how to set web.config default page for php index file - iis

I'm trying to start my web site on iis server and I use php for that.
every thing is fine on server but defaultDocument.
how can I set that on web.config file.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<defaultDocument enabled="true">
<files>
<remove value="default.aspx" />
<remove value="iisstart.htm" />
<remove value="index.html" />
<remove value="index.htm" />
<remove value="Default.asp" />
<remove value="Default.htm" />
<add value="index.php" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
this is the default xml and I try other thing like:
<clear />
or try to remove other pages...
any Idea how can I set this file?

after some more researches, the only suitable config was this...
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="index.php" />
<add value="index.html" />
<add value="index.htm" />
</files>
</defaultDocument>
</system.webServer>
<system.data>
<DbProviderFactories>
<remove invariant="System.Data.SqlServerCe.4.0" />
<add invariant="System.Data.SqlServerCe.4.0" name="Microsoft® SQL Server® Compact 4.0" description=".NET Framework Data Provider for Microsoft SQL Server Compact" type="System.Data.SqlServerCe.SqlCeProviderFactory, System.Data.SqlServerCe, Version=4.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" />
</DbProviderFactories>
</system.data>
</configuration>

Related

IIS: whitelist only website with ipSecurity

I'd like to make my website accessible only by a few IP addresses. I've added the <ipSecurity> tag but it seems to get ignored.
This is my current config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers>
<remove name="PHP" />
<add name="PHP" path="*.php" verb="*" modules="CgiModule" scriptProcessor="C:\PHP\5.4.0\php-cgi.exe" resourceType="File" requireAccess="Script" />
</handlers>
<defaultDocument>
<files>
<remove value="index.htm" />
<remove value="index.html" />
<remove value="index.asp" />
<add value="index.html" />
<add value="index.php" />
<add value="index.asp" />
</files>
</defaultDocument>
<httpErrors errorMode="Detailed" />
</system.webServer>
<location path="Default Web Site">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<add ipAddress="79.1.2.3" />
</ipSecurity>
</security>
</system.webServer>
</location>
</configuration>
But the site is accessible by everywhere.
If I add the <security> block inside <system.webServer> then no IP can see the site, not even the one listed, by getting 403.
What's wrong?
Try to add below code in your site web.config file:
<system.webServer>
<security>
<ipSecurity allowUnlisted="true">
<add ipAddress="ip" allowed="true" /> <!--allow-->
<add ipAddress="ip" allowed="false" /> <!--deny-->
</ipSecurity>
</security>
deny:
allow:
Regards,
Jalpa

Adding x-frame-Options in web.config return error 500

I added X-frame-Options in my web.config.
This is my web.config
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
After restarting IIS I got 500 error!!!
Can someone help me to find out the problem?
Modify your customHeaders as below:
<customHeaders>
<clear />
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
I suspect that your application is located within a virtual folder, if that's the case then two web.config files are processed. First is the global one, the the second time is yours. So you end up having two collection of customHeaders.
Blog post IIS 7: But why do I get a 500.19 explains in more details why it is happening and how to fix it.
Your location to add CustomHeaders is wrong. Correct location is :
....
</system.web>
<system.webServer>
<security>
<requestFiltering>
<verbs allowUnlisted="true">
<add verb="OPTIONS" allowed="false" />
</verbs>
</requestFiltering>
</security>
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="ALLOW" />
<remove name="X-Powered-By" />
<add name="X-XSS-Protection" value="1; mode=block" />
<add name="X-Content-Type-Options" value="nosniff" />
</customHeaders>
</httpProtocol>
<modules>
<remove name="FormsAuthentication" />
</modules>
</system.webServer>
....
Other option is Useful for your application security.

