Creating and Configuring Web Sites in Windows
Contents
1. User name Password seccee0058 Authenticated access For the Following authentication methods user name and password are required when anonymous access is disabled or access is restricted using NTFS access control lists iW Integrated Windows authentication Digest authentication for Windows domain servers Basic authentication password is sent in clear text MET Passport authentication Creating a Local Virtual Directory Let s say Human Resources keeps their policies in a folder called D HR Policies on your web server and you would like users to be able to use the URL http 172 16 11 221 policies when they need to access these policies To do this we need to create a virtual directory that associates the policies portion of the URL called the alias for the virtual directory with the physical directory D HR Policies where these documents are actually located Let s do this now Right click on the Human Resources site and select New gt Virtual Directory to start the Virtual Directory Creation Wizard Click Next and type the alias for the virtual directory http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creating and Configuring Web Sites in Windows Server 2003 Page 8 of 18 Virtual Directory Creation Wizard Virtual Directory Alias Specify a short name or alias for this virtual directory Type the alias vou want to use to gain access to this Web virtual dir2. 5 11 2005 Creating and Configuring Web Sites in Windows Server 2003 Page 15 of 18 Logging Properties z x General Advanced New log schedule C Hourly Monthly C Unlimited File size When file size reaches oh ra OME M Use local time For File naming and rollover Log file directory CoWINDOW S systems LogFiles Browse Log file name Wagy 15257571 77 exvvmmdd log The key of course is to review log files regularly to look for suspicious activity IIS doesn t include anything for this purpose but the IIS 6 0 Resource Kit Tools does include version 2 1 of Microsoft Log Parser which can be used for analyzing IIS logs You can download these tools here Configuring Web Site Redirection Sometimes you need to take your web site down for maintenance and in such cases it s a good idea to redirect all client traffic directed to your site to an alternate site or page informing users what s going on IIS lets you redirect a web site to a different file or folder on the same or another web site or even to an URL on the Internet To configure redirection you use the Home Directory tab and choose the redirection option you want to use http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creating and Configuring Web Sites in Windows Server 2003 Page 16 of 18 Human Resources Properties a x Documents Directory Security HTTF Headers Custom Errors WebSite Per
3. and IIS 6 Administration Osborne McGraw Hill Mitch is based in Winnipeg Canada and you can find more information about his books at his website www mtit com Click here for Mitch Tulloch s section Check out these recent articles by Mitch Tulloch May 10 2005 Key Performance Monitor Counters Apr 21 2005 Troubleshooting Startup Problems Apr 12 2005 Book Reviews Security Books Apr 05 2005 Implementing Fault Tolerance on Windows Networks Mar 22 2005 Terminal Services Group Policy Click here for more articles by Mitch Tulloch Get new article updates in your Inbox Get all the various Windows networking related articles about setting up Windows NT XP 2000 2003 networks troubleshooting connectivity and more delivered directly to your mailbox as and when they are released on WindowsNetworking com by signing up to our Real Time Article Update below Email address Please note that we do NOT sell or rent the email addresses belonging to our subscribers we respect your privacy http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creating and Configuring Web Sites in Windows Server 2003 Page 18 of 18 Featured Links 75 of attacks are on web applications Secure your apps with Acunetix Web Vulnerability Scanner Control Portable Storage Devices Network wide control with LANguard PSC Did Today Free Download Detect amp Correct netw
4. Directory Creation Wizard again specify usermanual as the alias for the directory and type srv230 helpdesk as the UNC path to the share Virtual Directory Creation Wizard Web Site Content Directory Where is the content you want to publish on the Web site Enter the path to the directory that contains the content for this Web site Path ss T2 16 11 230 helpdesk Browse Back Cancel Click Next and a new screen appears prompting you to either specify credentials for accessing the share or use the authenticated user s credentials for this purpose we ll use the latter http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creating and Configuring Web Sites in Windows Server 2003 Page 11 of 18 Virtual Directory Creation Wizard E Securty Credentials Specify a user name and password to prevent unauthorized access to the network resource x Enter the user name and password that should be used to gain access to the network directory Username BYOWee Password Click Next and finish the wizard Let s look at the result LE Intenet Information Services us Manager aaa ae E E 3 Ble aton yew ee OOOO a gt ale xe OS e B gt mu l oe rane Information Services arna oooOOOO 48 TEST220 local computer Qusermanva 172 16 11 230 helpdesk il Application Pooks defaut htm EH Web Sites i Defaukt Web Site Human R
