Bind IIS to selected IP and port combinations - iis-7.5

I have a problem configuring IIS for my needs. Let's start with the situation that I have:
Application listening on IP address A.A.A.A on port 443.
IIS website listening on IP address A.A.A.A on port 80.
IIS website listening on IP address B.B.B.B on port 443.
My machine is configured to have two IP addresses A.A.A.A en B.B.B.B. My application only binds to the A.A.A.A:443 endpoint. I want that IIS only uses A.A.A.A:80 and B.B.B.B:443. The site binding are correct, but IIS still binds to both A.A.A.A:80, A.A.A.A:443, B.B.B.B:80 and B.B.B.B:443. Because it binds to A.A.A.A:443 my own application cannot listen to it anymore and fails to start.
I have tried to use the netsh http add listener, but I cannot restrict IIS to use specific IP/port combinations. I can only specify IP addresses, so it will still bind to A.A.A.A:443.
Does anyone know a solution? I think it's kind of crazy that IIS binds to all available IP addresses even when I set the site binding to only a single IP address.

It is not IIS that is listening to the IP. It is the HTTP driver which is utilized by many services, not just IIS. Unfortunately the only to accomplish what you want is for the application outside of IIS to utilize the HTTP driver. I believe this easiest way is to use WCF.
See Exposing WCF Services Via HTTP when not hosted in IIS

This can be done with netsh, see the instructions here
http://support.microsoft.com/kb/954874
You can tell IIS which IP address to bind too.

Related

How do I ensure local iis access security?

I have windows 2008 R2 server. It is located behind a firewall called Fortigate.
I need to access an application on local iis from outside.
I opened a free account on cloudflare for this. I forwarded the A record of localsite.mydomain.com to my own ip address.
I opened a port in Firewall and forwarded it to my server.
My aim is only to be able to access the port on the server from localsite.mydomain.com, other than that, by typing the ip address, port scanning programs and so on. I don't want it to be accessed.
I thought of typing the cloudflare ip address from the server's firewall, but the cloudflare ip address is constantly changing. How can I do it?

Host a web site in an Azure VM

I have a Azure VM. Using the IIS, I host a website in the VM.
How can I access that website via the DNS name (like http://abc.cloudapp.net/)
I know this is the most unlikely, we should use the "web role", but I really need this works, is this possible?
I tried with the localhost, it works, the internal IP works, but the DNS name doesn't.
Edited to provide more info (March 09):
I have already have endpoints setup. "binding" uses the dns name. I have two website, one hosted in the port 8081, it works. Another one hosted in the port 80, which doesn't work.
http endpoints
the port 80 doesn't work
the port 8081 works
If I understand correctly, your VM already has a Azure domain in the form of myvmname.cloudapp.net right?
First you need to add an ENDPOINT in the VM that bridges the port 80 from outsite to inside (if that is the port indeed you configured in IIS).
Then, you need to add a CNAME record in your DNS table that points from www.mydomain.ext to myvmname.cloudapp.net (obviously replacing the correct values).

Only allow private access to website through VPN

I know this may be very basic, but I have a website on my server that I would only like to be accessed by VPN. I have OpenVPN running on my Windows machine and it is connecting to my server with the VPN. When the VPN connects I can use the VPN's IP address to hit the site on my server. I would like to block all other methods such as the actual site IP or my domain name. Would I use htaccess? What is normally done for private access only.
Let's say that your server vpn ip is 10.1.2.3 then you should add to your apache configuration
Listen 10.1.2.3:80
so that you will bind Apache - i.e. will accept incoming requests - only to that address.
Also:
The Listen directive does not implement Virtual Hosts - it only tells
the main server what addresses and ports to listen on. If no
directives are used, the server will behave in the same
way for all accepted requests. However, can be used to
specify a different behavior for one or more of the addresses or
ports. To implement a VirtualHost, the server must first be told to
listen to the address and port to be used. Then a
section should be created for the specified address and port to set
the behavior of this virtual host. Note that if the is
set for an address and port that the server is not listening to, it
cannot be accessed.
i.e. you could leave the original listen directive (listen to all interfaces) and filter the access per virtual host having your "private" virtual host configured like that:
<VirtualHost 10.1.2.3:80>
see http://httpd.apache.org/docs/2.4/bind.html
Finally if for some reason you are restricted to .htaccess only, then you could do in .htaccess:
Order Deny,Allow
Deny from all
Allow from 10.1.2.1/24
i.e. allowing access only from your vpn subnet.
Take care that you will need to restart the web server after every change.

Windows XP exposing websites in IIS in local network

how can I expose my Website to other PC's in my local network? Say I my computer name is CompTest and I can access my websites deployed in IIS in my own machine in http://Comptest/ and http://localhost/. Is there anything I need to set so other computers in my local network can access http://CompTest/? Just within local network.
You need to enable HTTP (port 80) over TCP through the Windows Firewall (in the Control Panel).
try using your ip address rather the your host name. like http://[ip address]:[port no]/[site name]. for your info http port is 80. also do
disable firewall
use static ip
i hope this will help you

Can't connect to Default Web Site in IIS 6.0

I can't connect to the default web site in IIS 6.0 using localhost or 127.0.0.1 or by server name. When I telnet to port 80 with one of these names, there's no connection.
However other web sites are running and I can telnet using any of the ip addresses.
I can ping to localhost where 127.0.0.1 is responding.
The default web site is running. It's not stopped.
check the windows firewall, that has a habit of blocking IIS on a local machine
Is the default site bound to a specific IP address? By default it would display "all unassigned" for the IP, but if you've linked all sites to a specific IP address, then the local IP would no longer be configured on the server and would not answer.
httpcfg.exe did it.
Stop all the sites under IIS, restart IIS and start the one you're interested in.
If this fails delete all the sites under IIS and create from scratch. If this fails, the problem is not with IIS and you'll need to look at what other services are running and start turning them off.
A firewall may prevent some content of your website/website itself from being accessible, so if you have problems with accessing content then check that your firewall is not rejecting content from your site.
The easiest way to ensure that your firewall is not blocking your access to your site services is to use your firewall control panel to allow data from *.(your site url).

Resources