Transcript Ch. 13 – Administering Web Resources
Ch. 13 – Administering Web Resources
MIS 431 – Created Spring 2006 Ch 13 - Adminstering Web Resources 1
This is the Big Deal with Servers!
Install and configure IIS – Internet Info Services Create/configure web site virtual servers and virtual directories Configure web site authentication Install and maintain FTP virtual servers Update and maintain IIS security Create and modify web folders Install and user Remote Installation tools Install and configure web based printing Troubleshoot web client browser connectivity Customize HTTP error messages for your server Ch 13 - Adminstering Web Resources 2
IIS 6.0 Components: major league!
Basic Services World Wide Web service (HTTP) File Transport Protocol service (FTP) Network News Transport service (NNTP) Simple Mail Transport Protocol service (SMTP) FrontPage Server Extensions Cost: free – built into WS03 Fast – handles many users simultaneously ODBC interface to databases Ch 13 - Adminstering Web Resources 3
More About IIS as a Service
When you install IIS, service starts automatically when the server boots Can control web server, FTP server, SMTP, NNTP separately at start up time Can check Ch 13 - Adminstering Web Resources 4
Installing IIS
Implementation type Internet server Intranet server (very cool-works same way) Be careful – you can install things that may cause an attack from the Internet based on new services that appear (e.g., port 80) Built into WS03 – Start | Control Panel | Add/Remove Programs Click Add/Remove Windows Components Choose Application Services, then Details for IIS pieces; continue to drill down when grayed out Ch 13 - Adminstering Web Resources 5
Installing IIS, contd.
Minimum services to check Common Files File Transfer Protocol Service (read only) Internet Information Services Manager World Wide Web Service Optional Parts Internet Printing – you know this one NNTP Service – network news groups SMTP Service – outbound e-mail server Ch 13 - Adminstering Web Resources 6
Anonymous Access
Anonymous Access sets up the ability for
any user
to view a web site (or FTP site) System creates an AD user account called IUSR_
servername
for anonymous access Other system accounts are likewise created Absence of this feature requires the user to
authenticate
before they can view a page Hint: this is necessary for some of your web folders, so prepare a security plan to accommodate those areas Ch 13 - Adminstering Web Resources 7
IIS 6.0 Changes over IIS 5.0
Visually, they look the same and are basically managed the same way Internal changes How processes are handled by IIS Metabase configuration information stored in XML files – easier for a human to read/debug Ch 13 - Adminstering Web Resources 8
Configuring the Web Server
Start the IIS MMC – can find in Computer Management (look under Services) Its own MMC (in Administrative Tools) Build a custom MMC (Start | Run | MMC, then add….) Use Remote Administration (only if installed) Can administer from any web browser using port 8099 Uses port 8098 to create a
secure
connection through the Internet (but need to work with security for
https
) https://127.0.0.1:8098 from the server itself https://139.102.31.
nn
:8098 from another client Useful if you don’t have Terminal Services on the client computer you are using
or a slow dial-up connection
Ch 13 - Adminstering Web Resources 9
IIS Snap-In (MMC)
See Fig 13-5 for IIS Manager. Left pane includes … (also see next slide) FTP Sites Application Pools Web Sites Web Service Extensions Default SMTP Virtual Server Default NNTP Virtual Server Click + in front of a line to see contents Ch 13 - Adminstering Web Resources 10
IIS Manager Window
Name of server Ch 13 - Adminstering Web Resources 11
IIS Manager, contd.
Rt click a web site and choose Properties Web site properties (see Fig 13-7 p.522) tabs
Web Site
– identification (name), logging Performance ISAPI Filters
Home Directory
– where on server files are stored
Documents
– if file is listed, no need to type in URL
Directory Security
– allow anonymous access?
HTTP Headers
Custom Errors
– name of HTML file with custom error Service Ch 13 - Adminstering Web Resources 12
Default Web Site Properties
Web Site Tabs Ch 13 - Adminstering Web Resources 13
IIS
Web Site
Tab
Description – Default Web Site (or other name) IP Address – can add multiple IP addresses Ports – TCP default is 80, SSL assignable Advanced – used for setting up alternate name web site (host header feature) Connections – for setting limits. (Also see
Performance
tab) Enable Logging – who has been here Web and FTP server logs by day or other time Can choose what information to keep Ch 13 - Adminstering Web Resources 14
IIS
Home Directory
Tab
Gives location and name of the web site on this server or a share on another computer c:\inetpub\wwwroot (in this case) or redirected to a URL Access rights: read, write, directory browsing, script source access, log visits Execute permissions: none, script only, or scripts and executables Ch 13 - Adminstering Web Resources 15
IIS
Documents
Tab
Which documents are loaded if no file name appears at the end of the user’s URL http://misnt.indstate.edu/ ______ Common: default.htm, default.asp, index.htm, index.html, home.htm
Also choose the priority order Can add a footer to end of every web page Ex: copyright section and for more information section Saves time and allows it to be changed at server level just once (server-side include) rather than each document Ch 13 - Adminstering Web Resources 16
IIS
Directory Security
Tab
Anonymous access allowed?
