Background Infrequently enough to forget, I find the need to redirect all non-SSL requests to SSL… or similarly, force the WWW prefix onto a url when the initial navigation comes in without it. I instinctively reach for the URLRewrite module due to it’s flexibility, but i’ve found that it can actually lead me astray in these particular scenarios… TL;DR Create a separate IIS web site for the “undesirable” url which does a simple HTTP Redirect to the desired path
Besides opening incoming HTTP ports in the firewall via “Global Rules”, the annoying thing for me to find was also adding an “Application Rule” for “Windows Operating System” on those same ports. Comodo v7.0.317799.4142 And this guy explains what’s necessary for FTP very nicely… in comodo > global settings > application rule – add 20,21 & 5000-6000 as allowed incoming TCP ports on “Windows Operating System”… you will also hopefully get prompted to allow svchost which is responsible for running the ftpsvc on internet router – forward ports 20,21 and 5000-6000 in IIS FTP settings require SSL firewall support – put external wan address in firewall support at *SERVER* level (not site) – set ports 5000-6000 point ftp site a folder create login for ftp and make sure it has access to folder when “ Response: 530 User cannot log in, home directory inaccessible.
The only configuration settings required are (IIS7 screenshots below): Require SSL (this represents server side) and either Accept or Require Client Certificates … “Accept” will populate the SmartCard’s cert info to your ASP.Net Request object (if it’s provided) but won’t deny access if one hasn’t been provided, “Require” will deny access unless a valid SmartCard Cert has been provided. Tips: One key thing to be aware of how this works is that the server will send a list of Trusted Root Certificates down to the client/browser and then the browser will compare that list to the Trusted Roots represented by the CAC present and only if there’s a match will it prompt for the Certificate and PIN input.
i was having a heck of a time trying to get “net use * http://myhost.com” type WebDAV client mounts to connect… all that would ever work would be http://localhost … nothing i tried would connect to my WAN ip… always something like “System error 5… access is denied”… then i thought, ah what the heck, gotta google it… and sure enough… loaded the trial of WebDrive from South River Technologies simple little gui popped up, hit ok and two seconds later i was sitting on a W: drive in explorer… Right Mouse > New > Text Document worked, so i had write capability… obviously i had to twiddle some bits on the IIS end too but that was mainly just a matter following any typical IIS WebDAV walkthrough guide… cool, $60 for a one off license is reasonable…oh yeah, it’ll also map a drive letter to an FTP Server, Amazon S3 and SharePoint… i leave you with… ahhhhh yes the logo
Create the following rule and make sure that it’s positioned numerically “above” (i.e. lower number) than all the service.exe related rules… especially above the main “deny” rule at the last slot… i’m assuming we’re dealing with the System process because IIS7 (Windows Vista/Server 2008) moved the core listener daemon responsibility down to a lower level than W3SVC.exe