Present a secured site maintenance page.

nav2567
nav2567 used Ask the Experts™
on
Dear Experts,

We have a IIS secured website which has yet to pass a penetration test before we can open it to public access.

Is there a secured way we could allow some sort of static page for external access site until the pen test is completed?

The website is already linked to a secured certificate which has the site's common name defined.  Basically, we want to present a maintenance page just to relay the information that the site is not available or not yet active.

Please advise if this is doable or not.

Thanks in advance ;)
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
btanExec Consultant
Distinguished Expert 2018

Commented:
Can consider a http redirect and limit to specific location in server.
To configure the content to come from only the specified destination directory, use the following syntax:
appcmd set config /section:httpRedirect /childOnly:true | false
By default, this attribute is false, but you specify true for the childOnly attribute. To do this, type the following at the command prompt, and then press ENTER:
appcmd set config /section:httpRedirect /childOnly:true
https://technet.microsoft.com/en-us/library/cc731578(v=ws.10).aspx

Another is that you could set that site up to serve the same page for all requests, regardless of the request URL. The strategy is to stop website regardless of the request coming in
Assuming you have IIS Scripting installed, open an elevated PowerShell:

import-module webadministration

Consider stopping all sites except the Offline one:

Get-ChildItem IIS:\Sites | Where {$_.Name -ne "Offline"} | Stop-WebSite

when the SQL-Server is back up, start them up again:

Get-ChildItem IIS:\Sites | Where {$_.Name -ne "Offline"} | Start-WebSite

For FTP sites, the commands will show an error. You cannot pipe an FTP site to a Stop-WebSite cmdlet, but it still works for all the web sites.

For sites that are not running alright, consider to exclude them:

Where {$_.Name -ne "Offline" -and $_.Name -ne "foobar.com"}

If there is no PowerShell cmdlets for IIS installed, you can explore appcmd.exe  

Author

Commented:
Thanks.

The website is already binded to a SSL certificate and we open only 443 on our firewall.

Will redirect work?
Exec Consultant
Distinguished Expert 2018
Commented:
Redirect for ssl should work as long as there is no mismatch of common name and hostname with regards to the server ssl cert. Otherwise, there will be dropping of connection before the redirect has a chance to take effect.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial