-
Book - Introducing Windows Server 2008
-
Want to learn more about Windows Server 2008 or formerly known as Longhorn? then grab the latest book Introducing Windows Server 2008 from Mitch. Mitch is one of the regular author for Windows + IIS books and a Microsoft MVP for many years.
You can also get the introduction about IIS 7 via this free sample chapter.
-
Bug: Application Creation via AppCmd.exe
-
I was trying to find the syntax in AppCmd.exe to convert an existing virtual directory say - myVdir to be an application.
Obviously, the first step is to create the virtual directory. (I know I can do both with appcmd add app bla bla and create the associated vdir). but I was looking for the way to do it as the IIS Manager, right mouse - Convert to Application)
Step 1 - create the vdir
appcmd add vdir /app.name:"default web site/" /path:/myVdir /physicalPath:c:\temp\vdir
Output:
VDIR Object "default web site/myVdir" added
Then, I spent sometime looking on how to 'covert' myVdir to an application itself, in other words make the <virtualDirectory> itself as "/" or root vdir which indicates that it is an application staring point in IIS 7.0. But I got no luck :( maybe my mind got stuck after playing with AppCmd.exe for 3hrs. I can't use "appcmd set vdir" as there's no options for application, and I can't apply "appcmd set app" because it is not an application yet, it is just a Vdir using the root application.
Anyway, so after awhile I decided to use "appcmd add app" and hoping that IIS detects that the vdir already defined, and it will just reconfigure it as an application. So,
Step 2 - create the app
appcmd add app /site.name:"default web site" /path:/myVdir /physicalpath:c:\temp\vdir
Output:
APP Object "default web site/myVdir" added
VDIR Object "default web site/myVdir/" added
Voila!!! I was so happy, I thought it works as I was expecting duplicate element error :) but no error msgs. So I fired up IIS Manager to check! Zzz... I can't no longer expand the "default web site", and got an error msgs saying "An item with the same key has already been added". Sigh! so the configuration store accepted the duplicate entry and now it complaints! Argghhh!!!
Now, to fix this! again I found something interest. You can do it via UI in Vista, but not W2k8 Beta 3. For vista, just click OK to ignore the error, then View Applications - right click on myVdir, and then click Remove. Now, if you try the same steps in W2k8, after the delete confirmation dialog box, you got back the "An item bla bla ........." error msgs again :) To fix this for W2k8, go to applicationHost.config file and manually remove the duplicate entry. And I conclude this as a validation bug of appcmd when trying to manipulate the configuration store.
Mm....now! I'm back at where I started. so is it possible to 'Convert to Application' for existing vdir via AppCmd.exe ???
Updated - 170707
I should have mentioned that W2k8 I'm using is from April CTP, you won't get the UI error in June CTP.
Also, according to Microsoft - it is acceptable to have same /alias inside the different application. In my case, the vdir of the default web site/ root application will never get reference as the /myVdir application's vdir definition kicks in first. Mm.... I still don't like the idea, why it accept both when only 1 is technically working?
Anyway, for my question - no way to 'covert to application' from appcmd.exe in 1 step :)
You can however, first delete the vdir, then create the app..... two steps at least.
-
Netcraft: IIS is picking up...
-
According to Netcraft Web Server Survey, Microsoft IIS web server continue to gains more market shares for the past three months. In July, up to date with 1.01% improvements, while 0.34% and 0.36% gained in previous two months :)
With the latest figures, IIS is now at 33% while Apache is still leading at 53%, and the rest go other players. I'm expecting more and more IIS deployment in IIS 6, as well as IIS 7 with W2k8 when it debuts.
-
Security Alerts - Microsoft Internet Information Services Could Allow Remote Code Execution (MS07-041)
-
In this month Microsoft security bulletin, there's one important vulnerability related to IIS.
Summary:
This important security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if an attacker sent specially crafted URL requests to a Web page hosted by Internet Information Services (IIS) 5.1 on Windows XP Professional Service Pack 2. IIS 5.1 is not part of a default install of Windows XP Professional Service Pack 2. An attacker who successfully exploited this vulnerability could take complete control of the affected system.
Affected Platform:
Windows XP SP2 - IIS 5.1
Vulnerability:
Remote Code Execution
More detail...
-
How to configure HTTP KEEP-ALIVE in IIS 7 ?
-
Oh man, it actually took me 30mins to figure out where to configure this in IIS 7.0. Again, you will take sometimes for you to get familiar with the new IIS Manager UI in IIS 7 :)
Now HTTP Keep-Alive is inside http spec to maintain open connections between client browser and web server, this can improve the overall performance rather than initiating new connection for new request, at the same time, keep-alive is needed for Windows authentication, etc.
In IIS 6, this setting is pretty expose :) or at least easy to find as it is in web site tab everytime you look at the web site property. For IIS 7.0, you need to go to HTTP Response Header icon in Feature View pane, then click on Set Common Headers at the Action task pane. Take note that the UI interface only available for Windows 2008, this is one of the missing UI in Vista, hopefully this will fix in Vista SP1. By default, keep-alive is enabled.
For Vista, you can set it via AppCmd.exe. E.g. disabling keep-alive.
appcmd set config /section:httpProtocol /allowKeepAlive:false
Sigh, I only found out about this article via google while I was searching for keep-alive element name in the configuration file, should have google it before I even start to looking for it in the UI :)
-
How to configure Scripts Only or Scripts and Executable in IIS 7?
-
In previous versions of IIS, you can always specify IIS application execute permissions to None (read), Scripts only (scripting engine, and Scripts and Executable (executable dll, exe, etc files). This can be set at each of the site, directory, virtual directory level via the home or directory tab of the site property.
The value of the settings is kept using AccessFlags metabase key, this has changed in IIS 7.0, the metabase key is depreciated.
While I was playing with it, I came across a blog post by Thomas, application execute permissions settings now are set using Handler Mapping icon in IIS 7.0 Manager, Thomas promised to add in the UI picture, obviously he must have been too busy or forgotten about this. Anyway, this is UI when you click on the 'Edit Handler Permissions' link.
It is also important to take note that the new accessPolicy will be the configuration element inside <handlers> collection to control all request handler mappings. The settings can be configure at site (applicationHost.config), or web.config file located for the directory you configured.
-
IIS KBs - June 2007
-
930451 FIX: Internet Information Services 7.0 removes custom values in the Web.config file
938418 Basic authentication does not support using UTF-8-encoded characters in IIS 6.0
937690 You may experience unexpected behavior when you send a request for a resource that has the .map file name extension to a server that is running IIS
937688 Host header names that contain an underscore character are not supported in IIS 7.0
937692 A "Connection_Dropped" event message is logged in the Httperr.log file on a Windows Server 2003-based computer that is running IIS 6.0
937691 How to redirect all requests for a Web site to a page that exists within the Web site in IIS 6.0
937693 Error message when you try to use the Password Change pages that are included with IIS 6.0 to change a domain password that is expired: "Error: Object required"
936476 Error message when a Web application that is hosted on a server that is running Internet Information Services 6.0 requests an ASP page: "HTTP 500 - Internal Server Error"