This is the operation i'm doing:
Open IIS Console
Select the Website
Double click at Authentication Icon
When I click this error occurs, only at that site (I have many sites configured, and this is the only one that I'm getting this error)
And then the panel show me that, and don't let me change the Authentication type. I need to Allow Anonimous Authentication, but I can't because of this error.
When I click Enable or Edit, the same pop-up error came up.
And also, when I try to access the website in any browser, I get this message:
My web.config file:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\IdentityServer.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="true" startupTimeLimit="3600" requestTimeout="23:00:00" hostingModel="InProcess">
<environmentVariables>
<environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Development" />
<environmentVariable name="COMPLUS_ForceENC" value="1" />
<environmentVariable name="ASPNETCORE_HTTPS_PORT" value="44339" />
</environmentVariables>
</aspNetCore>
<security>
<requestFiltering>
<verbs>
<add verb="PUT" allowed="true" />
<add verb="DELETE" allowed="true" />
</verbs>
<requestLimits maxQueryString="4096" />
</requestFiltering>
</security>
<modules runAllManagedModulesForAllRequests="false">
<remove name="WebDAVModule" />
</modules>
<httpProtocol>
<customHeaders>
<remove name="X-Xss-Protection" />
<!--<add name="X-Xss-Protection" value="1; mode=block" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="Content-Security-Policy" value="script-src 'self' h.online-metrix.net 'unsafe-inline' 'unsafe-eval'; object-src 'self' h.online-metrix.net; frame-src 'self' h.online-metrix.net; default-src 'self' h.online-metrix.net;" />-->
</customHeaders>
</httpProtocol>
</system.webServer>
<system.web>
<httpCookies httpOnlyCookies="true" requireSSL="true" />
</system.web>
</configuration>
<!--ProjectGuid: 3ACFC0B0-4FDD-4549-AFBD-C3FF653F5886-->
Thanks in advance for any help
Related
I configured my site in IIS as the image bellow:
"CTA_Ext" is a front-end project and "api" is a WebApi (c#) project
api project works as a "middleware" tha receives all resquest (by post) and redirect to another internal API's.
When i publish it with this configuration, I always get 405 error: Method Not Allowed
In my web.config i alread remove webdav module:
<system.webServer>
<handlers>
<remove name="WebDAV" />
<add name="WebDAV" path="*" verb="*" modules="WebDAVModule" resourceType="Unspecified" requireAccess="None" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
<validation validateIntegratedModeConfiguration="false" />
Does anybody knows what i can do to solve this problem?
I'd like to make my website accessible only by a few IP addresses. I've added the <ipSecurity> tag but it seems to get ignored.
This is my current config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers>
<remove name="PHP" />
<add name="PHP" path="*.php" verb="*" modules="CgiModule" scriptProcessor="C:\PHP\5.4.0\php-cgi.exe" resourceType="File" requireAccess="Script" />
</handlers>
<defaultDocument>
<files>
<remove value="index.htm" />
<remove value="index.html" />
<remove value="index.asp" />
<add value="index.html" />
<add value="index.php" />
<add value="index.asp" />
</files>
</defaultDocument>
<httpErrors errorMode="Detailed" />
</system.webServer>
<location path="Default Web Site">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<add ipAddress="79.1.2.3" />
</ipSecurity>
</security>
</system.webServer>
</location>
</configuration>
But the site is accessible by everywhere.
If I add the <security> block inside <system.webServer> then no IP can see the site, not even the one listed, by getting 403.
What's wrong?
Try to add below code in your site web.config file:
<system.webServer>
<security>
<ipSecurity allowUnlisted="true">
<add ipAddress="ip" allowed="true" /> <!--allow-->
<add ipAddress="ip" allowed="false" /> <!--deny-->
</ipSecurity>
</security>
deny:
allow:
Regards,
Jalpa
I added X-frame-Options in my web.config.
This is my web.config
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
After restarting IIS I got 500 error!!!
Can someone help me to find out the problem?
