I am writing a Powershell script to add/remove/edit IP restrictions for websites using Powershell. So far I am able to add restrictions, however wondering the best way to edit an existing ip restriction.
Add
Add-WebConfiguration -Filter /system.webserver/security/ipsecurity -Value #{ipAddress=$ipAddress;subnetMask="255.255.255.255";allowed=$allowed} -Location $websiteName -PSPath "IIS:\"
Edit
I have tried various combinations of:
Set-WebConfiguration -Filter system.webServer/security/ipSecurity/add[#ipAddress='192.123.123.123'] -Name "ipAddress" -Value $ipAddress -Location $websiteName -PSPath "IIS:\"
Set-WebConfigurationProperty -Filter system.webServer/security/ipSecurity/add[#ipAddress='192.123.123.123'] -Value = #{ipAddress=$ipAddress;subnetMask="255.255.255.255";allowed=$allowed} -Location $websiteName -PSPath "IIS:\"
Is the best way essentially to clear all, and recreate each time?
I had the same problem and fixed it like this -
# Compose new entry
$value = #{allowed="true";ipAddress="192.168.0.1"}
# Add new entry to restrictions
Add-WebConfigurationProperty -Filter 'system.webServer/security/ipSecurity' -PSPath "IIS:\Sites\MySite\" -Location "MyService" -Name "." -Value $value -ErrorAction Stop
Related
I am wondering if there is way to use the Invoke-AzVMRunCommand to run a single command, rather than a powershell ps1 file?
As an example, I want to execute a single command... "C:\app\app.exe -c exit". Without the need to push a powershell commandlet to the system.
I am able to do this via the Azure Portal "RunPowerShellScript" and it works but would like to do it to multiple systems via the command line via Invoke-AzVMRunCommand. These systems do not share a command account that can be used.
According to Microsoft, here is the syntax...
Invoke-AzVMRunCommand -ResourceGroupName 'rgname' -VMName 'vmname' -CommandId 'RunPowerShellScript' -ScriptPath 'sample.ps1' -Parameter #{param1 = "var1"; param2 = "var2"}
I don't want to run a script, I merely want to be able to execute a command on the system. Is this possible?
There is no direct way of doing it. But, you can write a script block and generate a file from it and then run Invoke-AzVMRunCommand using that file and later on delete that file if required.
$Server = "server01"
[System.String]$ScriptBlock = {Get-Process}
$FileName = "RunScript.ps1"
Out-File -FilePath $FileName -InputObject $ScriptBlock -NoNewline
$vm = Get-AzVM -Name $Server
Invoke-AzVMRunCommand -ResourceGroupName $vm.ResourceGroupName -Name $Server -CommandId 'RunPowerShellScript' -ScriptPath $FileName
Remove-Item -Path $FileName -Force -ErrorAction SilentlyContinue
It's now possible to use the:
-ScriptString
... option, however you need to ensure that the Az version will support it.
Azure Pipelines as of 2022-07-21 don't support it:
"A parameter cannot be found that matches parameter name 'ScriptString'."
See the documentation:
https://learn.microsoft.com/en-us/powershell/module/az.compute/invoke-azvmruncommand?view=azps-8.1.0
I want to add a mapping entry by power shell.
Is anyone teach me how to do it?
Thanks
You could use this command to create map rule first
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/Default Web Site' -filter "system.webServer/rewrite/rewriteMaps" -name "." -value #{name='myrewritemap'}
If you already have a map rule and you just want to add map entry, then you could use this command:
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/Default Web Site' -filter "system.webServer/rewrite/rewriteMaps/rewriteMap[#name='myrewritemap']" -name "." -value #{key='/some-title';value='/article.aspx?id=1&title=some-title'}
Is there a way to set the UrlSegmentMaxLength value for Http.sys using appcmd/netsh or any other commandline utility?
I realize this is an old question, but in case someone stumbles upon this, here's PowerShell one-liner that either creates the key and sets the value or updates existing value.
if ((Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters -Name UrlSegmentMaxLength -ErrorAction SilentlyContinue) -eq $null) { New-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters -Name UrlSegmentMaxLength -Value 2048 -PropertyType DWord } else { Set-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters -Name UrlSegmentMaxLength -Value 2048 }
`
As for restarting, I found that this works well (no need to restart the server):
Stop-Service http -Force
Start-Service http
Start-Service IISADMIN
Start-Service W3SVC
I change this for my deployment in powershell
Set-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters -Name UrlSegmentMaxLength -Value 500
Restart-Service W3SVC -Force
I am writing a powershell script that deploys a website to IIS 7. I would like to do the following command to remove a custom header using the Web-Administration module in powershell rather than with appcmd. How do I do this command in powershell not using appcmd?
appcmd set config /section:httpProtocol /-customHeaders.[name='X-Powered-By']
To remove the header on iis level:
Remove-WebConfigurationProperty -PSPath MACHINE/WEBROOT/APPHOST
-Filter system.webServer/httpProtocol/customHeaders
-Name .
-AtElement #{name='X-Powered-By'}
And for a specific site:
Remove-WebConfigurationProperty -PSPath 'MACHINE/WEBROOT/APPHOST/Default Web Site'
-Filter system.webServer/httpProtocol/customHeaders
-Name .
-AtElement #{name='X-Powered-By'}
Adding a new custom field eg. xff-ip to have remote client ip from x-forwarded-for request header
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/siteDefaults/logFile/customFields" -name "." -value #{logFieldName='xff-ip';sourceName='X-FORWARDED-FOR';sourceType='RequestHeader'}
Or for a specific site:
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/site[#name='My Super Site']/logFile/customFields" -name "." -value #{logFieldName='xff-ip';sourceName='X-FORWARDED-FOR';sourceType='RequestHeader'}
Removing your added custom logging field eg.xff-ip
Remove-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/siteDefaults/logFile/customFields" -name "." -AtElement #{logFieldName='xff-ip'}
Or from your site only
Remove-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/site[#name='My Super Site']/logFile/customFields" -name "." -AtElement #{logFieldName='xff-ip'}
I hope someone can help, I am trying to enable enable "ASP.Net Impersonation" under the Authenticatuin section in IIS7, I have enabled other sections using the following command:
Set-WebConfigurationProperty `
-filter /system.WebServer/security/authentication/windowsAuthentication `
-name enabled `
-value true `
-location $SiteName
But I cannot find a similar command for setting up ASP.net Impersonation, I am guessing it has something to do with being ASP.net not IIS.
Any insight would be appreciated.
Try this:
Set-WebConfigurationProperty `
-Filter system.web/identity `
-Name impersonate `
-Value True `
-Location $SiteName
Use -PSPath instead of -Location.
Set-WebConfigurationProperty -filter /system.web/identity -name impersonate -value true -PSPath 'IIS:\Sites\Default Web Site\WebApp'