Introduction to Multilingual Retrieval Augmented Generation (RAG)
IIS7 For Non IIS PFEs
1.
2.
3.
4.
5. IIS 1.0, Windows NT 3.51 available as a free add-on (30 May 1995)
IIS 2.0, Windows NT 4.0 (29 July 1996)
IIS 3.0, Windows NT 4.0 Service Pack 2
IIS 4.0, Windows NT 4.0 Option Pack
IIS 5.0, Windows 2000 (17 February 2000)
IIS 5.1, Windows XP Professional and Windows XP Media Center Edition (requires retail CD) (October 25,2001)
IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition (April 24, 2003)
IIS 7.0, Windows Server 2008 and Windows Vista (Home Premium, Business, Enterprise and Ultimate editions) (February 4, 2008)
IIS 7.5, Windows Server 2008 R2 and Windows 7 (Home Premium, Professional, Enterprise and Ultimate editions) (July 22, 2009)
IIS 8.0 Windows Server 2012 and Windows 8 (September 4,2012)
IIS 8.5 Windows Server 2012 R2 and Windows 8.1 (April, 2014)
IIS 10 Windows Server 2016 and Windows10 (August 19,2015)
• Apache- Apache
• Apache- Tomcat
• Nginx –Igor Sysoev
• GWS- google
• Resin – Caucho Technology
• Lighttpd – ligttpd
• Sun Java System Web Server- Oracle
• Jigsaw
• Klone
• Abyss
• X5 (Xitami)
• Zeus
• MacHTTP
6.
7. More Reliable More Control More Secure More Choice
Scalable Web
Infrastructure
Dynamic Caching and
Compression
Powerful Diagnostic Tools
Centralized Web
Management
Delegated Remote
Management
Easy Application & Server
Deployment
Enhanced Server
Protection
Secure Content Publishing
Improved Access
Protection
Built-in ASP.NET and PHP
Support
Modular & Extensible Web
Server
Intelligent Media Serving
8.
9. Svchost.exeInetinfo.exe
WWW
Service
(w3svc)
IIS Admin
Service
metabase
FTP Service
SMTP Service
NNTP Service
LSASS.EXE
HTTPAPI
Web garden (w3wp.exe)
Winsock
TCPIP.SYS
HTTP.SYS
Application Pool (w3wp.exe)
WAS
Worker Process
ISAPI Extensions
ISAPI Filters
Managed Mods
Configuration
(applicationhost.config)
SSL Windows Auth
User
Kernel
Worker Process
ISAPI Extensions
ISAPI Filters
Managed Mods
Worker Process
ISAPI Extensions
ISAPI Filters
Managed Mods
Worker Process
ISAPI Extensions
ISAPI Filters
Managed Mods
Worker Process
ISAPI Extensions
ISAPI Filters
Managed Mods
14. Fully Extensible – support custom modules
Minimal installation by default
Install and/or use only the modules you need
Over 40 feature modules
WindowsAuthModule IPSecurityModule
ASP.NET HttpLoggingModule
HTTPTracingModule FTPManagement
HTTPDynamicCompression ManagementScripting
... ...
15.