5. com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creating and Configuring Web Sites in Windows Server 2003 Page 17 of 18 ci Command Prompt CIS LIispeset Attempting stop Internet services successfully stopped Attenpting start Internet services successfully restarted Coyy Type tisreset for the full syntax of this command You can also start and stop individual web sites using IIS Manager or the Iisweb vbs script And you can stop or start individual IIS services using the net commands for example net stop w3svc will stop the WWW services only Summary In this article I ve explained how to create and configure web sites and virtual directories on IIS 6 Most of what we ve covered also applies to IIS 5 on Windows 2000 as well In the next article I ll delve into creating and configuring FTP sites and implementing FTP User Isolation a new feature of Windows Server 2003 For a deeper look at IIS 6 see my book IIS 6 Administration Osborne McGraw Hill About Mitch Tulloch Mitch Tulloch is a writer trainer and consultant specializing in Windows server operating systems IIS administration network troubleshooting and security He is the author of 15 books including the Microsoft Encyclopedia of Networking Microsoft Press the Microsoft Encyclopedia of Security Microsoft Press Windows Server Hacks O Reilly Windows Server 2003 in a Nutshell O Reilly Windows 2000 Administration in a Nutshell O Reilly
6. 717 7 R00T procedures CiN Open IIS Manager to display the new virtual directory Internet Information Services 115 Manager ails xj C3 Eile aton yew Window Helpo laj e Amx E A m u j Internet information eS _ 7 Path Status E TEST220 local computer pokcies D HE Policies 4 _J Application Ponts 45 procedures CHR Procedures H _J Web Sites default hem E Def suk Web Site Human Resources a poies procedures 4 Help Desk _J Web Service Extensions Note the difference in the icons for the two virtual directories That s because when the script creates a virtual directory it also creates an application starting point for that directory while the wizard does not This doesn t matter though since for now we re only hosting static content in these directories For the full syntax of Iisvdir vbs see here http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creating and Configuring Web Sites in Windows Server 2003 Page 10 of 18 Creating a Remote Virtual Directory Help Desk likes to do things differently than Human Resources does and their user manual is stored in HTML form in the share srv230 helpdesk on a network file server Let s create a remote virtual directory within the Help Desk site that associates the alias usermanual with this share Right click on the Help Desk site and select New gt Virtual Directory to start the Virtual
7. Creating and Configuring Web Sites in Windows Server 2003 Page 1 of 18 Admin KnowledgeBase Articles amp Tutorials Authors Hardware Links Message Boards Newsletters B8 Software O HOME com Networking http www windowsnetworking com 4 Control USB stick usage Network wide control with LANguard PSC DI site Topics 7 Site Search Pi Admin KnowledgeBase Creating and Configuring P Articles amp Tutorials Web Sites in Windows Common for all OSes Server 2003 Dial up Networking ICS RAS ADSL cst Direct Cable Connection Date Launched Jul 22 2004 In this article Networking we ll walk you Last Updated Jul 20 2004 through the Section Articles amp Tutorials Windows 2003 steps of Li I i LINUX ae oe eee ne Author Mitch Tulloch creating web Network Troubleshooting l l sites in Windows 2000 Printable Version Windows Rating 4 5 132 Votes Server 2003 using both Internet a o 1 2 3 5 Windows NT 4 i j dT o a oan aaanencaasnes Rate this article Services Manager and Wireless Networking scripts The also walk you Hardware through the steps for Links hosting content both Message Boards locallv and Newsletters remotely using virtual Software directories and will explain how Featured Product to perform common administration Servers swamped ae BY SPAM involving web Featured Book WA IEH li ies Server A003 Recommended Sites Interne
8. ectory Use the same naming conventions that you would for naming a directory Alias policies Back Cancel Click Next and specify the physical folder on the local server to map to this alias Virtual Directory Creation Wizard Web Site Content Directory Where is the content you want to publish on the Web site Enter the path to the directory that contame the content for this Web site Path D 3HR Policies Browse Cancel Click Next and specify permissions again we ll just leave Read enabled and finish the wizard Here s the result http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creating and Configuring Web Sites in Windows Server 2003 Page 9 of 18 Internet Information Services IIS Manager ll a _ 9 File Action Yew Window Help iej e im x amp EG i 2 el p EIl Wj internet Information Services fe 88 TEST220 local computer dafa htm J Application Pools policy tr H _J Web Stes policy Atm Defauk Web Site peohoy 3 htm _ Web Service Extensions Let s do something similar using another IIS script named Iisvdir vbs only we ll create a procedures virtual directory instead ci Command Prompt GC eseLisvdir create Human Resources procedures D HR Procedures Connecting to server Done Virtual Path Human Resources ROOT procedures ROOT DIXHR Procedures Metahase Path WSSUC 152575