Access denied for login page even though i set the tag location in web.config file

I have a problem with form authentication from IIS. The problem is that i can't access the login.html file, even though a put the tag location in my web.config file. I use only form authentication.
Here is my config file:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="autoFormsAuthentication" value="false" />
<add key="enableSimpleMembership" value="false"/>
</appSettings>
<system.web>
<authentication mode="Forms">
<forms loginUrl="login.html" name="formsauth1" timeout="60" defaultUrl="index.html">
<credentials passwordFormat="Clear">
<user name="username" password="pass" />
</credentials>
</forms>
</authentication>
</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" preCondition="" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="" />
</modules>
</system.webServer>
<location path="login.html">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>

Unrecognized configuration section system.ftpServer for azure

I'm trying to configure web.config for my Azure web app service. I want to restrict the ftp access to only specific URLs. But when i am adding the tag, it is giving me the error -
Parser Error Message: Unrecognized configuration section system.ftpServer.
Can you please guide me where i am doing the mistake.
Thanks in advance
My Web.config file -
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<customErrors mode="Off" />
</system.web>
<system.webServer>
<httpErrors errorMode="Detailed" />
</system.webServer>
<location path="<<FTP hostname>>">
<system.ftpServer>
<security>
<authorization>
<add accessType="Allow" roles="administrators" permissions="Read, Write" />
</authorization>
<requestFiltering>
<fileExtensions allowUnlisted="true">
<add fileExtension=".exe" allowed="false" />
<add fileExtension=".bat" allowed="false" />
<add fileExtension=".cmd" allowed="false" />
</fileExtensions>
<requestLimits maxAllowedContentLength="1000000" maxUrl="1024" />
<hiddenSegments>
<add segment="_vti_bin" />
</hiddenSegments>
</requestFiltering>
<ipSecurity enableReverseDns="false" allowUnlisted="true">
<add ipAddress="127.0.0.1" allowed="true" />
<add ipAddress="169.254.0.0" subnetMask="255.255.0.0" allowed="false" />
</ipSecurity>
</security>
</system.ftpServer>
</location>
Some verisons of IIS donot support 'system.ftpServer' configuration or you need to download ftp module manually. You can reference the artice https://www.iis.net/configreference/system.ftpserver and check your IIS version.

elmah.axd not found on IIS 8.0

Ok..I know this is asked many times and I looked bunch of questions and answers about this and nothing worked for me and I am getting crazy. I am trying to put elmah to my asp.net mvc 5 application and I can't get it to work. I keep getting not found error.
My config for elmah is:
<appSettings>
<add key="elmah.mvc.disableHandler" value="false" />
<add key="elmah.mvc.disableHandleErrorFilter" value="false" />
<add key="elmah.mvc.requiresAuthentication" value="false" />
<add key="elmah.mvc.IgnoreDefaultRoute" value="false" />
<add key="elmah.mvc.allowedRoles" value="*" />
<add key="elmah.mvc.allowedUsers" value="*" />
<add key="elmah.mvc.route" value="elmah" />
</appSettings>
<sectionGroup name="elmah">
<section name="security" requirePermission="false" type="Elmah.SecuritySectionHandler, Elmah" />
<section name="errorLog" requirePermission="false" type="Elmah.ErrorLogSectionHandler, Elmah" />
<section name="errorMail" requirePermission="false" type="Elmah.ErrorMailSectionHandler, Elmah" />
<section name="errorFilter" requirePermission="false" type="Elmah.ErrorFilterSectionHandler, Elmah" />
</sectionGroup>
<system.web>
<customErrors mode="On"></customErrors>
<httpModules>
<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" />
<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" />
<add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" />
</httpModules>
<httpHandlers>
<add verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" />
</httpHandlers>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add name="Elmah" verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" />
</handlers>
<modules>
<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah"/>
<!--<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler" />
<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler" />
<add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" preCondition="managedHandler" />-->
</modules>
</system.webServer>
<elmah>
<security allowRemoteAccess="1" />
<errorLog type="Elmah.XmlFileErrorLog, Elmah" logPath="~/App_Data/elmah" />
</elmah>
and yes i have ignored .axd in my rout config..
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
What am I missing ??
You need to create a MIME type for that extension in IIS:
To define a MIME type for a specific extension, follow these steps:
Open the IIS Microsoft Management Console (MMC), right-click the local computer name, and then click Properties.
Click HTTP Headers.
Click MIME Types.
Click New.
In the Extension box, type the file name extension that you want (for example, .axed)
In the MIME Type box, type application/octet-stream.
Apply the new settings. Note that you must restart the World Wide Web Publishing Service or wait for the worker process to recycle for the changes to take effect. In this example, IIS now serves files with the .axed extension.

Resources