16. Use all administration tools
Firewall-friendly ports
HTTPS port 443
Restrict by IP, port, certificate, or log request
First we will see the new IIS architecture and how IIS is composed from inside
The new and better configuration store and host it differs from the previos version of IIS
Delegate Site Configuration: a powerfull feature that alow administrator to delagate changes and configurations of some IIS features to deparment administrators and even web developers
Failed Request Tracing: a new addition to help you trobleshoout issues in applications running inside IIS. And we are talking about most common IIS problemns: Hangs, Crash, performance issues
A series of native or manage modules that you can add to extend the posibilities of IIS: among others : dabatabse manager, web farm framework,advance loggin
First we will see the new IIS arquitecture and how IIS is composed from inside
The new and better configuration store and hos it differs from the previos version of IIS
Delegate Site Configuration: a powerfull feature that alow administrator to delagate changes and configurations of some IIS features to deparment administrators and even web developers
Failed request tracing: a new addition to help you trobleshoout issues in applications running inside IIS. And we are talking about most common IIS problemns: Hangs, Crash, performance issues
A series of native or manage modules that you can add to extend the posibilities of IIS: among others : dabatabse manager, web farm framework,advance loggin
IIS7.5
Title: Internet Information Services
Talking Points:
Internet Information Services (IIS) is the Web publishing platform in Windows Server® 2008 that enables organizations to deliver rich Web-based experiences. Extensible Web features in IIS provide easy-to-use tools to aid your customers in administration, diagnostics, and management. IIS is a customizable platform with .NET extensibility. It provides enhanced reliability, security, and failure recovery via efficient management and deployment tools.
IIS provides a variety of benefits for your customers’ business managers, technical staff, and for Web hosting, including:
More Reliable
Increased availability through dynamic request handling, improved caching, and powerful troubleshooting tools
Scalable Web Infrastructure
Implement a scalable Web infrastructure with HTTP-based load balancing and intelligent request handling and routing
URL Rewriter, Application Request Routing
Dynamic Caching & Compression
Improve performance by enabling high-speed dynamic caching and compression
User-Mode Caching, Kernel-Mode Caching, Static and Dynamic Compression
Powerful Diagnostic Tools
Find and fix issues quickly and easily with powerful diagnostic tools
Detailed Errors, Failed Request Tracing, [**Configuration Logging, Best Practice Analyzer]
More Control
Simplified, distributed management through set of customizable administrative tools with easier application deployment for developers
Centralized Web Management
Configure and manage your Web infrastructure from one place through a wide selection of administration tools
IIS Manager, Database Manager, Windows PowerShell Snap-In, AppCmd, Shared Configuration, .NET Web Administration, WMI
Delegated Remote Management
Delegate site configuration management and publishing to remote users
Feature Delegation, IIS Manager for Remote Administration
Easy Application & Server Deployment
Archive, package, migrate, and deploy complete applications and Web servers more easily
Web Deployment Tool
More Secure
Improved security and server protection through reduced server footprint, enhanced publishing, and request filtering capabilities
Enhanced Server Protection
Maximize Web site security through reduced server footprint and automatic application isolation
Server Core, Modular Architecture, Application Pool Isolation
Secure Content Publishing
Publish Web content more securely using standards-based protocols
FTP, WebDAV
Improved Access Protection
Protect Web server and Web applications from malicious requests and unauthorized access
Request Filtering, URL Scan, URL Rewriter, URL Authorization, Dynamic IP Restrictions
More Choice
Flexible platform with enhanced support for multiple application development platforms and media content delivery
Built-in ASP.NET & PHP Support
Develop and deploy ASP.NET and PHP applications together on a flexible Web platform
Web Platform Installer, FastCGI, Integrated Pipeline
Modular & Extensible Web Server
Deploy a streamlined, modular, and extensible Web server
Server Core, Modular Architecture, .NET Extensibility, ISAPI Extensions and Filters
Integrated Media Platform
Optimize bandwidth and set content delivery options through intelligent media serving in an integrated HTTP-based media delivery platform
Smooth Streaming, Live Smooth Streaming, Advanced Logging, Bit Rate Throttling, Web Playlists
**Configuration Logging and Best Practice Analyzer are available only in Windows Server 2008 R2
Additional Information:
IIS 7.0 online: http://learn.iis.net/
Talking Points:
IIS 7.0 contains many features with easy-to-use options that let organizations simplify Web server management. Enhancements in IIS 7.0 include XML-based configuration, installing IIS 7.0 with Server Core, support for existing extensions and filters, modular components, enhanced administration tools, feature delegation, remote connection features, automatic pool isolation, extensive diagnostic and troubleshooting tools, FTP publishing, integrated pipeline, managing IIS 7.0 using scripting or the command line, and the ability to host PHP applications on IIS 7.0.
