IIS – Love I.T., Live I.T., Embrace I.T.

IIS, Security & SSL

Installing a SSL Certificate in IIS 7

April 13, 2012 No Comments

Installation:

Open the file containing your certificate. Save the file named your_domain_name.cer to the desktop of the web server you are securing.
Click on Start, then Administrative Tools, then Internet Information Services (IIS) Manager.
Click on the server name.
From the center menu, double-click the “Server Certificates” button in the “Security” section (near the bottom of the menu).
From the “Actions” menu (on the right), click on “Complete Certificate Request.” This will open the Complete Certificate Request wizard.
Browse to your_domain_name.cer file that was provided to you by your SSL cert provider. You will then be required to enter a friendly name. The friendly name is not part of the certificate itself, but is used by the server administrator to easily distinguish the certificate.
Clicking “OK” will install the certificate to the server.Note: There is a known issue in IIS 7 giving the following error: “Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created.” You may also receive a message stating “ASN1 bad tag value met”. If this is the same server that you generated the CSR on then, in most cases, the certificate is actually installed. Simply cancel the dialog and press “F5” to refresh the list of server certificates. If the new certificate is now in the list, you can continue with the next step. If it is not in the list, you will need to reissue your certificate using a new CSR. After creating a new CSR, login to your DigiCert account and click the re-key button for your certificate.
Once the SSL certificate has been successfully installed to the server, you will need to assign that certificate to the appropriate website using IIS.
From the “Connections” menu in the main Internet Information Services (IIS) Manager window, select the name of the server to which the certificate was installed.
Under “Sites,” select the site to be secured with SSL.
From the “Actions” menu (on the right), click on “Bindings.” This will open the “Site Bindings” window.
In the “Site Bindings” window, click “Add…” This will open the “Add Site Binding” window.
Under “Type” choose https. The IP address should be the IP address of the site or All Unassigned, and the port over which traffic will be secured by SSL is usually 443. The “SSL Certificate” field should specify the certificate that was installed in step 7.
Click “OK.”
Your SSL certificate is now installed, and the website configured to accept secure connections.

IIS, Web Design & Wordpress

Creating 301 Redirects

February 22, 2012 No Comments

PHP Redirect:

<? Header( “HTTP/1.1 301 Moved Permanently” ); Header( “Location: http://www.new-domain.com” ); ?>

In ASP:

Open the old web page and replace all its content with the following code, replacing “www.new-location.com” with the file name of the new page.

<%@ Language=VBScript %> <% Response.Status=”301 Moved Permanently” Response.AddHeader “Location”, “http://www.new-location.com” %>

In ASP .NET:

In IIS (on a Windows server):

1. In internet services manager, right click on the file or folder you wish to redirect. 2. Select “a redirection to a URL”. 3. Enter the redirection page. 4. Check “The exact url entered above”, and the “A permanent redirection for this resource”. 5. Click “Apply”.

web.config 301 redirect

The first example will redirect single pages to a new location. For example, important pages of your site have .htm extensions and you want the new location to be its own directory (IE. http://domain.com/services.htm will change to http://domain.com/services/).

1. Open web.config in the directory where the old pages reside 2. Then add code for the old location path and new destination as follows:

<configuration>
  <location path="services.htm">
    <system.webServer>
      <httpRedirect enabled="true" destination="http://domain.com/services" httpResponseStatus="Permanent" />
    </system.webServer>
  </location>
  <location path="products.htm">
    <system.webServer>
      <httpRedirect enabled="true" destination="http://domain.com/products" httpResponseStatus="Permanent" />
    </system.webServer>
  </location>
</configuration>

You may add as many location paths as necessary.

The second example will redirect an entire directory to a new location. For example, if you want http://domain.com/olddir/ redirected to http://domain.com/newdir/ open web.config in /olddir and add the following line of code within the <system.webServer> section:

<httpRedirect enabled="true" destination="http://domain.com/newdir" httpResponseStatus="Permanent" />

Canonical Issues – Redirecting non-www to www:

Some webmasters prefer to redirect domain.com to www.domain.com for search engine optimization purposes. The thought is that some incoming links point to their non-www domain and some point to the www domain. So if the domains are consolidated, incoming links are as well. Webmasters who use this redirect usually see instances of search engine rankings with and without the www in their listings and want to consolidate their efforts.