9. esources Ug Usermanual J Web Service Extensions The Iisvdir vbs script can similarly be used for creating remote virtual directories Controlling Access to a Web Site Now that we have a couple of web sites and virtual directories created let s look at a few administration tasks This will be only a brief overview you can find a much more detailed treatment of the subject in my book IIS 6 Administration Osborne McGraw Hill First let s look at how we can control access to our web sites There are basically four ways you can do this NTFS Permissions web permissions IP address restrictions and authentication method NTFS permissions is your front line of defense but it s a general subject that we can t cover in detail here Web permissions are specified on the Home Directory tab of your web site s properties http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creating and Configuring Web Sites in Windows Server 2003 Human Resources Properties Fl x Documents Directory Security HTTF Headers Custom Errors WebSite Performance ISAPT Filters Home Directory The content For this resource should come From 8 share located on another computer A redirection to a URL Local path D 1HR Browse E Script source access we Log visits IW Read If Index this resource write T Directory browsing Application settings 4oplication na
10. formance ISAPI Filters Home Directory The content For this resource should come From A directory located on this computer 4 share located on another computer A redirection to a URL Redirect to http isry24Ofsitedown htm The client will be sent to he The exact URL entered above 7 A directory below URL entered 4 permanent redirection For this resource Application settings 4oplication name Default Application Remove Starting paint lt Human Resources gt Configuration al Execute permissions Mone Application pool DefaultAppPoo Elpiter ie Cancel Apply Help Stopping and Starting Web Sites Finally if sites become available you may need to restart IIS to get them working again Restarting IIS is a last resort as any users currently connected will be disconnected and any data stored in memory by IIS applications will be lost You can restart IIS using IIS Manager by right clicking on the server node Li Internet Information Services 11S Manager i i oj x C3 Bie Action Wew Window Help IE E Application Pools Service is running Web Sites shone Defauk Web Human Reso HelpDesk Backup Restore Configuration a eranu J Web Service Extel Restart ITS Save Config he to Disk You can also do the same from the command line using the Iisreset command http www windowsnetworking
11. ies and perfcenn your daly adiris ative tasks Aadan arok Mare To Wh Read about server roles karr itd Read abot remote Comput admuinsstration Dr corres Your server has been comfagured wath the followang roles TEREN SCL y y File Server server I a Application Server Sec Al Appacation servers provide the core bechnoleees pa i required to buid deploy and operate XML Web oe i Help ar Services Web applicators ard datibuted z applications Appication server technologies include i Read about application a ASP NET COM and Internet Information Services Serwers Depiyyti 115 Eh Read about Web Interface List of C for Remote Administration Tasks of Web servers i 2 Review the met shepe for F Strateg Note that for simple security reasons IIS should only be installed on member servers not domain controllers The reason is that if you install IIS on a domain controller and your web server becomes compromised the attacker could gain access to your accounts database and wreak havoc with your network Creating a Web Site The simplest approach is to use a separate IP address to identify each web site on your machine Let s say our server has five IP addresses assigned to it from the range 172 16 11 220 through 172 16 11 224 Before we create a new Human Resources web site let s first examine the identify of the Default Web Site Open IIS Manager in Administrative Tools select Web Sites in the console tree and right click on Default Web Si
12. in Windows Server 2003 Internet Explorer 5 0 or later Page 14 of 18 e Basic authentication Older authentication scheme that transmits passwords over the network in clear text so use this only in conjunction with SSL NET Passport authentication Allows users to use their NET Passport for authentication Configuring Web Site Logging Since web sites are prime targets for attackers you probably want to log hits to your site to see who s visiting it By default IIS 6 logs traffic to all content as can be seen on the bottom of the General tab of the properties for a web site or virtual directory Human Resources Properties Fl x Documents Directory Security HTTF Headers Custom Errors web Site Performance ISAPI Filters Home Directory Web site identification Description IF address 172 16 11 221 dvanced TCP port 80 SSL port Connections Connection tinneout 120 seconds M Enable HTTP Keep Alives Enable logging Active log Format wac Extended Log File Format x Properties Cancel cry Help The default logging format is the W3C Extended Log File Format and clicking Properties indicates new log files are created daily in the indicated directory It s a good idea to specify that local time be used for logging traffic as this makes it easier to interpret the logs http www windowsnetworking com articles tutorials Web Sites Windows 2003 html
