IIS site binding issues - iis

I have a site that I can run locally, but it's not accessible from my URL.
Here are the steps I've taken.
I have an A record created to my external IP.
My firewall has an access rule to allow the port I designated to be allowed in to the network from the WAN interface
I have a NAT rule to send any traffic on that port to the IIS server running the site.
I have disabled the Windows Firewall.
When I try and a get to the site via the URL + the port I get an error. See the image below.
What have I missed??

Related

Can't access web site hosted on Azure VM

I have a website hosted in IIS on an Azure Windows Server VM (Datacenter 2019). I can telnet to port 80 on the VM (and as you'd expect this stops working if I try disabling the relevant Windows Firewall rule), and I can access the site from a browser on the VM, but can't browse to the site from outside the machine. I have the following:
A public IP address
A network security group
An inbound rule in the NSG: Source = any, source port range = *, destination = internal IP address of VM, service = HTTP
As above for HTTPS, although I'm really only concerned with HTTP for now, I haven't set up a certificate yet
The port 80 inbound rule open in Windows Firewall (hence the telnet working).
If it makes a difference, this Azure instance has two separate resource groups, one for each client. The other client has a running site accessible to the internet.
SOLUTION: The site was actually running fine. This ended up being because browsers add the www automatically, despite me trying to work around this by disabling automatic URL modifications in Firefox (there's an about:config setting for this). A colleague had the same idea, but worked around it by putting an entry in the hosts file.
Then inbound rule in the NSG, should like below:
Source = public ip of client vm, source port range = *, destination = any, service = HTTP

Access IIS https website from outside network

Currently I have a https website setup locally on the Azure VM
with a custom hostname : <websitename>.<domainname>.com and bound to the localhost 127.0.0.2
in the hosts.etc on port 443
Consider example hostname as web.microsoft.com
Website bindings in IIS are
type:https
hostname:web.microsoft.com
port:443
IP Address:127.0.0.2
Hosts.etc
127.0.0.2 web.microsoft.com
In order to access it locally on the VM itself https://web.microsoft.com/admin/login.aspx works fine.
Port 443 is open on the Azure VM and inbound firewall rule is set in windows to allow connections on 443
If I try to access it outside of the network using the public IP address this doesn't work
eg https://45.60.200.110/admin/login.aspx.
I have other non-https websites which work fine and can be accessed through the public IP ,only difference is they are not having hostname in the IIS website bindings.
Am I missing something or do I need to make some additional config?
That's the problem.
The customized hostname cannot be accessed through the external network. Because the public network does not know this hostname, nor does it bind the hostname to your IP.
For example, you can enter other custom host names at will in the browser, and you will find the same error displayed.
The solution is that you need to purchase an available public domain name from the domain name provider and bind it to IP address.
If you insist on using custom domain name, it can only be used on the internal network. In addition to the configuration made on the server side, it is also need to add the host name and IP address in the hosts file of the client machine.
45.60.200.110 web.microsoft.com

iis 8 website not opening

I have create new web site in IIS 8. I have configured my web site like this
http://ip:8080/
When I browse it from any public network it is not opening. But If I open is locally it works fine. http://localhost:8080 it is working fine. What I tried I stop all other sites, Default Web site and assign 80 port to my site then it is working fine in locally as well as publically. I don't know what is the issue.
Clearly you have a firewall or other network routing issue. Check all configured firewalls on your server/housing machine, as well as along your network path (router, or other perimeter network devices)
Also if trying to connect through your internet side IP you will want to check any port forward rules on your router (If behind NAT, like most connections are)
My problem is solved. I have opened a 8080 port on Azure management portal. And on VM I have create new rule which points to this port.

Host a site in local IIS with domain

I want to host a site on local IIS 7.5 for internal testing. But I want people can access over the internet.
For this on my rackspace server, I have created an "A" record with subdomain.domainName.com and pointed my static IP address to it.
In IIS I have created a self-signed certificated with *.domainname.com that it can be used to multiple sites.
Now, i have published a site to a local directory and in IIS I have created a site with host name the same domain for which I have created an "A" record.
I have added http and https bindings with port 80 and 443 with the same host name.
But still my site is not working.
The error I am getting is "This webpage is not available"
Can any one help me?
Resolved it my self.
I was missing Port Forwarding in my router software for HTTPS.
In my web-application, each HTTP request is automatically be converted to HTTPS. And I forgot to forward Port 443's request to the machine to which I have set the static IP Address and DNS.
After adding that port forwarding record to the router's software my application is working fine over internet.

Azure VM Endpoint Allow All or Deny All by Default?

I have setup an http endpoint (port 80) for my Azure VM. I have verified that the firewall is allowing port 80 both in and out. (My VM operating system is Windows Server 2012.)
Yet still, I am unable to hit IIS on port 80 from a remote machine. (Locally I can hit localhost just fine.)
So I'm wondering if what I'm missing is a network acl. However, the Azure documentation (as of 12/2/2013) seems contradictory:
When a virtual machine is created, a default ACL is put in place to
block all incoming traffic. However, if an endpoint is created for
(port 3389), then the default ACL is modified to allow all inbound
traffic for that endpoint.
Yet below it says:
It’s important to note that by default, when an endpoint is created,
all traffic is denied to the endpoint.
Which is correct? Do I need to create an allow all ACL? Am I missing something else about how Azure DNS and network traffic works?
That same page follows on to write
No ACL – By default when an endpoint is created, we permit all for the
endpoint.
I believe that the comment suggesting all traffic is denied by default is wrong.
To confirm I have just deployed a brand new Windows Server 2012 Data Centre VM, installed IIS, open the Windows Firewall and configured an endpoint for TCP port 80 and it all worked just fine although its worth pointing out that it took a few minutes between configuring the endpoint and being able to browse to the server.

Resources