How to allow access to an application for everyone - iis-7.5

I've set up an application in IIS. In IP and Domain restrictions there's no IP address specified neither for allow nor for deny. When I try to access the application from outside I get "403 - Forbidden: Access is denied." message. However, I can access another application that is also set up in the same machine IIS. I've looked at the IP and Domain Restrictions of that application and the list is empty. How can I grant the same access to my application as the one that already works?
Note: The server is Windows Server 2008R2

Yahoo, I found it. To allow anyone to access an application you should follow these basic steps.:
Select the application and on the right side in the IIS section choose IP Address and Domain Restrictions.
Doube click on it or choose Open Feature on the rightmost pane which is called Actions
Then in the same Actions pane choose Edit feature settings. A dialog box will appear with a combobox. Select Allow. That's all. To deny everyone you'll of course select Deny.

If you set up the site as a Virtual Directory that points to a UNC path, then you will need to set the Physical Path Credentials under Advanced Settings.

Related

Host IIS Server applications on the internet

I know this may be straight forward and may have already been asked but I have been unable to get proper online articles on this or atleast I don't know how to ask google. so here's a scenerio.
I have a Windows Server which will be hosting applications.
These applications need to be accessible over the internet.
NOTE I'm aware I can just port forward and users can access the apps via a public IP. This isn't how I want it.
Users should be able to access my apps through www.my-apps.com. This domain will be registered with e.g. Godaddy, etc.
How do I go on about this ? No matter how complicated this maybe, I am ready to get my hands as dirty as possible to implement this.
You can modify the hosts file of the server hosting your site to point to the local machine's IP when visiting the www.my-apps.com domain should do it.
Open the IIS Manager, in the Connections pane of IIS, expand the Sites and select the website which you want to access via IP address.
Click on Bindings link and you will see current bindings of that website.
Click on Add button to add a new binding, On the Add Site Binding window, keep website Type as http. Select an IP address from the drop-down menu upon which you want to bind the website, then type www.my-apps.com in the Host name, click OK and then Close.
open this file: c:\Windows\System32\Drivers\etc\hosts.
Add the following entry to the file: IP Address www.my-apps.com
Save to save your changes

Host a webapi in IIS Express so it can only be accessed by a parent web application

I have 2 separate webapi apps and I want the 1st one to be a normal webapi app which can be accessed by any authorised over the internet. With the 2nd one, I need it to not be publicly accessible and only available to the 1st (so the 2nd app is 'nested' within the first somehow).
Could anyone please tell me how I can achieve this (the apps are hosted in IIS Express at present but will be in iis for production)?
Many thanks
If you're concerned about security (and everyone should be), you can configure IIS to allow only specific computers, groups of computers or domains access to your Web site. Here's the procedure:
1)Open the IIS console and go to the Properties of your Web site.
2)double-click IP Address and Domain Restrictions.
3)Click Add Allow Entry... (on the right pane) to add an IP address or IP address range which will be allowed to access the website. Click OK.
Repeat this step to add other IP addresses to the list.
Once allowed IP addresses have been added, click Edit Feature Settings... and select Deny for Access for unspecified clients. Click OK.
Now, only users with the specified IP addresses are able to access the website.

How to prevent website access by server IP address on IIS server?

Recently our application scanned and found that application should not be accessible from server IP address only should Accessible through domain name
please tell me if anyone have make this work
For starters, your preferred approach is not necessarily more secure than the one you wish to prevent. Just saying.
You can accomplish your objective by configuring the default site as blank site (or whatever permissions or response you want).
To do this, on your IIS,
Move your content to a different folder (like c:\Inetpub\wwwroot\MySite)
Create a new site (IIS manager, right click "Sites". Add website")
Settings: "Physical path" points to your new content location (c:\inetpub\wwwroot\mysite), "IP address" is unassigned, "Host name" is the url for your site.
In IIS, right click "Default Web Site". "Edit Bindings". For any of the entries with "IP address" of "*", Edit, and remove the host name.
This will force anyone going to your site with the IP, but not a correct hostname, to go to your default site, which will be empty.