Canonical Redirect using IIS 7.0

For this to work, you need to download and enable the URL Rewrite module for IIS 7. Then the following code is used in the ASP.NET web.config file:

<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="Redirect to WWW" stopProcessing="true">
          <match url=".*" />
          <conditions>
            <add input="{HTTP_HOST}" pattern="^domain.com$" />
          </conditions>
          <action type="Redirect" url="http://www.domain.com/{R:0}"                redirectType="Permanent" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

IIS, ISP / Web Hosting

Create Virtual Directory for an application in Enkompass

January 19, 2012 No Comments

Many need the ability to create a Virtual Directory in IIS that will be persistant with the config pushes that Enkompass does. This will be easy to accomplish when 2.2 releases but in the interim we have worked on a method to do this via the PostgreSQL backend database. Please make sure you have a backup and use extreme caution when editing the PG database as it is a critical component of Enkompass.

Figure 1 & 2: Launch PG3Admin to log into Postgresql

Figure 3 & 4: Drill down through Databases, apphostconfig, Schema, Public, Tables and find the Sites table. Use View Top 100 Rows from the View Data sub menu for each table example in this tutorial.

Figure 5: Get the id [PK] integer for the site you wish to create the virtual directory and application for. I am using my todd.tld domain as an example and therefore need the id[PK] integer 1. You can close this table view when you have the value.

Figure 6: Go to the application table and at the bottom on a new line add the name of the subdirectory to the second column (path character varying) and the id from Sites to the third column (site integer). In my case I needed the subdirectory of /newapp and it was for site 1 so that is what I put in the respective columns.

Figure 7: Once you save a value will be generated for the first column; refresh and get that number for the next step. The id [PK] integer in this table, 17 is what I will need for the next step.

Figure 8: Now go to the virtualdirectory table: Again, scroll to the bottom for a new line to be visible and in the second Column 2 (application integer) you will enter the value generated after saving/refreshing from column 1 (id [PK] interger from the previous step) In my case this was 17. In Column 3 (virtualpath character varying) you will add a /, and in Column 4 (physicalpath character varying) you will add the full path to the folder. In my case it is c:UserscPaneltoddpublic_htmlnewapp.

Figure 9: Once you save, you can trigger a configuration push or wait for the scheduled configuration re-publish. If the application is already setup in c:UserscPaneltoddpublic_htmlnewapp then it should start working immediately.

IIS

How to run a CGI program under IIS 7.0 or IIS 7.5

January 16, 2012 No Comments

Looking around I didn’t find a good documentation on how to get good old CGI’s running on IIS 7 or 7.5. Here is a quick walkthrough:

1. Let’s write a quick CGI: Take the following code and save it as simplecgi.cs in the directory c:inetpubwwwrootcgi

using System; using System.Collections;
class SimpleCGI {     static void Main(string[] args)     {         Console.WriteLine("rnrn");         Console.WriteLine("<h1>Environment Variables</h1>");         foreach (DictionaryEntry var in Environment.GetEnvironmentVariables())             Console.WriteLine("<hr><b>{0}</b>: {1}", var.Key, var.Value);     } }

2. Change into the C:inetpubwwwrootcgi directory and compile the source by using the following command-line:

%windir%Microsoft.NETFrameworkv2.0.50727csc.exe SimpleCGI.cs

You will have simplecgi.exe in the cgi directory. You can execute it on the command-line to see its output.

3. For security reasons every CGI has to be registered in the ISAPI/CGI Restriction list. To do that you have to open INETMGR, click the machine node (name of your machine) and find the ISAPI/CGI Restriction List menu icon.

Select the item and add the following entries in the dialog box:

Alternatively you can use the command-line:

%windir%system32inetsrvappcmd set config -section:isapiCgiRestriction  /+[path='c:inetpubwwwrootcgisimplecgi.exe',allowed='true',description='SimpleCGI']

4. The next step is to create a virtual directory that allows CGIs to execute. Right click the “Default Web Site” in INETMGR and select “Add Virtual Directory”. Add the following entries:

Here is the command-line which does the same:

appcmd add vdir /app.name:"Default Web Site/" /path:/cgi  /physicalPath:"c:inetpubwwwrootcgi"

5. One last step: we still don’t allow “Execute” access in this directory. For this you have to go to the Handler Mappings menu of the CGI virtual directory (make sure you select the CGI virtual directory on the left hand side!).

Go to the “Edit Feature Permissions” link in the Actions Menu on the right hand side, open it and check “Execute” and click “OK”.

via command-line:

appcmd set config "Default Web Site/cgi" /section:handlers  -accessPolicy:"Read,Script,Execute"

Now you are ready to go. Type “http://localhost/cgi/simplecgi.exe and you should see the following output: