Creating IIS7 sites, applications, and virtual directories. In the course of IIS7 development, the team and I have answered an infinity of questions about IIS7 on any possible topic imaginable. Ironically, neither I nor anyone else I know on the team has ever answered the most basic question – what is the minimum set of steps necessary to get a website running with IIS7? This post answers this exact question, and explains the key IIS7 concepts of sites, applications, and virtual directories (vdirs), which must be created before your IIS7 server can serve a single request. Update: We recently launched a service that significantly helps you understand, troubleshoot, and improve IIS and ASP. NET web applications. If you regularly troubleshoot IIS errors, manage Windows Servers, or tune ASP. NET performance, definitely check out the demo at www. It also provides the steps necessary to create IIS7 sites, applications, and virtual directories, and options for configuring them. If you are familiar with IIS6, read on to learn about critical differences in the way sites, apps, and vdirs work on IIS7, and how to create and manage them using IIS7 tools. If you don’t care about the background, and just want to know how to create your first IIS7 website in the quickest way possible, jump ahead. Then, come back and read about what it all means . An application is a logical container of your website’s functionality, allowing you to divide your site’s url namespace into separate parts and control the runtime behavior of each part individually. For example, each application can be configured to be in a separate application pool, thereby isolating it from other applications by putting it in a separate process, and optionally making that process run with a different Windows identity to sandbox it. ![]() The Firefox profile containing your user data and settings is not found in the installation directory but rather in a separate. By default, Windows installs all the programs in C:Program Files or C:Program Files (x86) directory depending on the type of Windows 10 and program you a. Note That Reindexing is On By Default. Before upgrading to MarkLogic 9 from MarkLogic 6 or earlier, be aware that database reindexing is enabled by default. Copying a directory tree and its contents to another filesystem using tar will preserve ownership, permissions, and timestamps. A neat trick allows using tar to. The application is also the level at which ASP. NET applications / appdomains are created. Firefox stores your personal information and settings in a profile folder. Find out what is in your profile and how to locate it. Each application has a virtual path that matches the initial segment of the url’s absolute path for the requests to that application. A request is routed to the application with the longest matching virtual path.– Each site must have at least the root application with the virtual path of “/”, so any requests not matching other applications in the site will be routed to the root application. In all Unix and Unix-like systems, each process has its own separate set of environment variables. By default, when a process is created, it inherits a. How to Change Default File Save Location in Microsoft Office? While working in Microsoft Office, when you try to open or save a document, it opens the default. The only reason I can see is because of the default virtual directories. ![]() Finally, a virtual directory maps a part of the application url namespace to a physical location on disk. When a request is routed to the application, it uses the same algorithm to find the virtual directory with the longest virtual path matching the remainder of the request’s absolute path after the application path.– Again, each application must have at least the root virtual directory with the virtual path of “/” to be functional. For example, here is how a request to /app. Site layout. Request routing“/” APP“/” VDIR“/” APP, “/” VDIR“/” APP“/” VDIR“/app. APP“/” VDIR“/app. APP, “/” VDIR“/” APP“/” VDIR“/app. VDIR“/app. 2” APP“/” VDIR“/” APP, “/app. VDIRLet’s look at an example: In this example, I have two sites: The default IIS7 site named “Default Web Site”, and another site named “My. Site”.“Default Web Site” site has a single binding enabling it to receive requests on port 8. The “My. Site” site also listens on port 8. The ability to host multiple sites on a single port using host headers is critical for mass hosting scenarios,and is enabled by the http. IIS’s behalf. A request to http: //domain. Default Web Site”. Then, its routed to the root application, and the root virtual directory within it, and the physical path of the file served for this request becomes c: inetpubmysitetesthello. A request to http: //mysite. My. Site” because it matches the host header specified by “My. Site”’s binding. As before, it is routed to the root application, and its root virtual directory, with the physical path being c: mysite, a directory. Finally, a request to http: //mysite. My. Site”. It is routed to the root “/” application, but within that application, it is routed to the “/test” virtual directory, because the http: //mysite. So, the physical path of the file served becomes c: inetpubtesthello. What’s an application pool? An application pool is technically not a part of the site / application / virtual directory containment hierarchy, but it is an important part of configuring the server to be able to serve requests to the application. An application pool defines the settings for a worker process that will host one or more IIS7 applications, carrying out their request processing. The application pool is a unit of process isolation, since all request processing for an application runs within its application pool’s worker processes. It is also a unit of isolation from a security perspective since the application pool can run with a different identity, and ACL all needed resources exclusively for itself to prevent applications in other application pools from being able to access its resources. The application pool mechanism has been introduced in IIS6, and has been a key strategy in supporting IIS6’s stellar security record. In IIS7, it has been further enhanced to offer improved isolation and scalability – I will cover strategies of using application pools efficiently in a future post soon. So, how do I create a simple IIS7 site? To summarize what we learned from before, a functioning website is one that has at least the following: 1. A site. 2. A binding that determines on which interface, port, and hostheader the site listens on. A root application. A root virtual directory mapping the root application to its physical root folder. An application pool to run the application. The good news is that IIS7 by default comes with the aptly named “Default Web Site” already configured, so if you are ok with a website on port 8. Just drop your files in %systemdrive%inetpubwwwroot, and hit up http: //localhost/. Given that, why would you want to create a separate website / application / etc? Here are some of the reasons: 1. You want to have multiple websites (different domain names, or ports). You want to have multiple applications to isolate part of your website for reliability, or security reasons by placing them in separate application pools. Or, you need to have separate ASP. NET applications. You want to redirect parts of your website’s url namespace to a different location on disk by creating a virtual directory. Let’s start with the simplest case- creating a new website from scratch. This post will show how to do these tasks from the command line, but you can do most of these from the new IIS7 Admin tool. The command line is a more flexible way to do it, and lends itself well to automation with cool batch scripts I know you will write. So, without further ado, let’s create a completely new website using the IIS7’s App. Cmd. Exe command line tool, located in %windir%system. Be sure to do this as an Administrator from an elevated command line prompt – Start > Programs > right click on Command Line Prompt, and choose Run as Administrator): > %windir%system. App. Cmd ADD SITE /name: My. New. Site /id: 3 /bindings: http/*: 8. Path: c: inetpubmynewsite. SITE object “My. New. Site” added. APP object “My. New. Site/” added. VDIR object “My. New. Site/” added. This creates a new website named “My. New. Site”, with id = 3, and creates a single HTTP binding configured to listen on all interfaces, port 8. Note that a root application, and root virtual directory are automatically created. This is because I specified the optional /physical. Path parameter – which results in the root application with a root virtual directory pointing to the specified physical path to be created. At this point, you can immediately begin using the website by placing files in c: inetpubmynewsite, and access the site with http: //localhost: 8. What about the application pool? By default, all applications use the “Default. App. Pool”, a default application pool that also hosts the “Default Web Site”’s application. You can create a new application pool / place the application in a different application pool later if you want. Going deeper with site, application, and virtual directory creation. Ok, so now we have a simple website we just created. Let’s examine it with the App. Cmd List Sites command: > %windir%system. App. Cmd LIST SITESSITE “Default Web Site” (id: 1,bindings: http/*: 8. Started)SITE “My. New. Site” (id: 3,bindings: http/*: 8. Started)This displays the default and the new site we created, including their ids, their bindings, and their state. The state is a runtime property of the site, and indicates whether the site is currently receiving requests. If there is an error in the site’s definition, for example, another site has a conflicting binding, or the site is missing some required configuration, the state will be “Stopped”. A state of “Started” is a good indication that the site is functional. You probably noticed earlier that the site binding was specified with the /bindings parameter as “http/*: 8. This is the binding syntax used by App. Cmd, which allows multiple bindings to be specified in a list of comma- separated PROTOCOL/BINDINGINFORMATION entries, like: http/1. This syntax allows bindings to be specified for any protocol, where the PROTOCOL is the protocol name, and BINDINGINFORMATION is a string passed to the listener adapter for this protocol to construct the binding. For HTTP, the binding information string is the following. You can also set them afterwards using the SET command. You can obtain the settable properties for each object, such as below for a site object: > %windir%system. App. Cmd SET SITE “Default Web Site” /?- name- id- server. Auto. Start- limits. Bandwidth- limits. Connections- limits. Timeout- log. File. Ext. File. Flags- log. File. custom. Log. Plugin. Clsid- log. File. log. Format- log. File. directory- log. File. period- log. File. truncate. Size- log. File. local. Time. Rollover- log. File. Failed. Requests. Logging. enabled- trace. Failed. Requests. Logging. directory. Removing the Default Web Site. Several references recommend removing the Default Web Site for security reasons. The only reason I can see is because of the default virtual directories and default permissions that exist on the Default Web Site. Is this step beneficial even if I already follow best practices such as removing unneeded content and directories and setting custom permissions? Removing the Default Web Site is good advice but not necessary in all cases. I advise most IIS administrators to turn off the Default Web Site. If, however, the Web server is connected to the Internet, I recommend removing the Default Web Site and underlying content. The case for keeping the Default Web site is that a time might arise when you need the online documentation. In addition, Microsoft tends to depend on the Default Web Site for installing software such as Microsoft Proxy Server 2. IIS Migration Wizard. However, if you keep the site, I recommend that you not use it for content and disable it. If you want to use the Default Web Site for content, you need to remove all the built- in virtual directories and provided files. Consequently, you might as well start a new Web site and leave the Default Web Site turned off. By default, the Default Web Site's home folder is \%systemroot%\www root\inetpub. When you create new Web sites, the logical home directory for those new Web sites is the \inetpub folder. However, by placing these new sites in the \inetpub folder, you make the new Web sites' content available from the Default Web Site. Figure 4 shows a typical setup in which a new Web site resides in the \inetpub folder. As you can see, an intruder can access the new Web site as either http: // securityadministrator. The best way to avoid this potential security hole is to place all your content in a new \wwwroot folder outside \inetpub (and off the system drive). The only other way to avoid the hole is to delete or disable the Default Web Site.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
September 2017
Categories |