Allow Connections From Other Hosts With IIS Express

IIS Express is a simple web server that can run on Windows with a couple of easy features for developers of Windows applications. This includes things like, webhooks, a modern way of accepting POST requests and responding to them. Each IIS Express site is managed on a user basis, as it’s written as a tool to assist with development. Many web applications will attempt to communicate with one another via a specific port. And when you’re using IIS Express, you’ll need to create a socket binding to that port and allow external users to connect (again, by default, IIS Express is configured for developers to test code on their own machines). To do so, open the IIS Express config file at %userprofile%\documents\iisexpress\config\applicationhost.config (note that the userprofile is here as it’s again, per user). By default, bindings will restrict to localhost as you can see below: <binding protocol="http" bindingInformation="*:8443:localhost" /> Copy this line and paste it below the first instance, replacing the localhost with * (make sure to leave the first line or your dev tools can’t connect to the server): <binding protocol="http" bindingInformation="*:8443:*" /> Again, make sure to leave the first binding in place. Then restart the server and you’re good.

Setting FTP Banners in IIS

IIS is a pretty straight forward system to manage. One of the more common post-flight tasks for setups of IIS is to configure FTP banners. In Server 2003, this can be done by opening Internet Information Services (IIS) Manager from Start > Administrative Tools. Then, browse to the server name > FTP Sites > Default FTP Site (or the name of the one you would like to configure if you have multiple per server) and then click on the Properties for the site. At the FTP Site Properties pane, click on the Messages tab. Here, you can provide a Banner to be shown to unauthorized users, a Welcome page, to be shown to authorized users, an Exit and define the maximum number of connections. Click Apply to commit your changes and then restart the site (right-click on it in IIS Manager and click Stop, then Start). In Server 2008 the process is pretty straight forward as well. Open Internet Information Services (IIS) Manager from Start > Administrative Tools. Then click on Connections > server name > name of the site > FTP Messages. Then uncheck the box to Suppress Default Banner. Check the box for Support User Variables. Then in the banner field, provide the message to be shown to FTP users that have not yet authenticated. Then in the Welcome Message field, provide a welcome message (you can use Windows variables here). For example, I like “Welcome %UserName% would you like to play a game”. At the Exit Message field you can provide a message to display authenticated users when they log out of the system. Click on Apply and restart the sites that are changed. This can also be done via appcmd.exe or simply using the set command, setting a config to the site path and a message: set config -section:system.applicationHost/sites /[name=''].ftpServer.messages.bannerMessage:"Welcome to" /commit:apphost set config -section:system.applicationHost/sites /[name=''].ftpServer.messages.suppressDefaultBanner:"True" /commit:apphost

WAF: Web Application Firewall

Web Application Firewalls, or WAFs, are firewalls for web application.  They monitor web traffic and decide whether to allow or deny specific requests.  IIS web servers (OWA), Apache, WebObjects, Lasso and other web servers will likely end up working with them, although I’ve only tested IIS and Apache at this point.

ASP Defined

ASP stands for an Active Server Page, a type of web page that is hosted on a server that supports the ASP scripting engine.  ASP is a file that contains text, HTML, and/or ASP scripting commands. ASP files use/require the *.asp extension.  Microsoft Internet Information Server (IIS) supports ASP. You can also use ASP with varrying forms of (or add-ons for) Apache such as Apache::ASP::Install.