If yes, what authentication? (clear text or Windows which requires IE browser)\ IP address and domain restrictions: eliminate known hackers from gaining access to the web server’s pages Set up secure communications with digital certificates Ch 13 - Adminstering Web Resources 17
IIS
HTTP Headers
Tab
Enable content expiration If page is beyond elapsed content time, it will fetch a new page from the hard drive rather than the server’s disk cache Establish content rating Custom HTTP headers (information returned to the client’s browser when requested) Configure additional MIME (multipurpose Internet mail exchange) file types Tells server how to handle files received from a server Ch 13 - Adminstering Web Resources 18
IIS
Custom Errors
Tab
Gives name of each file for server errors C:\winnt\help\iisHelp\common\404c.htm for the 404 Error – File Not Found Can modify this file or substitute your own file for this http://misnt.indstate.edu/bruce You are asked to create a custom error file in the next project Ch 13 - Adminstering Web Resources 19
IIS
Server Extensions
Tab
FrontPage installs this automatically when installed on the server Also available from the Windows Add/In Tools Lets you configure the server extensions Author the root web? Can prevent changes Specify how mail is sent (e.g., web form notice) Security settings Ch 13 - Adminstering Web Resources 20
Other IIS Features
Set these features by selecting the Default Web Site, rt-click and choosing Properties Lower level webs
inherit default settings
You can set properties of lower level webs independently – e.g., make certain webs
not have anonymous access
, requiring authentication Ch 13 - Adminstering Web Resources 21
IIS Server Extensions
Used to activate certain server features FrontPage can manage files
without FTP
(e.g., click Save button and drag-and-drop) Administer webs with FrontPage Allow certain active content such as hit counter, hover buttons, email web form handling, interactive discussion groups, etc.
MS also has Server Extensions for other operating systems and other web server SW Ch 13 - Adminstering Web Resources 22
Creating Virtual Web Sites
IIS has the ability to host a number of web sites or
virtual servers
on a single server Procedure to create a virtual web site: Identify the IP address of new web site Identify the TCP port of the new web site If you have multiple virtual servers responding to the same IP address, identify the
host header name
of the new web site (cool!) E.g., 139.102.31.12 is misnt.indstate.edu and virtualmisnt.indstate.edu and you distinguish not in the DNS (both are 31.12) but in host header name Ch 13 - Adminstering Web Resources 23
Virtual Directories (e.g., web folders)
Can have information stored on servers throughout the organization and have this information appear on your web server Essentially, create an
alias
for the remote folder and append that to the normal URL Can refer to it as www.dovercorp.com/
customers
Procedure Create the remote folder and add HTML file(s) In IIS, create New virtual directory in web site Provide share name \\serverXX\virtualdirectory as path Give it the alias name, and finish.
Ch 13 - Adminstering Web Resources 24
Server Certificates and SSL
Implement SSL in Directory Security tab to encrypt traffic between clients and server https:// is designation for this protocol Look for
closed
padlock icon in browser Uses TCP port 443 by default Requires a digital certificate be installed on your server: www.verisign.com
See handout on SSL concepts placed in your discussion group mailbox.
Ch 13 - Adminstering Web Resources 25
FTP Servers
FTP is used to transfer files between two computers running TCP/IP Breaks the files into packets that can be transferred, then reassembled into order at the destination and the file saved Checks for accuracy, so these transfers are error free (part of the protocols used) FTP server should
NOT
have anonymous access and Write privilege unless you have set strict quota limits Ch 13 - Adminstering Web Resources 26
FTP Properties
See fig 13-22 p. 543 for standard Properties dialog box. Standard tabs: FTP Site: name, port (21), IP address, connection limits, logging Security Accounts: anonymous access?
Messages: welcome and exit messages displayed to users of the site Home Directory: where the site is located Directory Security: who can/can’t use the site Ch 13 - Adminstering Web Resources 27
Etc.
There are some miscellaneous topics at the end of the chapter – take a look FrontPage Extensions – allows security to be established via FrontPage client Ch 13 - Adminstering Web Resources 28