I'm trying to make a PS script that creates an IIS web page, configures a reverse proxy via URL Rewrite and I'm stuck on how to add allowed server variables via PowerShell.
Does anyone know how to add these variables via powershell for the IIS website?
UPDATE: I have solved this problem
Step 1. Unlock server configuration section
%windir%\system32\inetsrv\appcmd.exe unlock config -section:system.webServer/rewrite/allowedServerVariables
Now it's posible to get allowed server variables with
import-module WebAdministration
$webSiteName = "your-site-name"
$allowedServerVariables = Get-WebConfigurationProperty -PSPath "MACHINE/WEBROOT/APPHOST/${webSiteName}" -filter "system.webServer/rewrite/allowedServerVariables/add" -Name name
Write-Host $allowedServerVariables.Value
Example for adding server variables
import-module WebAdministration
$webSiteName = "your-web-site-name"
add-webconfigurationproperty -pspath "iis:\sites\${webSiteName}" -filter "system.webserver/rewrite/allowedservervariables" -name "." -value #{name='HTTP_X_ORIGINAL_ACCEPT_ENCODING'}
UPDATE 2
Better solution without PowerShell is to add allowed server variables globally on IIS web server. So each variable will be automatically inherited from new web site.
FYI adding server variable on server level by powershell:
Add-WebConfiguration /system.webServer/rewrite/allowedServerVariables -atIndex 0 -value #{name="RESPONSE_SERVER"}
this will add the following configuration in applicationhost.config
<system.webServer>
...
<rewrite>
...
<allowedServerVariables>
<add name="RESPONSE_SERVER" />
</allowedServerVariables>
...
</rewrite>
</system.webServer>
Related
I'm including a Powershell script in my WixToolset installer to do various tasks in IIS, and I can't figure out one thing.
My Site in IIS is structured like this:
Sites
Default Web Site
WebApp1
WebApp2
Identity
I am able to set applicationDefaults.preloadEnabled to true on Default Web Site, but I only want to set preloadEnabled on my Identity WebApplication.
With limited Powershell knowledge, I've tried:
Import-Module WebAdministration
Get-WebApplication
Get-WebApplication "Identity"
The code above lists the Identity WebApplication correctly.
cd C:\inetpub\wwwroot
Set-ItemProperty "Identity" -Name applicationDefaults.preloadEnabled -Value True
The code above gives the error:
The property string applicationDefaults.preloadEnabled=True does not exist or was not found.
At line:1 char:1
I've also tried preloadEnabled instead of applicationDefaults.preloadEnabled, same result.
figured it out thanks to the comment from #guiwhatsthat and some extra searching. This is what worked.
Set-ItemProperty "IIS:\Sites\Default Web Site\Identity" -Name preloadEnabled -Value True
I would like to set ip restriction to the /admin folder on my website with PowerShell.
I do understand, that because this section is locked I have to go to applicationHost.config, and unless I unlock I can not use local web.config in that particular folder.
I also figured out how can I add an IP restriction rule using appcmd.exe.
Because of allowUnlisted is true (Allow) by default, I also have to set it false, which I can not accomplish, because when I use the following command I got error:
$location = "My Site/admin"
appcmd.exe set config $location -section:system.webServer/security/ipSecurity /allowUnlisted:false
ERROR ( message:Can not set attribute "allowUnlisted" to value "false".. Reason: This configuration section cannot be used at this
path. This happens when the section is locked at a parent level.
I also discovered that there is appcmd lock/unlock facility, but those commands does not allow a specific location. I do not want to change anything expect my $locations behavior, and do this in applicationHost.config.
Which is completely possible using the GUI, in IIS Manager using the IP Restrictions on my particuar admin folder in Edit feature I can set it to Deny, and that adds to the end of applicationHost.config the following lines (no other changes):
<location path="My Site/admin">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<add ipAddress="127.0.0.1" allowed="true" />
</ipSecurity>
</security>
</system.webServer>
</location>
Question
How can I do this change in applicationHost.config with CLI way?
I don't know much about using appcmd.exe. However, if you want to use the powerShell WebAdministration module, then you can use the following:
$location = "My Site/Admin"
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location $location -filter "system.webServer/security/ipSecurity" -name "allowUnlisted" -value "False"
Add /commit:
.\appcmd.exe set config "Default Web Site" -section:system.webServer/security/ipSecurity /allowUnlisted:'false' /commit:apphost
If you want to do it using appcmd
How can I set application settings in IIS through PowerShell?
I tried using Set-WebConfigurationProperty as
Set-WebConfigurationProperty "/appSettings/add[#key='someKey']" -PSPath "IIS:\Sites\Default Web Site\someSite" -name "someKey" -Value "someValue"
But I am getting
WARNING: Target configuration object '/appSettings/add[#key='someKey'] is not found at path 'MACHINE/WEBROOT/APPHOST/Default Web Site/someSite'.
The easiest way to do this I find is to build the PowerShell from IIS configuration editor.
To do this;
1) Open Inetmgr (IIS)
2) Click on the site you want to target.
3) Feature View, Configuration Editor down at the bottom left.
4) From here, browse to the section of the configuration you want to edit, and
make the change
5) Then click "Generate Script" on the top right.
This will generate multiple different scripts for configuring this, choose PowerShell and there you go.
For example, changing Windows authentication to Forms
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/Somewebsite' -filter "system.web/authentication" -name "mode" -value "Forms"
You can learn how to do just about anything from here.
There is also the get-webconfigurationproperty command that will get you the config before you edit it, this is just run from PowerShell.
A key to remember is is SET-WebConfigurationProperty will override everything and often not do what you want.
Where Add-WebConfigurationProperty will add, not override and add additional config.
Hope that helps!
Rich
And how exactly to use Add-WebConfigurationProperty? Because it must be used in case the app setting is yet missing (Set-WebConfigurationProperty will fail).
So, given the following configuration, a site "SiteOne" with a virtual directory "VirtualDirOne":
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<appSettings>
<add key="first" value="a" />
</appSettings>
</configuration>
When I want to change the value to "b":
Set-WebConfigurationProperty -pspath "iis:\Sites\SiteOne\VirtualDirOne" -filter "/appSettings/add[#key='first']" -name value -value "b"
When I want to add another setting:
Add-WebConfigurationProperty -pspath "iis:\Sites\SiteOne\VirtualDirOne" -filter "/appSettings" -name "." -value #{key='second'; value='x'}
When I want to get the value:
Get-WebConfigurationProperty -pspath "iis:\Sites\SiteOne\VirtualDirOne" -filter "/appSettings/add[#key='second']" -name "value.Value"
And finally, to remove the setting:
Clear-WebConfiguration -pspath "iis:\Sites\SiteOne\VirtualDirOne" -filter "/appSettings/add[#key='second']"
There many examples here.
My script is whitelisting IP for a particular URL in IIS.
Set-WebConfigurationProperty -Filter /system.webserver/security/ipsecurity -Name allowUnlisted -Value $false -Location "default web site"
Add-WebConfiguration /system.webserver/security/ipsecurity -location "default web site" -Value #{ipAddress = 129.0.0.1 ;subnetmask = 255.255.255.0 ;allowed="true"} -pspath IIS:\
It works perfectly except when I remove the entry manually from IIS, and again i try to run this script it warns me "cannot add duplicate entry of type add". I cannot see the entry in IIS. Is there a way to remove that duplicate entry via powershell.
Reason behind this is that, applicationhost.config file in inetserv folder has that entry. If you add it via script, remove it via script, or you can open config file in notepad and find the entry and delete it. Save the file after.
Can you please help in finding a way to change Validate Request to True/False in IIS using PowerShell for a website?
You can modify the configuration settings of a specific web site or application using the Set-WebConfiguration cmdlet.
In your case you'll have to set the value of the <pages validateRequest="true" /> attribute to false:
Set-WebConfiguration "//system.web/pages/#validateRequest" IIS:\Sites\MyWebSite -Value $false
According to this Canceling request validation using HttpHandler on IIS 7 and this Canceling request validation using HttpHandler on IIS 7
You should just change registry setting, so this code should do the trick for you:
Set-ItemProperty -path HKLM:\Software\Microsoft\ASP.NET -name VerificationCompatibility -Value 1