Modify your customHeaders as below:
<customHeaders>
<clear />
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
I suspect that your application is located within a virtual folder, if that's the case then two web.config files are processed. First is the global one, the the second time is yours. So you end up having two collection of customHeaders.
Blog post IIS 7: But why do I get a 500.19 explains in more details why it is happening and how to fix it.
Your location to add CustomHeaders is wrong. Correct location is :
....
</system.web>
<system.webServer>
<security>
<requestFiltering>
<verbs allowUnlisted="true">
<add verb="OPTIONS" allowed="false" />
</verbs>
</requestFiltering>
</security>
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="ALLOW" />
<remove name="X-Powered-By" />
<add name="X-XSS-Protection" value="1; mode=block" />
<add name="X-Content-Type-Options" value="nosniff" />
</customHeaders>
</httpProtocol>
<modules>
<remove name="FormsAuthentication" />
</modules>
</system.webServer>
....
Other option is Useful for your application security.
I'm trying to configure web.config for my Azure web app service. I want to restrict the ftp access to only specific URLs. But when i am adding the tag, it is giving me the error -
Parser Error Message: Unrecognized configuration section system.ftpServer.
Can you please guide me where i am doing the mistake.
Thanks in advance
My Web.config file -
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<customErrors mode="Off" />
</system.web>
<system.webServer>
<httpErrors errorMode="Detailed" />
</system.webServer>
<location path="<<FTP hostname>>">
<system.ftpServer>
<security>
<authorization>
<add accessType="Allow" roles="administrators" permissions="Read, Write" />
</authorization>
<requestFiltering>
<fileExtensions allowUnlisted="true">
<add fileExtension=".exe" allowed="false" />
<add fileExtension=".bat" allowed="false" />
<add fileExtension=".cmd" allowed="false" />
</fileExtensions>
<requestLimits maxAllowedContentLength="1000000" maxUrl="1024" />
<hiddenSegments>
<add segment="_vti_bin" />
</hiddenSegments>
</requestFiltering>
<ipSecurity enableReverseDns="false" allowUnlisted="true">
<add ipAddress="127.0.0.1" allowed="true" />
<add ipAddress="169.254.0.0" subnetMask="255.255.0.0" allowed="false" />
</ipSecurity>
</security>
</system.ftpServer>
</location>
Some verisons of IIS donot support 'system.ftpServer' configuration or you need to download ftp module manually. You can reference the artice https://www.iis.net/configreference/system.ftpserver and check your IIS version.
I'm trying to send a put request using Fiddler to an iis app. It fails with a 401 error but other verbs such as post work fine.
I've:
tried the suggestion in http://blogs.msdn.com/b/joseph_fultz/archive/2009/07/23/enabling-the-put-verb-with-handlers-and-iis-7-0.aspx
by modifying applicationHost.config to add PUT to SimpleHandlerFactory-Integrated
tried modifying web.config as below:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<security>
<requestFiltering>
<verbs>
<add verb="GET,PUT,POST,HEAD" allowed="true" />
</verbs>
</requestFiltering>
</security>
<handlers>
<remove name="SimpleHandlerFactory-ISAPI-4.0_64bit" />
<remove name="SimpleHandlerFactory-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
<add name="SimpleHandlerFactory-ISAPI-4.0_32bit" path="*.ashx" verb="GET,HEAD,POST,DEBUG,PUT" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.Net\Framework\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" preCondition="classicMode,runtimeVersionv4.0,bitness32"
responseBufferLimit="0" />
<add name="SimpleHandlerFactory-ISAPI-4.0_64bit" path="*.ashx" verb="GET,HEAD,POST,DEBUG,PUT" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.Net\Framework64\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="Script" preCondition="classicMode,runtimeVersionv4.0,bitness64"
responseBufferLimit="0" />
</handlers>
</system.webServer>
Does anyone know how to enable put on iis 7.5?
There are lots of answers around the WebDAV module that a little searching will find.
Another thing to try is switching <modules runAllManagedModulesForAllRequests="true" /> to <modules />.
This worked for me on an IIS/node install.