^(.+)\.\d+(\.(js|css|png|jpg|gif)$)" />
<action type="Rewrite" url="{R:1}{R:2}" />
</rule>
</rules>
</rewrite>-->
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-Microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-5.0.0.0" newVersion="5.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
Global Gzip dans HttpModule
Si vous n'avez pas accès à l'hébergement partagé, l'instance finale IIS. Vous pouvez créer une HttpModule qui ajoute ce code à chaque événement HttpApplication.Begin_Request: -
HttpContext context = HttpContext.Current;
context.Response.Filter = new GZipStream(context.Response.Filter, CompressionMode.Compress);
HttpContext.Current.Response.AppendHeader("Content-encoding", "gzip");
HttpContext.Current.Response.Cache.VaryByHeaders["Accept-encoding"] = true;
Le classement sous #wow
Il s'avère que IIS a différents niveaux de compression configurables de 1 à 9.
Certaines de mes requêtes dynamiques SOAP ont récemment dérapé. SOAP non compressé étant d’environ 14 Mo et compressé de 3 Mo.
J'ai remarqué que lorsque Fiddler compressait ma demande sous Transformer, elle s'élevait à environ 470 Ko au lieu de 3 Mo. J'ai donc pensé qu'il devait exister un moyen d'obtenir une meilleure compression.
Finalement trouvé cet article de blog très instructif
http://weblogs.asp.net/owscott/iis-7-compression-good-bad-how-much
Je suis allé de l'avant et a couru cette commnd (suivie par iisreset):
C:\Windows\System32\Inetsrv\Appcmd.exe set config -section:httpCompression -[name='gzip'].staticCompressionLevel:9 -[name='gzip'].dynamicCompressionLevel:9
Changement de niveau dynamique jusqu'à 9 et maintenant mon savon compressé correspond à ce que Fiddler m'a donné - et cela équivaut à environ 1/7ème de la taille du fichier compressé existant.
Le kilométrage variera, mais pour SOAP, il s'agit d'une amélioration massive et massive.
Il s’agit plutôt d’un complément de la meilleure réponse ci-dessus (la compression GZip peut être activée directement via IIS), ce qui est correct si vous exécutez IIS sur le bureau Windows, mais ...
Si vous exécutez IIS sur Windows Server, cette fonctionnalité de compression du contenu se trouve à un emplacement différent de celui du bureau Windows (et non dans les programmes et les fonctionnalités du Panneau de configuration). Commencez par ouvrir «Gestionnaire de serveur», puis cliquez sur Gérer -> «Ajouter des rôles et des fonctionnalités», puis continuez de cliquer sur SUIVANT (assurez-vous de sélectionner le bon serveur lorsque vous voyez la liste des serveurs si vous gérez plusieurs serveurs à partir de cette instance) jusqu'à ce que vous accédiez à SERVEUR. ROLES, faites défiler et ouvrez "Serveur Web (IIS) ...", puis "Serveur Web", puis "Performances", puis cochez "Compression de contenu dynamique", puis cliquez sur INSTALLER. J'ai testé cela sur Server 2016 Standard, de sorte qu'il peut y avoir de légères différences si vous utilisez une version antérieure de Server.
Puis suivez les instructions de Testing - Vérifier si la compression GZIP est activée