13. me Default Application Remove Starting point lt Human Resources gt Configuration al Execute permissions Mone Application pool DefaultAppPool Angad Cancel pply Help Page 12 of 18 By default only Read permission is enabled but you can also allow Write access so users can upload or modify files on your site Script source access so users can view the code in your scripts generally not a good idea or Directory browsing so users can view a list of files in your site also not a good idea Web permissions apply equally to all users trying to access your site and they are applied before NTFS permissions are applied So if Read web permission is denied but NTFS Read permission is allowed users are denied access to the site IP address restrictions can be used to allow or deny access to your site by clients that have a specific IP address have an IP address within a range of addresses or have a specific DNS domain name To configure this select the Directory Security tab and click the Edit button under IP Address and Domain Name Restrictions This opens the following dialog which by default does not restrict access to your site http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creating and Configuring Web Sites in Windows Server 2003 Page 13 of 18 IP Address and Domain Name Restrictions P x IF address access restrictions By default all comp
14. nformation Services IIS Manager E o xj 3 Eie Arton ew now Hep 5 xf 7 O xg OSes Wj Internet Information Services EHI TEST220 local computer defaut htm _ Application Pools H _J Web Stes Defaut Web Site Human Resources R lg Desk _ Web Service Extensians The script we used here is Iisweb vbs one of several IIS administration scripts available when you install IIS on Windows Server 2003 The basic syntax of this script is easy to figure out from the previous screenshot and a full syntax can be found here Note that unlike the Web Site Creation Wizard used previously you can t use this script create a web site with anonymous access disabled So if you want to disable anonymous access you should do it by opening the properties sheet for the Help Desk site selecting the Directory Security tab and clicking the Edit button under Authentication and Access Control This opens the Authentication Methods box where you can clear the checkbox to disable Anonymous Access and leave Windows Integrated Authentication as the only authentication http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creating and Configuring Web Sites in Windows Server 2003 Page 7 of 18 method available for clients on your network Authentication Methods B x 1 Enable anonymous access Use the Following Windows user account For anonymous access BAGS ets TUSR_TEST220
15. ng and Configuring Web Sites in Windows Server 2003 Page 4 of 18 Web Site Creation Wizard Web Site Desciption Describe the Web site to help administrators identity it Type a description of the web site Description Human Resources Back Cancel Click Next again and specify 172 16 11 221 as the IP address for the site Web Site Creation Wizard i x IP Address and Port Settings Specify an IF address port setting and host header for the new Web site Enter the IP address to use for this Web site 172 16 11 221 All Unassigned 172 16 11 220 172 16 11 223 q172 16 11 222 172 16 11 221 teated AOOO n For more information read the IS product documentation Back Cancel Click Next and specify D HR as the home folder for the site We ve cleared the checkbox to deny anonymous access to the site because this is an internal intranet so only authenticated users should be able to access it public web sites generally allow anonymous access http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creating and Configuring Web Sites in Windows Server 2003 Page 5 of 18 Web Site Creation Wizard x Web Site Home Directory The home directory is the root of pour Web content subdirectories Enter the path to your home directory Path D SHF Browse Allow anonymous access ta this Web site Back Cancel Click Next and leave
16. only Read access enabled since the Human Resources site will initially only be used to inform employees of company policies Web Site Creation Wizard ES Web Site Access Permissions Set the access permissions for this Web site Allow the following permissions M Read Run scripts such as ASP Execute such as ISAPI applications or CGI Write Browse To complete the wizard click Next Back Cancel Click Next and then Finish to create the new web site http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creating and Configuring Web Sites in Windows Server 2003 Page 6 of 18 Internet Information Services 115 Manager E loj x 9 File Action Yew Window Help iej E ap am x Ei BIE e Sl gt mn Wj Internet Information Services EHI TEST220 local computer defa htm J Application Pooks H _J Web Stes Defauk Web Ste Human Resources _ Web Service Extensions Now let s create another intranet site this time for Help Desk which will use IP address 172 16 11 222 and home folder D Help We ll create this one using a script instead of the GUI ci Command Prompt G N iisweb create Di Help Help Desk zi 172 16 11 222 Connecting to server Done Server TEST226 Site Name Help Desk Hetahase Path WISUC 1181955842 IF 72 16 11 222 WOT SPECIFIED BA D sHelp BTARTED And here s the result Internet I