[BUILD1]
XML Configuration IIS 7.0 allows you to store IIS configuration settings in web.config files. The changes in configuration storage make it much easier to use Xcopy to deploy applications across multiple front-end Web servers to reduce costly, error-prone replication and manual synchronization issues.
Server Core To further limit security exposure, administrators can choose to install a minimal environment with the Server Core installation option of Windows Server 2008. Server Core omits graphical services and most libraries, in favor of a stripped-down, command-line-driven system.
Modular Components IIS 7.0 is made up of more than 40 separate feature modules. Installing only required modules helps reduce administrative overhead.
Enhanced Tools IIS 7.0 extensibility includes a new managed administration application programming interface (API) that can be used to administer the Web server or build extensions to the IIS administration user interface. Configuration, scripting, event logging, and administration tools are also expanded.
Remote Management IT staff can use the IIS Manager GUI to administer the server both locally and remotely. IIS Manager uses HTTPS for communication with the server if IIS Manager is used remotely.
PHP Hosting Capable IT professionals can now host PHP and other Fast CGI-compliance applications on IIS 7.0. This change means that companies can consolidate Web application hosting on Windows Server 2008. With PHP support on Windows Server, IT administrators can host and manage multiple application frameworks on a single Windows operating system.
Delegation of Administrative Control The delegation feature in IIS 7.0 enables those who host or administer Web sites or Windows Communication Foundation (WCF) services to delegate administrative control to developers or content owners. Delegation helps to reduce cost of ownership and administrative burden for server administrators. In a hosted scenario, hosters can provide customers with the ability to remotely manage their own sites and applications, without having administrative access to the server. In a datacenter environment, IT staff can delegate administration for portions of the corporate site to designated departmental site owners.
Diagnostics and Troubleshooting IIS 7.0 provides a clear view of internal diagnostic information about IIS, and it collects and exposes detailed diagnostic events to aid troubleshooting for application code or configuration issues.
Automatic Application Pool Isolation By default, IIS 7.0 assigns all worker processes a unique identity and separated configuration.
Modern FTP Publishing FTP publishing support is provided in a new, enhanced version of the Microsoft FTP Server, FTP 7. It is available as a free download from www.iis.net. The downloadable FTP server includes secure publishing with FTP/SSL support as well as integrated Web publishing with support for the IIS 7.0 configuration system and administration tool. Using the new FTP makes it easy to set up FTP publishing points for a Web application and to use integrated authentication.
Integrated Pipeline In IIS 7.0, both native and managed code requests are processed by default through an integrated pipeline. The integrated pipeline allows for different application frameworks to run within a single Web server request pipeline, offering built-in ASP.NET extensibility for all applications.
Command-Line and Script Management IIS 7.0 provides extensive support for configuration and management using scripts and the command-line utility AppCmd.
- TCPIP.SYS protocol Driver for TCP, UDP, IP, ARP, ICMP, and IGMP, is located in the folder C:\Windows\System32\drivers
- HTTP.SYS: The HTTP listener is implemented as a kernel-mode device driver called the HTTP protocol stack (HTTP.sys). IIS 6.0 uses HTTP.sys, which is part of the networking subsystem of the Windows operating system, as a core component.
- Winsock: IIS5 use Windows Sockets API (Winsock), which is a user-mode component, to receive HTTP requests. Windows of the Berkeley UNIX sockets.
- HTTPAPI: Es HTTPAPI.dll
- LSASS.EXE: (Local Security Authority Subsystem Service): In IIS6 included SSL and windows Auth Movido al Kernel HTTP.sys en IIS7
- Inetinfo.exe (IIS Admin Service): Enables this server to administer the IIS metabase. The IIS metabase stores configuration for the SMTP and FTP services. If this service is stopped, the server will be unable to configure - SMTP or FTP. If this service is disabled, any services that explicitly depend on it will fail to start.
- W3svc (World Wide Web Publishing Service): Provides Web connectivity and administration through the Internet Information Services Manager
- W3wp.exe:
- WMSVC: C:\Windows\system32\inetsrv\wmsvc.exe: The Web Management Service enables remote and delegated management capabilities for administrators to manage for the Web server, sites and applications present on this machine.
- WAS: Activations, resource management and health management of worker process. Allow the management of Http and no http sites
Isapi Extensions: ISAPI extensions are implemented as DLLs that are loaded into a process that is controlled by IIS. ASP.dll
Isapi Filter: ISAPI filters are DLL files that can be used to modify and enhance the functionality provided by IIS. ISAPI filters always run on an IIS server, filtering every request until they find one they need to process. The ability to examine and modify both incoming and outgoing streams of data makes ISAPI filters powerful and flexible for:
Change request data (URLs or headers) sent by the client
Control which physical file gets mapped to the URL
Control the user name and password used with anonymous or basic authentication
Modify or analyze a request after authentication is complete
Modify a response going back to the client
Run custom processing on "access denied" responses
Run processing when a request is complete
Run processing when a connection with the client is closed
Perform special logging or traffic analysis.
Perform custom authentication.
Handle encryption and compression.
Request is picked up by HTTP.SYS
HTTP.SYS lets W3SVC know of the request.
W3SVC talks to WAS to let it know of the request.
WAS talks to the configuration store to identify the application pool that would host the request.
The Configuration Store sends that information to WAS.
WAS (Windows Process Activation service) then creates the worker process:.
Once the worker process is successfully up and running, it lets WAS know of its status.
WAS lets the W3SVC know of the availability of the worker process
W3SVC lets HTTP.SYS know about the worker process
HTTP.SYS sends the request to the worker process
Worker Process executes the request and sends the response to HTTP.SYS
HTTP.SYS sends the response to the client.
Non http Listener or request
In the case of WCF, a listener adapter includes the functionality of a protocol listener. So, a WCF listener adapter, such as NetTcpActivator, is configured based on information from WAS. Once NetTcpActivator is configured, it listens for requests that use the net.tcp protocol. For more information about WCF listener adapters, see WAS Activation Architecture on MSDN.
Integrated application pool mode
When an application pool is in Integrated mode, you can take advantage of the integrated request-processing architecture of IIS and ASP.NET. When a worker process in an application pool receives a request, the request passes through an ordered list of events. Each event calls the necessary native and managed modules to process portions of the request and to generate the response.
There are several benefits to running application pools in Integrated mode. First the request-processing models of IIS and ASP.NET are integrated into a unified process model. This model eliminates steps that were previously duplicated in IIS and ASP.NET, such as authentication. Additionally, Integrated mode enables the availability of managed features to all content types.
Classic application pool mode
When an application pool is in Classic mode, IIS 7 and above handles requests in the same way as in IIS 6.0 worker process isolation mode. ASP.NET requests first go through native processing steps in IIS and are then routed to Aspnet_isapi.dll for processing of managed code in the managed runtime. Finally, the request is routed back through IIS to send the response.
This separation of the IIS and ASP.NET request-processing models results in duplication of some processing steps, such as authentication and authorization. Additionally, managed code features, such as Forms authentication, are only available to ASP.NET applications or applications for which you have script mapped all requests to be handled by aspnet_isapi.dll.
Be sure to test your existing applications for compatibility in Integrated mode before upgrading a production environment to IIS 7 and above and assigning applications to application pools in Integrated mode. You should only add an application to an application pool in Classic mode if the application fails to work in Integrated mode. For example, your application might rely on an authentication token passed from IIS to the managed runtime, and, due to the new architecture in IIS 7 and above, the process breaks your application.
