website Setting Up the IIS Web Server - The Basics
IIS is the Web server for XP and Windows. Web server installation and administration is relatively simple, mainly setting up directories accessible to the Internet.
- Installing IIS - IIS is not normally installed on XP systems. To install:
- Insert XP installation CD.
- Start | Setting | Control Panel | Add or Remove Programs | Add/Remove Windows Components
- Check Internet Information Services (IIS) and click Next. The Windows Components Wizard should start.
- When IIS is installed, go through the tests and configuration below this section.
- IP address or host name - At IUS, the IP will be dynamically and automatically assigned. All machines are known locally (on themselves) aslocalhost. IUS machines also have a name assigned that is accessible Internet-wide. To connect to the Web server on the same machine and get the default page, in a browser enter:
To find out what the Internet name or IP of a Windows machine use:
from the command prompt. You should see something like below.
C:\ ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . : LF111-201.ius.edu
DNS Servers . . . . . . . . : 129.79.1.1
198.88.18.1
0 Ethernet adapter :
Description . . . . . . . . . : PPP Adapter.
Physical Address. . . . . . : 44-45-53-54-00-00
DHCP Enabled. . . . . . . . : Yes
IP Address. . . . . . . . . . . : 149.160.29.92
Subnet Mask . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . : 149.160.29.92 |
| http://149.160.29.92http://LF111-201.ius.edu |
- Virtual directories - The default location for Microsoft server scripts/pages is C:\InetPub\wwwroot. To use other directories one must define a virtual directory.
- Login with administrator privileges
- Create a directory using Windows Explorer on: C:\A348
- Start | Run | Control | Administrative Tools | Internet Information Services
- Expand local computer, Web Sites, and Default Web Site.
- Right click on Default Web Site.
- New | Virtual Directory
- Alias: A348
- Directory: C:\A348
- Execute (including scripts) and Browse
- With the virtual A348 directory, an HTML file named C:\A348\guru.htm could be loaded from the local machine by:
| http://localhost/A348/guru.htm |
- User Account for IIS - Some IIS installations require a user account and sufficient access privileges to update files.
- Login with administrator privileges
- Start | Run | Control | Administrative Tools | Computer Management | Local Users and Groups | Users
- Select Launch IIS Process Account
- Check User Cannot Change Password and Password Never Expires
- Select Member Of
- OK each menu
Exercise 1 - Testing IISThe machines in LF-105 and LF-111 already have IIS installed. Do the following to setup the Web server and test:
- Login with administrator privileges
- Create a directory using Windows Explorer on: C:\A348
- Start | Run | Control | Administrative Tools | Internet Information Services
- Expand local computer, Web Sites, and Default Web Site.
- Right click on Default Web Site.
- New | Virtual Directory
- Alias: A348
- Directory: C:\A348
- Execute (including scripts) and Browse
- Depending upon your configuration of operating systems and Access versions, the following may be necessary when ASP script fail when accessing database:Change A348 Application Protection as a work-around associated with using Access databases and ASP:
- Right click on A348
- Select Properties
- Change Application Protection to: Low(IIS Process)
- Click OK
- Stop and start IIS by:
- Right click on Default Web Site
- Stop
- Right click on Default Web Site
- Start
- Copy and paste the following client-side HTML to the file named HelloWorld.htm:
- Test by entering in the browser address:
| http://localhost/A348/HelloWorld.htm |
- Verify that the server machine is accessible over the Internet.
- Find out what the local machine's IP is entering at the COMMAND prompt: ipconfig /all.
- Using a browser, test by: http://Machine's IP Number/A348/HelloWorld.htm
- Using a browser on another machine, try opening on your server machine by: http://Machine's IP Number/A348/HelloWorld.htm
|
Server program execution
IIS requires that the virtual directory where the server program resides have execute privileges and the Launch IIS Process Accounthave sufficient privileges.
- Scripts - Server scripts (designated with ASP or ASPX extension) are similar to client scripts but run on the server, sending output to the browser.Assume that a directory C:\A348 has been defined as a virtual directory named A348 with execute privileges. Any ASP file placed in the directory can then be executed; a program named test.asp located on directory C:\A348 can then be executed by:
| http://localhost/A348/test.asp |
- C++ - Any executable file can be a CGI program. Assume that a directory C:\CGI has been defined as a virtual directory named CGI with execute privileges. Any exe file placed in the directory can then be executed; a program named test.exe located on directory C:\CGI can then be executed by:
| http://localhost/CGI/test.exe |
- Perl - Perl can be used as a CGI or script programming language. It can be freely downloaded from http://www.ActivePerl.com
- IIS - Under Windows 2000/XP, assuming ActivePerl is installed at C:\Perl:
- Login with administrator privileges
- Create a directory using Windows Explorer on: C:\A348
- Start | Run | Control | Administrative Tools | Internet Information Services
- Expand local computer and Web Sites.
