My script is whitelisting IP for a particular URL in IIS.
Set-WebConfigurationProperty -Filter /system.webserver/security/ipsecurity -Name allowUnlisted -Value $false -Location "default web site"
Add-WebConfiguration /system.webserver/security/ipsecurity -location "default web site" -Value #{ipAddress = 129.0.0.1 ;subnetmask = 255.255.255.0 ;allowed="true"} -pspath IIS:\
It works perfectly except when I remove the entry manually from IIS, and again i try to run this script it warns me "cannot add duplicate entry of type add". I cannot see the entry in IIS. Is there a way to remove that duplicate entry via powershell.
Reason behind this is that, applicationhost.config file in inetserv folder has that entry. If you add it via script, remove it via script, or you can open config file in notepad and find the entry and delete it. Save the file after.
Related
I'm trying to make a PS script that creates an IIS web page, configures a reverse proxy via URL Rewrite and I'm stuck on how to add allowed server variables via PowerShell.
Does anyone know how to add these variables via powershell for the IIS website?
UPDATE: I have solved this problem
Step 1. Unlock server configuration section
%windir%\system32\inetsrv\appcmd.exe unlock config -section:system.webServer/rewrite/allowedServerVariables
Now it's posible to get allowed server variables with
import-module WebAdministration
$webSiteName = "your-site-name"
$allowedServerVariables = Get-WebConfigurationProperty -PSPath "MACHINE/WEBROOT/APPHOST/${webSiteName}" -filter "system.webServer/rewrite/allowedServerVariables/add" -Name name
Write-Host $allowedServerVariables.Value
Example for adding server variables
import-module WebAdministration
$webSiteName = "your-web-site-name"
add-webconfigurationproperty -pspath "iis:\sites\${webSiteName}" -filter "system.webserver/rewrite/allowedservervariables" -name "." -value #{name='HTTP_X_ORIGINAL_ACCEPT_ENCODING'}
UPDATE 2
Better solution without PowerShell is to add allowed server variables globally on IIS web server. So each variable will be automatically inherited from new web site.
FYI adding server variable on server level by powershell:
Add-WebConfiguration /system.webServer/rewrite/allowedServerVariables -atIndex 0 -value #{name="RESPONSE_SERVER"}
this will add the following configuration in applicationhost.config
<system.webServer>
...
<rewrite>
...
<allowedServerVariables>
<add name="RESPONSE_SERVER" />
</allowedServerVariables>
...
</rewrite>
</system.webServer>
We are trying to create list of applications in a particular site,
For this we have a csv which contains required information for site creation. Below is the format:
Below is the script which we are using to create application in IIS:
foreach($app in $apps){
$appname = $app.path.TrimStart("/")
New-WebApplication -Name $appname -Site $app.Site -PhysicalPath $app.PhysicalPath -ApplicationPool $app.applicationPool -Verbose
}
Problem is application whose code is stored on some network path like \\network\Webapps\appname are giving below error:
New-WebApplication : A parameter cannot be found that matches parameter name 'physicalPath'.
whereas application folder located on same server are being created without any issue,
Have also done test-path \\network\webapps\appname it results in true
What is the issue and how to rectify it?
Issue got resolved, I didn't got what was the exact reason behind that, Have updated my script, basically have assigned values to specific variable than was able to create application.
Updated Script
foreach($app in $apps){
$appname = $app.path.TrimStart("/")
$appSite = $app.Site
$appPath = $app.PhysicalPath
$appPool = $app.applicationPool
New-WebApplication -Name $appname -Site $appSite -PhysicalPath $appPath -ApplicationPool $appPool -Verbose
}
Thanks
First of all, you have to make sure that powershell has permission to access the server corresponding to the network path when creating the site.
When using powershell to create a site, if the physical path of the site is a file in the local disk, you can use New-WebApplication, if it is a UNC path, you should use New-Item.
Under normal circumstances, the UNC path will not be used as the physical path of the main site, but will be added as a virtual directory. Because the domain name of the main site points to the local machine and the UNC points to the remote IP address, the two will conflict because a server error occurred when I created the site through IIS Manager.
$siteName = 'Default Web Site'
$virtualDirectoryName = 'Test'
$physicalPath = '\\UNC-path'
## Init
$virtualDirectoryPath = "IIS:\Sites\$siteName\$virtualDirectoryName"
## Create Virtual Directory where physicalpath is an UNC-path (New-WebVirtualDirectory
wont do)
New-Item $virtualDirectoryPath -type VirtualDirectory -physicalPath $physicalPath
Any chance it's this? That error sounds like it's an issue with the cmdlet and not the data you're feeding it.
https://social.msdn.microsoft.com/Forums/en-US/3e0cb076-6ad4-4b03-bb59-c912174266b0/container-with-iis-cant-create-application-using-powershell-physicalpath-parameter-not-found?forum=windowscontainers
specifically:
You need to import the WebAdministration module. If you're in the container through docker exec simply use:
Import-Module WebAdministration
I am trying to create a script for our AAR-server that should create webfarms and the corresponding url rewrite rules. The script will try to delete the rule before creating it and in my case the rule does exist, but it won't find it:
WARNING: Target configuration object 'system.webServer/rewrite/globalRules/ARR_dst.test.refusjon-
8083_lb is not found at path 'MACHINE/WEBROOT/APPHOST'.