IIS 7 uses a new XML-based configuration store that is modeled after the ASP.NET configuration. IIS configuration is stored in the ApplicationHost.config file and can also be distributed among Web.config files for sites, applications, and directories. Settings configured at one level are inherited automatically by lower levels, unless they have been locked to prevent changes. By default, the server administrator is the only user who has permission to view and edit the ApplicationHost.config file.
Configuration Levels
In IIS 7, you can configure settings at the following levels:
- Web server
- Site
- Application
- Virtual or physical directory
- URL (also known as file-level configuration)
NOTE: To configure settings at a child level, a configuration section must be unlocked (also known as delegated) at the parent level or levels. For example, to configure a feature at the application level, the related configuration section or sections must be delegated at both the server and the site levels.
DEMO
=====
1) Show where the applicationHost.config file is administration.config, redirection config, as well as the Machine.config and Root Web.config
Show how we can change the behavior/configuration of the Web Sites, Applications and Directories by creating Web.config files
Mostrar el directory browsing. Con el ejemplo de un album de fotos del cual quiero descargar una por una
Explicar que es directorybrowsing, mostrar Livesysinternal.com
Explicar que se necesita par a que directorybrosing funcione: - Directory browsing cuando funciona? cuando se habilita el checkbox "DirectoryBrowsing" y no hay pagina default en la aplicacion o esta desabilitada la opcion "Enable default content page" en el Tab document
Asegurar primero que todo este bloqueado en IIS
Probar que no puedo descargar fotos
Eliminar via web.Config el default page
Habilitar via web.Config file el directory Browsing
Navegar y robar las fotos =) SOY UN HACKER!!!!
Hacer la aclaratoria de que mas adelante veremos como impedir esto.
Mostrar otras propiedades o mencionarlo al menos.
Autenticacion anonima meter…
Reduce the memory footprint
Recuce the Attack Surface on the server
The IIS 7 Web server feature set is componentized into more than thirty independent modules.
A module is either a Win32 DLL (native module) or a .NET 2.0 type contained within an assembly (managed module). Similar to a set of building blocks, modules are added to the server in order to provide the desired functionality for your applications. Likewise, all IIS modules can be removed, or replaced with custom modules developed using the new IIS 7 C++ APIs, or the familiar ASP.NET 2.0 APIs.
In order to add a module to the server, you must perform two steps:
1.Install a module on the server (native modules only).
2.Enable the module in an application.
Module description
http://learn.iis.net/page.aspx/121/iis-modules-overview/
Ways to remove or enable modules
1- Manually edit the IIS 7 configuration store, either globally to enable the module for all applications on the server, or in a particular web.config file located within each application for which you would like to enable this module. In IIS 7.5 you can use the Configuration Editor.
2- Use the IIS Manager
3- Use the AppCmd.exe command line tool (Appcmd.exe install module /name:MODULE_NAME /image:PATH_TO_DLL , Appcmd.exe uninstall module MODULE_NAME, Appcmd.exe list modules [/app.name:APPLICATION_NAME], Appcmd.exe add module /name:MODULE_NAME /type:MGD_TYPE, Appcmd.exe delete module MODULE_NAME [/app.name:APPLICATION_NAME])
DEMO
====
1. Show the different modules that are available through the installation wizard, show how there are some of them that have dependencies and are automatically selected
2. Show the memory footprint when installing all of the modules, show how you can remove modules from the applicationHost.config file and how the memory footprint is reduced
<globalModules>
Remove the corresponding module entry from the <globalModules> configuration list, and the associated entry in the <modules> configuration list
<add name="MyBasicAuthenticationModule" type="IIS7Demos.BasicAuthenticationModule" />
3. Show how to include self-developed modules (http://learn.iis.net/page.aspx/170/developing-a-module-using-net/)
a) A managed module is a .NET class that implements the System.Web.IHttpModule interface. The primary function of this class is to register for one or more events that occur within IIS 7.0 request processing pipeline, and then perform some useful work when IIS 7.0 invokes the module's event handlers for those events.
