Showing posts with label IIS. Show all posts
Showing posts with label IIS. Show all posts

Friday, September 15, 2017

Logging IIS POSTS

Have you ever needed to see the raw POSTS coming into your IIS-hosted web site, but don't want to change code to write it to a file?  Well, there is an easy way:

  • Bring up IIS Manager
  • Find the Site you want to log, and click on it
  • Click the IIS icon, "Failed Request Tracing Rules".  Even though it says failed requests, it also will do successful requests.

  • Select "Add..." in the right menu
  • Select "All Content (*)" and "Next"












  • Then put "200" in the "Status Codes" box.  You could add a range to get all requests: "200-999"



  • Then press "Next",  "Finish"


A new folder under your default logs root will be built called "FailedReqLogFiles".   You will see it get filled with XML files that exhaustively log every aspect of all posts.

Remember - Don't leave it on long or it will blast your storage with tens of thousands of files.








Posted by at No comments:
Labels: , ,

Wednesday, September 13, 2017

IIS Web Deploy ERROR_DESTINATION_NOT_REACHABLE

This is a common error with setting up Web Deploy.  What happens is you install Web Deploy from Microsoft's online link, check that it's a running service, then find it only yields a ERROR_DESTINATION_NOT_REACHABLE error.




Of course, you troubleshoot pinging the remote site.  That's fine.  Then you try telnet to see if the port is available.  It turns out it isn't.  A search of the web yields this (with it's good, but not obvious, clue):

ERROR_DESTINATION_NOT_REACHABLE

Diagnosis: Web Management Service or Remote Agent is not installed or unreachable on the remote computer.
Resolution: Verify that Remote Agent Service or Web Management Service are started on the remote computer, depending on which one you are connecting to. You can do a "net start wmsvc & net start msdepsvc" on the remote computer to ensure these services are started. Also, ensure that a firewall is not interrupting communications with the destination.

The problem is that Web Deploy installs itself, but it doesn't install the Web Management Service.  It also doesn't warn you that it's not available.

So, to install WMS, go to Server => Roles,  then Web Server (IIS) => Management Tools => Managment Service.  Install it...




And Voila!  You're all set!




Posted by at No comments:
Labels: ,

Tuesday, May 21, 2013

Restricting Access By Location in IIS

A customer and I were reviewing their web logs and remarking on how many hits were coming in from countries with which they don't even remotely do business. There were several visits each day from China, Russia, Korea, etc. If they were coming to the site, they were either seriously lost or just up to no good.

We decided to restrict access to those folks that just shouldn't be there. Here is how we did it:

First, we are using IIS7. If you are using a Unix flavor, you need to modify your .htaccess file in the /etc directory. If you are on IIS, there is a similar procedure. You will be modifying the following file: 

%WinDir%\System32\Inetsrv\Config\applicationHost.config

Open this file on your IIS Server and search for 

location path=
until you find the web instance you want to apply these settings to.

Next you want to get this file: http://ip-to-country.webhosting.info/downloads/ip-to-country.csv.zip This file is a list of IP addresses by country code.

The last thing to download is this excellent javascript file built by Kanwaljeet Singla. It parses the ip-to-country file into commands you can use in the applicationHost.config file. Once you have the file, rename it to: ipres.js

When you have everything, put it into a folder and pop open your command prompt and go to that directory. Here are a few interesting commands that Kanwaljeet built in: 

 // Generate an "allow" list for USA IP addresses
cscript.exe //nologo ipres.js /f ip-to-country.csv /a USA
 // Generate an "deny" list for China IP addresses
cscript.exe //nologo ipres.js /f ip-to-country.csv /d China

So, here is how I got the website to deny anything but United States IP addresses:

  1. Ran the utility above with the command: 
    cscript.exe //nologo ipres.js /f ip-to-country.csv /a USA > usa.txt

    This created a file called usa.txt

  2. Opened usa.txt in notepad and copied the text between 
    <ipSecurity allowUnlisted="false">
    and the last "add" entry
  3. Opened the ISS ApplicationHost.config file mentioned above in notepad.
  4. Pasted the entire section into the system.webServer/Security section. I also added a special entry that allows me to access the site locally: 
    <add ipAddress="10.0.0.0" subnetMask="255.0.0.0" allowed="true" />
  5. Recycled the Application Pool with that website and voila!
Great credit goes to Kanwaljeet Singla for his cool tool.
Posted by at No comments:
Labels: ,
Location: Aliso Viejo, CA, USA
Subscribe to: Posts (Atom)
Copyright ©2006-2018 Brett W. Huffman. All Rights Reserved.