Sharepoint 2013 top-level site with unique IP

We have a newly-configured Sharepoint 2013 server installation, which serves our company Intranet.
The new Intranet is now in service and operational.
Next, we need to create another top-level site which will serve as an Extranet portal for clients.
Sharepoint Central Administration does not provide a method by which a separate IP address can be
selected for a new site; instead, it provides port selection or entry only.
We need to route external traffic to the extranet site, which requires either a mapped internal IP
address or a different port. The main limitation we face is that most of our public-sector clients
cannot use a non-standard port due to their firewall restrictions. So, this means a unique IP.
In the exhaustive research conducted concerning this issue, it appears that the "best practice"
receommended by Microsoft themselves is nothing but a workaround, where part of the process is
performed in SP Central Admin and the other half in IIS.
We have found many articles and blogs mentioning alternative ports, but none which address this situation directly.
Now we're trying to contend with Alternate Access Mappings, which are confusing our admins.
We really need the voice of experience from someone who has actually done this before.
Question: what is the correct way of achieving our goal?
Your users will access the site based on a host name I guess, not on an IP address?
So, you will have an intranet under http://intranet and you now want to create an extranet under http://extranet.
The fact that extranet is on another IP address and routed to your SharePoint farm is not really an issue.
What you need to do, is to create another web application with as host name http://extranet
Your firewall / network hardware must then forward http://extranet to your SharePoint servers. IIS will see "extranet" and serve the extranet.
If your users will access it via the IP-address, it's similar. Instead of http://extranet, you enter http://ext.ip.addr as the host name.

what are the pros and cons of setting virtual host in Liferay?

I am using multiple domains to access liferay portal instance.
For example following are the domains mapped in hosts file of windows:
www.liferaytest1.com
www.liferaytest2.com
and in Liferay's Control Panel → Portal Settings, www.liferaytest1.com is set as virtual host.
I can access portal instance with all above mention domains along with localhost.
When I access portal with www.liferaytest1.com then I can access Guest site pages directly. Say, home is a page in Guest site then instead of accessing with www.liferatest1.com/web/guest/home I can access it directly with www.liferaytest1.com/home
So URL is shortened to some extend.
So far so good.
First Concern
Now when I try to access portal via www.liferaytest2.com and when I click any sites listed in My Sites portlet of Liferay, it redirects me to that site with the domain mentioned in virtual host i.e. www.liferaytest1.com instead of retaining www.liferaytest2.com.
Suppose I have a Site named Help, so when I click on help site link in My Sites portlet then instead of staying with www.liferaytest2.com domain it redirects me with www.liferaytest1.com domain.
This is due to virtual host mapping done in liferay.
Second Concern
When I am accessing the portal with www.liferaytest2.com and subscribe to any of the Assets then the links in email contain the virtual host domain i.e www.liferaytest1.com.
How to overcome above mention issues?
My requirement is to stay relative to the portal accessing domain.
When I access portal via www.liferaytest2.com then it should not redirect me to www.liferaytest1.com on-click of any of the Site-links as explained above and also emails that I would be getting should also be relative to the domain I am accessing i.e. www.liferaytest2.com.
First of all: You're not required to use that feature - it's implemented in a certain way (e.g. as you describe) and if that doesn't suit your needs, there's no need to configure individual virtual hosts. There's no problem serving all content through just a single virtual host or do the resolution on Apache (e.g.) - that is, fully external to Liferay. The only drawback is that you'll need the clue of the site you want to access (e.g. /web/guest as part of the URL) so that Liferay knows what content to serve.
However, you might be closer to what you'd like to achieve if you change URLs to a structure like test1.example.com and test2.example.com - this way you share at least the toplevel domain and might be able to do some cheaper single-sign-on (you can still do SSO with completely different domains)
You don't need to change the virtual host in Control Panel → Portal Setting for such requirement. Rather keep it to localhost. This will resolve both of your concerns.
Next you want to access portal using two different domain, you can do it through DNS settings. Map both to same IP (the IP of Liferay portal) and you will reach Liferay portal using any one. It will not change the url and will stay from the name initiated.

Resources