b) Compile the module into an assembly, and drop this assembly in the /BIN directory of the application.PATH_TO_FX_SDK>csc.exe /out:BasicAuthenticationModule.dll /target:library BasicAuthenticationModule.cs
c) Add the module via console or appcmd.exe or manually editing: applicationhost.config <add name="MyBasicAuthenticationModule" type="IIS7Demos.BasicAuthenticationModule" />
Title: Remote Management Through HTTPS
Technical staff can enable remote connections, set credentials (Windows or IIS Manager), connection information (IP address, port, SSL certificate, and log requests), and IPv4 address restrictions. Type in the remote connection information, and then click the Allow, Deny, or Delete button to control the access or to remove the remote connection.
Benefits of Remote Connections
Talking Points:
IIS 7.0 contains a feature that lets IT professionals connect to a server, Web site, or application remotely by using HTTPS.
IIS 7.0 supports secure remote administration over HTTPS, allowing for integrated local, remote, even cross-Internet administration without requiring DCOM ports on the firewall. Using the remote connection features makes it easy for administrators to set up remote connections and to manage remote connections.
This feature can save IT professionals time because they can access a server, Web site, or application from a remote site or their home. Administrators can download the IIS 7.0 Manager, InetMgr.exe, which allows them to connect remotely. The IIS 7.0 Manager is a standalone remote administration console. If an administrator is working on a computer that does not have IIS7 installed and wants to administer a computer that does have IIS7, the administrator would need to download and install the IIS 7.0 Manager.
Click the InetMgr.exe icon to launch the tool and the IIS Start Page displays. To connect to a specific server, click the Connect to a server option in the Connect task pane.
A dialog displays where the administrator enters the name of the server and its IP address, then clicks the Next button. A dialog box is displayed that prompts for credentials; the administrator enters a user name and password and clicks the Finish button to connect to the server and display the IIS Manager Graphical User Interface.
1 - You can use the interface of your choosing - the interface you’re familiar with, be it IIS Manager, AppCMD, Windows PowerShell. Work the way you want.
2- You can do that securely and remotely. Whether from your cube or from a remote location, whether managing servers in the data center or in a remote location.
3 - Give them the spiel about how it works over firewall friendly ports. Tell them it is a secure, easier-to-use alternative to Secure Shell (SSH).
4 - Combined with the ability to delegate, remote administration features allow customers, developers and site owners to manage their sites remotely.
Number 4 requires that you cover Delegate before this slide, which you need to do.
Download the IIS 7.0 Manager tool at:
http://www.microsoft.com/downloads/details.aspx?FamilyID=32c54c37-7530-4fc0-bd20-177a3e5330b7&displaylang=en
Remotely Connect to a Web Site or Application for Delegated Administration
An administrator can delegate authorization to Web site owners or departments which gives the user non-administrator access to a specified Web site or application. In this scenario, the administrator has set up non-administrative delegated authority for a department Web site manager to allow that person to update information on the Web site or to change an application. For information on how an administrator sets up feature delegation, see the Controlling Access with Feature Delegation section.
The administrator must first install InetMgr.exe on the workstation where the administrator is working. The Web site manager would then follow these steps to access the Web site or application remotely and have access to the IIS 7.0 Manager. The site manager will only have access to the IIS features assigned by the administrator.
Click the Internet Information Services (IIS) Manager icon on the Windows Server 2008 desktop to display the IIS Start Page.
To connect to a specific Web site, click the Connect to a site option in the Connect task pane. Enter the name of the Web site, click the Next button. Enter the user name and password on the Provide Credentials window and click the Finish button. The delegated user will be able to access the IIS Manager GUI and perform tasks to update the Web site.
To connect to a specific application, click the Connect to an application option in the Connect task pane. Enter the name of the server where the application is located and the application name, click the Next button. Enter the user name and password on the Provide Credentials window and click the Finish button. The delegated user will be able to access the IIS Manager GUI and perform tasks to update the application.
