path with a dot in web.config <location> - iis

I need to add a location element in my web.config file, but the path starts with a dot (and I don't think I can change that path, it's for letsencrypt automation).
If I let the dot, like in <location path=".well-known/acme-challenge"></location>, the site doesn't start at all (I think the web.config file is not parsed at all because I get the page asking me to configure customErrors, but it is already configured and usually works fine)
If I remove the dot, like in <location path="well-known/acme-challenge"></location> the web.config file is correctly loaded, but of course that doesn't help me to configure anything at the location I wish.
The final goal is to disable basic authentication (which I need for the rest of the site) on this path only ; I don't even know if I'll be able to set this up in a <location> element.

I had a similar problem where I had a ASP.NET Forms site that was forcing authentication on all pages.
To expand on the accepted answer, here is the exact web.config I put in the /.well-known folder (NOT the /.well-known/acme-challenge folder):
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<!-- This will stop any redirects you have at the higher level -->
<httpRedirect enabled="false" />
<!-- This will stop any integrated mode settings you have at the higher level -->
<validation validateIntegratedModeConfiguration="false"/>
</system.webServer>
<!-- This will allow unauthenticated users to acme-challenge subfolder -->
<location path="acme-challenge">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
After adding this file, I was able to use EcdsaAcmeNet to use Lets Encrypt with the site in IIS.

As suggested by Ondrej Svedjdar in comments, the solution is so simple I didn't think about it.
Just add another web.config file in the folder where you need it.

Related

IIS web.config include generic set of rewrite rules

I have the following situation:
Multiple web sites running on IIS 10.0
Web sites running on the same account of a shared hosting service, so no access to machine.config or other configuration files outside the hosting environment
Each of the web sites share a common set of rewrite rules, but also define their own site specific rewrite rules
Now I want to move the common rewrite rule set to an external file, so it is easier to maintain. Then I want to include these common rule set into the web.config of each site.
I have looked into the following several options, but found out that none of them worked:
Add a configSource attribute to the <rewrite> tag. This does not work, as the <rewrite> does not allow the configSection attribute
Add a configSource attribute to the <rules> tag. This does not allow me to extend the rules for a specific site, as it only reads the configuration from the file that is mentioned in the configSource attribute
Add a file attribute to the <rules> tag. This did not process the rules in the external file. Maybe the format of my external is incorrect then (see below for how this last option is configured).
When using the file attribute my web.config was looking like this (only the relevant parts are shown):
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
...
<rewrite>
<rules file="rules.config" />
<!-- here I want to add some additional rules, but they were not there during my initial tests -->
</rewrite>
...
</system.webServer>
</configuration>
My rules.config was like this (only relevant parts shown):
<?xml version="1.0" encoding="UTF-8"?>
<rules>
<clear />
<rule ...>
...
</rule>
</rules>
Is there a way to accomplish what I want? As mentioned above, I do not have access to the IIS configuration files outside of my hosting environment, so I cannot place common rules in the machine.config or the ApplicationHost.config files.

What web.config setting will allow apple-app-site-association to be served?

I have added the apple-app-site-association file to the root of a website, but IIS is not delivering the file.
What is the best way to make the server serve this specific file without a file extension? Is there a way within a web.config to explicitly say "serve this file"?
I was having the same issue and found this amazing post:
Serving apple-app-site-association from IIS
IIS only serves files of known types, defined by their file extension. Since apple-app-site-association doesn’t include a file extention, IIS throws a 404 error, when I try to open it with a browser. I fixed this by adding a mimeMap in the web.config file:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<staticContent>
<!-- required for apple-app-site-association: -->
<mimeMap fileExtension="." mimeType="application/json" />
</staticContent>
</system.webServer>
</configuration>
Not my preferred solution, but in leu of DeyaEldeen's comment, the way I met many of our needs was to use the meta tag approach instead (within the <head> tag of the page):
<meta name="apple-itunes-app" content="app-id=5555555555">
This makes is so that whenever any users on iOS browse to the site, they are presented with a "view in app store" popup at the top of the page. Once they press on the popup, they get directed to the app store.
See Apple's docs for Smart App Banners.
Hopefully this helps some people with similar needs.
As explained by this answer, for security reasons, IIS only serves known file types, and uses the file extension to infer the file type. You can declare a file type for extension-less files, allowing to serve them.
But this causes the server to serve any extension-less file, which could cause unexpected files to get served to anyone, including robots probing for sensitive files incorrectly protected.
The solution explained by previously linked answer can be restricted to only that apple file. Better restrict it. Use a location node for this.
By the way, consider adjusting the caching policy for this file, if your default one is not suitable, especially if your server is behind a CDN.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
...
<location path="apple-app-site-association">
<system.webServer>
<staticContent>
<mimeMap fileExtension="." mimeType="application/json" />
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="08:00:00" cacheControlCustom="public" />
</staticContent>
</system.webServer>
</location>
...
</configuration>
Why
For security reasons, IIS cannot allow browsing any file. Imaging, for example, web.config.
How to
The quickest way is to add the file type to the known types by its extension:
Open IIS Manager -> Sites -> Your Web Site -> MIME TYPES -> Add...
File name extension=.
MIME type=application/json
-> OK
Now it works.

Using web.config, httpRedirect entire site to new URL, except one directory

I'm moving a site from one server to another. The original server is IIS. I need to redirect everything from www.old.com to www.new.com, EXCEPT one directory. I need www.old.com/folder1/folder2 to stay put and still be accessable. Anyone have any pointers?
This is what I'm using now, but the entire site gets redirected.
<?xml version="1.0"?>
<configuration>
<system.webServer>
<httpRedirect enabled="true" destination="http://www.new.com/" httpResponseStatus="Permanent" exactDestination="true" />
</system.webServer>
</configuration>
Thanks!

CFWheels App goes to directory structure instead

I just added a CFwheels site to my IIS 8 and instead of going to the actual page is showing the directory structure on the browser. Any hints on what I should check?
Geo,
Your problem is the default document settings as Anit has suggested. In the IIS8 control pannel look for a cpl called "default document". It will show a list of documents that are served by "Default" so that when you navigate to something.com/home it actually serves up something.com/home/index.cfm (as an example).
Make sure you add your desired default document to the list. You can aslo do this in the web.config file:
<configuration>
<system.webServer>
<defaultDocument enabled="true">
<files>
<add value="index.cfm" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
You are correct I think that if it is an Adobe AMI it should have such a setting by default - but perhaps you are not using a standard default doc.
You probably want to disable directory browsing as well - that's also a cpl I think.

Change script timeout on windows azure Website

How is it possible to change the script timeout on a windows azure website?
Given that you are not referring a specific language I assume it is ASP.NET. Either way, you have to change your web.config file and set the httpRuntime's executionTimeout attribute to a desired value in seconds:
<httpRuntime executionTimeout="300" />
If you are not coding in ASP.NET, just login to your web site with FTP, navigate to the site's root folder, open the web.config file and edit it. It must look something like (just a little more bloated):
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<httpRuntime executionTimeout="300" />
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
</configuration>
If there isn't file named web.config just create an XML file with the content above, name it web.config and place it in your site's root folder. That should do the trick for you.

Resources