17. ork amp server issues automatically with GFI Network Server Monitor Find thousands of essential tips in our WindowsNetworking com Windows NT 2000 2003 XP Admin Knowledge Base Join our mailing list Enter your email below then click the join list button Admin KnowledgeBase Articles amp Tutorials Authors Hardware Links Message Boards Newsletters E8 Software About Us Contact Us Product Submission Form Advertising Information WindowsNetworking com is in no way affiliated with Microsoft Corp Links are sponsored by advertisers Copyright 2005 TechGenix Ltd All rights reserved Please read our online privacy statement http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005
18. t Information Services 6 IIS 6 is a powerful platform for hosting web sites on both the public Internet and on private intranets Creating and configuring web sites and virtual directories are bread and butter tasks for IIS Administrators and in this article we ll walk through the process of doing this using both the GUI IIS Manager and using various scripts included with Windows Server 2003 The seven specific tasks we ll walk through will include http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creating and Configuring Web Sites in Windows Server 2003 Page 2 of 18 Creating a Web Site Creating a Local Virtual Directory Creating a Remote Virtual Directory Controlling Access to a Web Site Configuring Web Site Logging Configuring Web Site Redirection Stopping and Starting Web Sites Windows urity Windows MT VUE EE 7 FAX Solutions For sake of interest we ll explain these tasks in the context of a fictitious company called TestCorp as it deploys IIS for its corporate intranet Preliminary Steps Unlike earlier versions of Microsoft Windows IIS is not installed by default on Windows Server 2003 To install IIS open Manage Your Server from the Start menu and add the Application Server role T Manage Your Server g Manage Your Server Search Hap and Support Cente Server T 9 Managing Your Server Roles ise tha boots and information found here bo add ior remote PAPP r
19. te and open it s properties http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creating and Configuring Web Sites in Windows Server 2003 Page 3 of 18 Default Web Site Properties _ ax Documents Directory Security HTTF Headers Custom Errors web Site Performance ISAPI Filters Home Directory Web site identification Description Default Web Site IP address cal Unassigned dvanced TCP port oil SSL port Connections Connection timeout i170 seconds M Enable HTTP Keep dlives Enable logging Active log Format wac Extended Log File Format Properties Cancel cpl Help The IP address for the Default Web Site is All Unassigned This means any IP address not specifically assigned to another web site on the machine opens the Default Web Site instead A typical use for the Default Web Site is to edit it s default document to display general information like a company logo and how to contact the Support Desk Let s use IP address 172 16 11 221 for the Human Resources site and make D HR the folder where the home page for this site is stored To create the HR site right click on the Web Sites node and select New gt Web Site This starts the Web Site Creation Wizard Click Next and type a description for the site http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creati
20. uters will be af Granted access Except the Following c Denied access The main thing to watch for here is that denying access based on domain name involves reverse DNS lookups each time clients try to connect to your web site and this can significantly impact the performance of your site The final way of controlling access to your sites is to use the Authentication Methods dialog box we looked at previously Authentication Methods Use the Following Windows user account For anonymous access User name IUSR_TEST 220 BROWSE Password sec eec088 Authenticated access For the Following authentication methods user name and password are required when anonymous access is disabled or access is restricted using NTFS access control lists iW Integrated Windows authentication Digest authentication for Windows domain servers Basic authentication password is sent in clear text MET Passport authentication Default domain Realm c tee _ In summary the five authentication options displayed here are e Anonymous access Used mainly for web sites on public Internet web servers e Integrated Windows authentication Used mainly for web sites on a private intranet e Digest authentication Challenge response authentication scheme that only works with clients running http www windowsnetworking com articles tutorials Web Sites Windows 2003 html 5 11 2005 Creating and Configuring Web Sites
Download Pdf Manuals
Related Search