Additional Information:
Remote Administration for IIS Manager: http://www.iis.net/articles/view.aspx/IIS7/Use-IIS7-Administration-Tools/IIS-Manager-Administration-Tool/Remote-Administration-for-IIS-Manager
Title: Controlling Access: Feature Delegation
Talking Points: Controlling Access with Feature Delegation
IIS 7.0 contains new Feature Delegation support that lets technical staff delegate administrative responsibility. The delegation can be very specific, allowing an administrator to decide exactly which functions to delegate, on an individual basis. This feature might be used by administrators to allow specific access to the site for Web developers providing content on a site or to provide limited management access to a customer or department. Delegated (non-administrative) access can also be set for configuration of individual sites and applications.
Administrators can allow staff with non-administrator access to connect to a site or application and perform specific actions. The Administrator can set access so the non-administrator can:
Manage unlocked configuration for their site or application
View locked configuration settings without being able to modify them
Add other administrators for their site or application
Setting Up and Managing Feature Delegation
Using IIS Manager, administrators can set up feature delegation to control non-administrative access. IIS 7.0 allows locking and unlocking configuration settings in various levels and scopes, which can be used to delegate and control access. Locking down configuration means that it cannot be overridden (or set at all) at lower levels in the hierarchy. Configuration locking is useful when creating different configurations for different sites or paths. Locking can be done at the section level or for specific elements, attributes, collection elements, and collection directives within sections.
The Feature Delegation Dialog Box (graphic) displays features in IIS Manager and the delegation state for each feature (
Read, Read/Write, or Configuration Read/Write:The administrator selects the desired feature and then chooses one of these options from the Action pane to apply to the feature:
Read Only: Does not allow modification
Not Delegated (lock the feature and hide in site and/or application settings): The feature cannot be delegated and is locked
Reset to Inherited Values: Returns to the default inherited settings
Reset All Delegation: Resets all delegated features to their non-delegated default settings
Custom Application Delegation: Displays another window where you can set up delegation for applications
Benefits of Feature Delegation
Delegation in IIS 7.0 allows organizations to involve site owners and developers more in specific day-to-day management tasks, thereby reducing the administrative burden for server administrators. Using Feature Delegation can save time for both administrators and the users they support. Because Feature Delegation can be tightly controlled, the administrator can set the access allowed for delegated (non-administrative) users of individual sites and applications. This feature will be especially valuable for hosted or datacenter environments because content update or administration tasks can be delegated to site owners. For example, Feature Delegation could be used to let content developers change the content on their site or to let customers do some of their own site management. This could free developers from having to contact an administrator and wait for a response just to make a minor content change on a Web site, saving costs to Web site support. This would also allow the administrator to perform more critical business tasks.
Download the IIS Manager for remote administration
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=2299
Habilitando Remote Managment
http://learn.iis.net/page.aspx/158/remote-administration-for-iis-manager/
Delegate Feature (LOCK y UNLOCK Features)
Siguiendo el ejemplo anterior del hackeo de la foto
Detener la delegacion del default document o del directory browsing y ver el comportamiento. Via Consola
Luego Mostrar en el ApplicationHost.config que es Lock y Unlock y que se modifica (esto aun no lo entiendo)
Title: Automatic Failed Request Tracing
Talking Points:
The new Automatic Failed Request Tracing technology allows technical professionals to define error conditions which, when triggered, write detailed error information to log files. Failed Request Tracing is particularly useful in tracing intermittent or complex problems. In IIS 7.0, it is even possible to add tracing to custom modules. Error conditions can range from “slow” or “hung” requests, to the familiar status codes IIS sends back during error conditions, such as “Server 500 Error.” When configured, if IIS 7.0 detects one of these error conditions, it will automatically log detailed trace events of everything that happened during the request that led up to the error. This is called Failed Request Tracing.