Is there any way to "browser" the path in IIS in order to verify if it does really exisit in path 'MACHINE/WEBROOT/APPHOST'. I assume so based on all the examples I have found on, but still - not sure on my installation.
So how to find the path to all rules?
Clear-WebConfiguration -pspath $psPath -filter $filterRoot
Add-WebConfigurationProperty -pspath $psPath -filter "system.webServer/rewrite/globalRules" -name "." -value #{name=$ruleName;patternSyntax='Regular Expressions';stopProcessing='False'}
Best, or, only thing I've found so far is to use the configuration editor and "Generate scripts"
Using Configuration Editor: Generate Scripts
I'm trying to set a user account as the Anonymous identity for a website authentication, and I've looked through every page on my Google searches but haven't found anything. There's a few things about setting it as the pool identity which is where I got the below line, but I'm not sure how that line is setting the pool identity, and I've tried to modify it to set the user account I want, but it's not working:
set-webconfigurationproperty /system.webServer/security/authentication/anonymousAuthentication -name UserName -value "domain\user" -Location "iis:\Sites\$NewApp"
I'm also trying to set a binding after I create a site, but the binding isn't being applied correctly, and I can't see why. I've looked at many examples online and tried to mimic what they have. I'm sure I just have a formatting error or something small like that. This is my binding line:
New-Item IIS:\Sites\$NewApp -bindings #{protocol="http";bindingInformation=$NewIP+":80"} -physicalPath "E:\Physicalpath"
I've spent 2 hours on this tonight, and it's driving me crazy. I just broke down and configured the servers manually for those couple items, but I really want to get this working so I can use it for other site creation scripts.
Thanks in advance for any assistance.
I was able to set the user, needed to add -PSPath. You should be able to combine -PSPath and -Location as per the Link: Enable authentication for IIS app in Powershell
set-webconfigurationproperty /system.webServer/security/authentication/anonymousAuthentication -name userName -value "domain\user" -pspath iis:\ -Location "iis:\Sites\pwa"
Further, you second doubt is clarified here: Examples of IIS Powershell cmdlets
From the above link:
COMMAND Examples: When -Value parameter is used by IIS powershell cmdlet, it usually set with a single string value (NOTE: if
the value contains space, it should be quoted with " or ')
The value can be hash table object if it is used to set a collection item
add-webconfiguration
'/system.applicationHost/sites/site[#name="Default Web
Site"]/bindings'-value #{protocol="http";bindingInformation="*:80:"}
-pspath iis:\
You can use Add-WebConfiguration for setting bindings, like so:
Add-WebConfiguration '/system.applicationHost/sites/site[#name="pwa"]/bindings' -Value #{protocol="ftp";bindingInformation="10.0.0.100:21:pwa.fabrikam.local"} -PSPath iis:\
Or, you can use Set-WebConfiguration for modifying:
set-WebConfiguration '/system.applicationHost/sites/site[#name="pwa"]/bindings' -Value #{protocol="https";bindingInformation="*:443:pwa.fabrikam.local";sslFlags=0} -PSPath iis:\
Adding everything via variables. You can manage your variables it suites your needs, I've separated every components of bindings into various variables. Putting variables inside bracket helps evaluating expressions.
$siteName = "pwa"
$appFilter = "//system.applicationHost/sites/site[#name='$($sitename)']/bindings"
$newIP = "*"
$port = 80
$hostName = "pwa.fabrikam.local"
$bindings = #{
protocol = "http"
bindingInformation="$($newIP):$($port):$($hostName)"
}
set-WebConfiguration -Filter $appFilter -Value $bindings -PSPath iis:\
If you now change only variables, the commands should continue to function. I tried changing IP and ports via variables $newIP and $port. Let us know how it goes.
I'd like to simply add some .Net Authorization rules in IIS (7.5 / win 2008 R2) using a powershell script with PS snap in. So far I was able to add some "allow" rules but not any deny ones.
Each time I try, it either does nothing or creates an "allow" rule, which seems odd, like if it was defaulting to allow all the time.
I tried with add-webconfigurationproperty and add-webconfiguration with no luck.
Maybe one of you has the correct command line to use?
For instance:
Add-WebConfiguration "/system.web/authorization" -value #{ElementTagName="Deny";users="*"} -PSPath "IIS:\Sites\Mysite"
Add-WebConfigurationProperty "/system.web/authorization" -Name "collection" -value #{ElementTagName='deny';users='test'} -PSPath "IIS:\Sites\Mysite"
will create 2 "allow" rules.
Same behavior if I remove ElementTagName='deny'. So weird. Like if the deny "mode" was to be accessed in some different way.
And for instance, if I go to IIS 8 and try to generate the script after adding a deny rule, the command line suggested is not working either.
How can I fix this?
The command you should use to add a deny rule in your example is:
Add-WebConfigurationProperty "/system.web/authorization" -PSPath "IIS:\Sites\Mysite" -Name "." -value #{users='test'} -Type "deny"
This bothered me too & I also had trouble getting appcmd to do the same thing. I did get it working in the end & found that the -Type parameter was the important one. This wasn't all that clear to me from the documentation which just says:
The type of property to add.