- Right click on Default Web Site and open the Properties editor.
- Click on Home Directory tab.
- Set Local Path to C:\inetpub\wwwroot
- Click Configuration button.
- Click App Mappings tab then Add button.
- Enter:
- Executeable: C:\Perl\bin\perl.exe %s %s
- Extension: .pl
- Click OK to back out of menus.
|
The Perl program in virtual directory A348 could then be executed without specifying the Perl interpreter by:
| http://localhost/A348/test.pl |
- Command Prompt - To execute a Perl program with a .pl extension at the command prompt or by clicking on the file icon, the simplest approach is to associate the file extension with the Perl interpreter.
- Locate the perl.exe interpreter using Find. It is probably located as Perl\bin\perl.exe
- Open Windows Explorer and point to the perl.exe file.
- Tools | Folder Options | File Types
- Look for a .pl extension in the list of files types, if not found, continue.
- Click New and enter .pl as the File Extension.
- Click Change | Other...
- Locate and click on perl.exe
- Open | OK | Close
|
The Perl program in directory C:\A348 could then be executed without specifying the Perl interpreter by:
- Warnings - Placing executable files in public directories allow any Internet user access to execute those files on your machine. Be careful what you place in public directories. Test that the programs execute as intended and attempt to defend against common attacks. These will be discussed later in the course.
Exercise 2 - Testing IIS ScriptsVerify that the server will execute server-side scripts from the A348 directory:
- Login with administrator privileges
- Create a directory using Windows Explorer on: C:\A348\ASP
- Copy and paste the following ASP script to the file named HelloWorld.asp:
<%@ LANGUAGE = JScript %>
<%
for(i=0; i<10; i++) {
%>
Hello World <%= i %> times
<%
}
%> |
- Test by entering in the browser address:
| http://localhost/A348/ASP/HelloWorld.asp |
|
Adding Secure Access to the Server
The following restricts access to virtual directories by the Integrated Windows Authentication, a secure login method. Only those users or groups explicitly listed will be able to access the directory over the Internet.
Disable Simple File Sharing
Disabling Simple File Sharing is necessary in order to enable the creation of Access Control Lists for shared disks and folders:
- Click Start | My Computer | Tools | Folder Options | View.
- Scroll to the bottom of the list of advanced settings and un-check Use Simple File Sharing (Recommended).
- Click OK.
Create User Accounts
There are a couple of ways to create user accounts, but let's start simply by clicking Start | Control Panel | User Accounts.
You'll see all of the existing accounts on the computer.
Click Create a new account, and enter the new user's name.
Click Next, and choose the account type. This determines (rather simplistically) which group the user will be placed in. There's generally no good reason to grant remote users Computer administrator privileges, so select Limited, and then click Create Account. The new account appears in the User Accounts window.
Create Passwords
By default, Windows XP will not permit a network user to access the XP machine using an account set up without a password.
In Control Panel | User Accounts, click the desired account, and then click Create a password. Enter the password, and then enter it again to confirm it. Enter a password hint if you'd like – a user who forgets the password can look at the hint at the logon screen as a memory aid. Then click Create Password to make it take effect.
Define Virtual Drive Access
- Locate the folder of the virtual drive defined for IIS.
- Right click | Sharing and Security | Security
- Add the names of users (or group) that should be given access to the folder. Set the permissions for each user (group).
- Click Advanced and uncheck the Inherit from parent .... This will restrict access to only those users (groups) explicitly listed.
Define Database Directory Access
The database directory must be accessible by IIS and the program updating the database.
- Locate the folder of the database.
- Right click | Sharing and Security | Security
- Add the names of users (or group) that should be given access to the database folder. Set the permissions for each user (group) to FULL.
- Add the name of the IIS Guest account, IUSR_machinename and set the permissions to FULL.
Authentication Method
By default IIS allows anyone to access the virtual drive as an anonymous user.
- Start | Run | Control | Administrative Tools | Internet Information Services
- Expand local computer, Web Sites, and Default Web Site.
- Right click on the virtual directory | Properties | Directory Security | Edit
- Only Integrated Windows authentication should be checked.
0 comments:
Post a Comment