How Failed Request Tracing Works
The tracing infrastructure in IIS 7.0 is very flexible. Both trace event providers and trace event consumers are simply modules, so it is easy to select which modules to use. For example, the technical professional could use Event Tracing for Windows (ETW) or Failed Request Tracing, which is the automatic fail request tracing infrastructure in IIS 7.0. In addition to choosing one of these existing modules, it is easy to create both consumer and provider modules and to plug them into the tracing infrastructure. This allows technical staff to use their own providers and consumers in any place that normally uses the built-in providers and consumers.
Example: The technical professional uses the IIS Manager console to define a trace condition, such as a "404 File Not Found" error that may occur as a result of a request. This request is written to the Trace Configuration file. When the Web server processes a request, the pipeline modules read the trace configuration information for that provider. Then, when an event that matches the tracing configuration occurs, such as the "404 File Not Found" error defined earlier, the pipeline module raises a trace event. The trace event is then delivered back to the source consumer module that registered the trace event. That consumer module is responsible for doing something with that event, such as writing it to a log file.
To set up a failed request tracing rule in IIS 7.0, do the following:
In the IIS section of the Features View, click the Failed Request Tracing Rules icon, The Define Trace Conditions dialog box displays.
In the Add Failed Request Tracing Rule dialog box, click an item in the list to indicate what you want to trace. Valid selections are: all content, ASP.NET (*.aspx), ASP (*.asp) or Custom (where you can enter a name such as tr*.aspx.) Click Next to display the next dialog box.
In the Define Trace Conditions dialog box, indicate the conditions under which a request should be traced. You can enter a status code, time taken, and severity. When the trace information has been set, click Finish to complete the trace rule. Whenever a failed request meets the criteria you established, it will be traced.
Benefits of Using Failed Request Tracing
Large datacenters and hosting providers will appreciate the enhanced productivity leveraged by the new Automatic Failed Request Tracing capabilities of IIS 7.0. It is no longer necessary for administrators to try to reproduce problems that occur intermittently or only under certain circumstances. Once Failed Request Tracing is configured, it will automatically track the defined condition. Furthermore, it is not necessary to turn Automatic Failed Request Tracing on for every Web site and every URL on a server. It’s no longer necessary for administrators to spend time attempting to reproduce complex or intermittent problems. Not only does failed request tracing reduce the amount of tracing information that could be logged but it also ensures that this powerful feature has as little performance impact as possible on the server.
With the small impact on performance and the significant gain in information retrieved by the Failed Request Trace, it is feasible to turn it on for newly deployed sites or as a means of verifying that sites are running error-free. Using Failed Request Tracing in IIS 7.0 helps pinpoint the cause of failures so that resolving the issue is quicker and easier.
Additional Information:
Troubleshooting Failed Requests Using Tracing in IIS7: http://learn.iis.net/page.aspx/99/troubleshooting-a-web-server-error/
Ejemplo con el
401.2= Tengo que desabilitar la Autenticacion anima del fotovision40
404.2= Tengo que desabilitar la Isapi de .Net 4.0 (corriendo en modo classic)via “ISAPI and restrictions”
With the release of IIS 7.0 in Windows Server 2008, IIS adopted a more modular architecture and a new extensibility model.
This architecture means that you can choose which modules are installed to customize and streamline your Web server. In addition, new and custom modules can be added on top of those already available with IIS 7.0. The extensibility APIs are published on www.iis.net to allow developers to add or replace modules on the server with those they write themselves, and these same APIs are used by the IIS team in Microsoft to release Extensions for IIS that deliver further functionality and features.
There have been many Extensions made available for IIS since the release of Windows Server 2008, and many of these are integrated right out of the box in Windows Server 2008 R2. These Extensions are in addition to further enhancements made to the underlying IIS technology. The IIS team will continue to release Extensions that can be installed on top of IIS in Windows Server 2008 R2 to ensure new innovation are made available on an ongoing basis.