How to host multiple iis websites cleanly mapped to different ports? - iis

I'm having trouble finding info on this one, even having access to my company domain controller I still can't see what configuration is causing the same behavior I want to mimic on my home server.
I'm working from a test environment on my home PC and would like the following behavior. Note that I do not require any of these sites be accessible anywhere but my local machine, again, I just want to learn.
My Goal:
To configure IIS to host multiple sites, accessible via "aliases" which map to different ports. For example:
home -> localhost:81
test -> localhost:82
dev -> localhost:83
Furthermore, I want the url in my address bar to actually BE what it says on the left, not simply redirect, BLEH! So if I type "home/" in my address bar, it should load the page at "http://home/".
How can I achieve this? Thanks... ;)
Here's what I have configured in my bindings for the site so far, but no cigar...

first you need to edit your hosts file (probably C:\WINDOWS\System32\drivers\etc) so that you resolve home for example to localhost, add records like this:
127.0.0.1 home
127.0.0.1 test
...
Then you should be able to set up your IIS site with the Host name as home, but leave the port to the default of 80.

When I create a site in IIS I select for IP "All Unassigned" and then make a unique port.
I access my sites via the outside world like this:
http://mbdev.myftp.biz:8004
http://mbdev.myftp.biz:8006
Those all go to demos sites.

Related

Redirect TLD (dev) to local IIS

In the office, we have already setup a redirect in the DNS to push .dev back to the localhost. The issue is when I am not in the office this does not work. I edited my host file for the websites but as I add more in the future I would prefer to not have to edit my host file.
Is there a way, within my computer, that I can force the TLD of .dev to always go back to my localhost?
I realize I may have to find a way to do this on my router so that the DNS is resolved.
Example:
- Local IIS
-- Website A (with a Host Name Binding of website-a.dev)
-- Website B (with a Host Name Binding of website-b.dev)
When I open a browser on my local box and type in website-a.dev, it should loop back to my local IIS and pull this website. Same thing for website-b.dev, of course, going to the other website. Now I know if at work we have setup the DNS to allow for this but I want to know if this can be done at home, where I do not have direct access to the DNS.
I know I can just put into my host file
127.0.0.1 website-a.dev
But I want a catch all for .Dev to go back to 127.0.0.1
Take a look at:
https://superuser.com/questions/135595/using-wildcards-in-names-in-windows-hosts-file
It explains that using Acrylic allows you to use wildcards and acts just like your host file.

Hosts file not working properly

I have a site on my test machine I want to bind into IIS with hosts file.
It's not that I haven't done it before, but this time the page is blank when I load it and chrome says the web page is not available.
In the dev tools Network tab I get ERR_NAME_NOT_RESOLVED and the weird part is that I've entered a domain name in hosts file associated with 127.0.0.1 address. The same site loads when I add virtual directory and access it via localhost.
UPDATE
Screenshoot of the web site, bindings and dev tools network tab.
http://oi59.tinypic.com/6zsfau.jpg
I have also tried loading with Firefox and IE, but same results.
Have no idea what might be the problem.
Here's 3 options I can think of:
Check that your binding in iis is set to "All Unassigned" for the IP address (displays in IIS as "*")
Alternatively bind to a specific ip address and use that ip address in the hosts file
Check that your hosts file encode in ANSI
hope this helps

Why is IIS going to the wwwroot folder instead of the one I want it to?

For the default Web Site in IIS I have the following binding on the default website:
I have the following binding on the site I want to access:
When I access the site in the browser with localhost/hostname, I'm pointed to C:\inetpub\wwwroot*hostname*. I have another site set up with a hostname binding that uses the same values for Port and IP Address and it points to the right place (a different folder on my C: drive). I'm running my site locally and I have the correct hostname entry in my hosts file. I don't want to create two separate virtual directories under a single website, I want the sites to be available as separate websites. What am I missing?
When you use the hostname feature in iis, you cant use localhost to access the site any more.
Instead use http://myhostname and setup myhostname to point to 127.0.0.1 in your hosts file.
If you want to access the site via localhost, that implies you need to make a virtual directory, or "application" in iis.

Access sites on IIS

I have inherited a system with a number of servers, but I have never worked with IIS before.
Currently there is a web server set up using IIS, it holds a number of 'test' sites and the server is called Staging. I have network access to the files on the server and I can login to the server via VNC. What I cannot do is view any of the sites in the 'webs' folder. I know they are all switched on and working as they have been used by my predecessor.
I have tried putting into the url bar the IP address, the IP address with the folder appended, the name of the server and still I cant access the sites.
I am behind a firewall so these sites should be accessible to anyone in the network, but obviously I am mising something.
Any tips, anything I can look at to try and find the site. Annoying thing I only need to look at one of the sites in the D:\webs\test site folder for about 5 seconds :(
Look in the IIS properties of the site and look at what IP address and host header values have been assigned to the site.

