• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1007
  • Last Modified:

How do I setup IIS virtual directory for external access.

I am inexperienced with IIS so I hope that you will bear with me here.  We are running IIS 7.5 on Windows Server 2008 R2.  We have a site that we need both external and internal access to.  We are using SSL and I have successfully installed the cert and the site seems to be working fine internally.  The external dns resolution of the external address is working fine and I am port forwarding the static IP to the internal IIS server.  I can get to the IIS start page via SSL fine but when i try to type in a virtual directory like "https://xxx.domain.com/virtual_path", I recieve "internet explorer cannot display the webpage".  Any help is much appreciated.
0
jwiang4u
Asked:
jwiang4u
  • 4
  • 4
  • 2
2 Solutions
 
Paul MacDonaldDirector, Information SystemsCommented:
You need to set a defaul page for the virtual directory.  That is, if you typed in "https://xxx.domain.com/virtual_path/somepage.aspx", you'd probably be okay, but IIS doesn't know what to do if you don't specify what page you want served.

In this case, select the virtual directory in the treeview, then specify the default document using the icon on the right.
0
 
jwiang4uAuthor Commented:
There is a default document select called "index.cfm".  If i navigate to this directory "https://xxx.domain.com/virtual_path/index.cfm", the page has only a few elements on it and IE shows me some errors.  When I look at the errors, they point to "Permission denied" on index.cfm.

This site was created by the installation of a document management product.
0
 
Paul MacDonaldDirector, Information SystemsCommented:
Does index.cfm exist?  Does the virtual directory allow anonymous access, or do visitors have to be authenticated?  Does index.cfm have NTFS permissions on it so only authenticated users can view it?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
jwiang4uAuthor Commented:
The virtual directory doesn't allow anonymous access so i guess that is probably my problem.  I am contacting the vendor of the software that was installed to find out what they recommend.

In normal scenarios, would you provide anonymous access to virtual directory when it is an external website?

I will update as soon as I hear back from the software vendor.
0
 
kevinhsiehCommented:
To follow what paulmacd says, I bet that you are using IE internally which can automatically authenticate to an internal IIS server. That doesn't happen externally. Some of the elements of that document management product are requiring access as someone other than anonymous, but IIS is allowing anonymous access. You probably need to remove anonymous access to the web site, but you should check with the vendor for the specifics.
0
 
Paul MacDonaldDirector, Information SystemsCommented:
Most public web sites allow for "anonymous" access.  In the case of IIS, the anonymous account is by default a dedicated user account for the asp.net worker process (IUSR_something).  It's this account - by default - that anonymous visitors map to when they visit your site.
0
 
kevinhsiehCommented:
You would normally allow anonymous access for things that don't require that you authenticate the users who are accessing the content. If the documents are not meant to be public (ie searchable via Google) and if there is any administrative function available, those should be secured by some sort of mechanism such as NTFS permissions on the files themselves or some sort or mechanism within the application to handle access control.
0
 
jwiang4uAuthor Commented:
I think you guys have pointed me in the right direction.  I noticed that when the application was installed, the virtual directories it created under the default site don't have the IUSR_something user in the permissions but do have the domain users.  The default site itself does have the IUSR_somthing user which is the reason why i could reach the IIS Welcome page externally but not any of the virtual directories.  The files that are housed in the doc-mgt system are protected via encryption in a flat file structure.  I am guessing that i need to grant the IUSR_something user permissions booth in IIS on the virtual directories and in NTFS in the inetpub directory.

I am still waiting back to hear from the vendor as this system requires validation and I don't want to do anything outside of spec.  I will let you guys know what i find out.  Thanks for the quick responses.
0
 
Paul MacDonaldDirector, Information SystemsCommented:
No problem.  Hope you get it sorted.
0
 
jwiang4uAuthor Commented:
I finally worked with the vendor to resolve the issue today.  The problem was that the IUSR user didn't have permission on the virtual directories under the default site.  Thanks for the help.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now