We help IT Professionals succeed at work.

IIS Preventing ASP Page after CEICW on SBS 2003

ascnd
ascnd asked
on
IIS is preventing my ASP driven CAPTCHA from working outside the LAN.  It worked fine for five years until I had to run SBS 2003 CEICW the other night to renew the Self-certificate.  I don't remember what I did five years ago to make this work.  CEICW obviously changed some security setting since the CAPTCHA ASP executes on the a LAN but not on the WAN.

The CAPTCHA ASP I am using can be found on www.webwiz.co.uk if you feel that it will help.  It is composed of simple ASP scripts using javascript.  Please help as no customers can access the website until this is fixed.
Comment
Watch Question

Consultant Engineer
Commented:
When you run the CEICW this will reset the permissions for IP address access to the default website.  Assuming that your CAPTCHA is on this or a virtual directory under the default website, you'll need to make changes to this.

On the properties of the relevant site in IIS Management, go to Directory Security, IP Address and domain name restrictions, and edit the settings accordingly.

I would recommend against opening the default web site to any IP on the WAN, however.

Author

Commented:
David,

You are correct, it was the Directory Security > IP Address and Domain Name Restrictions.  For some reason the wizard added entries for only the LAN and denied access to everything else.  Thank you very much!

By the way, I don't see how you couldn't open up the default web site to any WAN IP address.  How else could anyone connect?
David HaycoxConsultant Engineer

Commented:
I see what you mean - I meant more that I'd probably have port 80 closed on the router.  It reduces the security risk, but of course means that no one on the WAN can access the default web site.  But then, if the default web site is unaltered in SBS2003, there's nothing really of use in there anyway.

If you have a custom site I would suggest setting it up as a separate web site in IIS and using a non-standard port.  It's slightly less convenient for users, but only if they don't set up a favourite.

I've just been dealing with a customer who customised their default web site, and it broke ActiveSync, OWA and RWW, hence I think it's best to leave the SBS stuff alone!