Is it possible to make part of a site on IIS only viewable from localhost?

We've got a webserver running IIS. We'd like to run maybe a shared blog or something to keep track of information. Because of security issues, we'd like for that part to be only viewable from localhost so people have to remote in to use it.
So, to repeat my question, can part of a website be made viewable from localhost only?
For some one doing it in IIS 8 / Windows 2012
1) In Server Manager, go to Manage, Add Roles and Features, Next, Next (get to Server Roles), scroll down to Web Server (IIS), expand that row, then expand Web Server, and finally expand Security. Make sure that IP and Domain Restrictions are installed.
2) In IIS Manager, drill down to the folder that you want to protect and left click select it. In the Features View of that folder select IP and Domain Restrictions In Actions choose Edit Feature Settings. Change 'Access for unspecified clients:' to 'Deny' then OK.
3) Finally go to 'Add Allow Entry' In the Actions menu. Type in the Specific IP address of your server.
Now only requests coming from your server will be allowed access. Or any server that shares that IP address. So in a small network, the office could share the IP address between all of the PCs in that offices, so all of those PCs could access that folder.
Last but not least is to remember that if your network has a dynamic IP address, then if that IP changes, you will expose your blog admin folder to whoever is using that IP now. Also, everyone on that new IP address will lose access to your that folder...
You can also use bindings instead of IP restrictions. If you edit the bindings for the web site you want to restrict access to, you can select which IP address the site is available at. If you set the IP address to 127.0.0.1, then the site is only responding on this IP address, and this IP address will of course only work locally on the machine.
I've tested this using IIS 8.5.
In IIS6 you can bring up the properties for the web and click on the directory security tab. Click the button in the middle of the tab for editing the IP and Domain restrictions. On this tab set all computers as denied, then add an exception for the IPs you want to allow access to this site.
I am not sure how to configure this on IIS7. I looked but couldn't find it, if I find it I will edit this answer.
Edit: Configuring IIS7
Josh
Should anyone wish to do this on the command line, this appears to work on IIS 7+
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:system.webServer/security/ipSecurity /+"[ipAddress='0',allowed='False']" /commit:apphost
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:system.webServer/security/ipSecurity /+"[ipAddress='127.0.0.1',allowed='True']" /commit:apphost
Reference
I initially wanted to do this in web.config to ease distribution, and it looked like the following might work:
<security>
<ipSecurity allowUnlisted="false"> <!-- this line blocks everybody, except those listed below -->
<clear/> <!-- removes all upstream restrictions -->
<add ipAddress="127.0.0.1" allowed="true"/> <!-- allow requests from the local machine -->
</ipSecurity>
</security>
but as you need to unlock the function in the central IIS config anyway there was no advantage over making the change directly using the first commands.
I agree with the recommendations to use IIS "Directory Security" to block all IP address except 127.0.0.1 (localhost).
That said, I'm wondering how this strategy of requiring users to remote in could possibly be more secure. Wouldn't it be more secure (as well as much simpler) to use standard IIS authentication mechanisms rather than have to manage Windows roles and permissions on the server machine?
As suggested in https://stackoverflow.com/a/39870955/2279059, it is possible to configure the site's bindings to listen only on the loopback interface. This makes the site inaccessible from the network without having to use IP address restrictions.
To support both IPv4 and IPv6, add two bindings, one for 127.0.0.1 and one for [::1], and set the hostname to *, so either IP address or localhost can be used to access it as shown in the screenshot:
To add a "local" site programmatically, you can use:
appcmd add site /name:MyLoalSite /bindings:http/127.0.0.1:7103:*,http/[::1]:7103:* /physicalPath:"C:\path\to\site\"
Depending on exactly what you want to happen if an unauthorized user tries to visit it.
You could try to setup the specific section as a virtual directory, then deny view to anonymous users. However, they will be prompted for login, and if they can login then they could see it.
Judging from the options present in the IIS MMC, you can also have a virtual directory only be accessible by certain IP-ranges. You could block everyone but 127.0.0.1. I have not tried this, however.
You can grant or deny access to a site or folder from certain IPs to a site or folder. In IIS, go into properties for the site or folder in question.
(1) Click to the "Diectory Security" Tab
(2) Click Edit Under the "IP Address and Domain Name Restriction" frame.
(3) Click "Denied Access" (This tells IIS to block every IP except those you list)
(4) Click "Add..."
(5) Click "Single Computer"
(6) Enter 127.0.0.1 (the IP of localhost)
Note that it is best to use an IP here (as I've described) rather than a domain name because domains can be easily forged using a hosts file.
You could simply add this .NET to the top of the page.
string MyWebServerName = currentContext.Request.ServerVariables["SERVER_NAME"];
if ( MyWebServerName == "127.0.0.1" || MyWebServerName == "localhost" )
{
// the user is local
}
else
{
// the user is NOT local
}

Resources