This is my web.config which has some tags for blocking Ipaddress
<configuration>
<connectionStrings>
...
</connectionStrings>
<appSettings>
....
</appSettings>
<runtime>
....
</runtime>
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<clear/>
<add ipAddress="127.0.0.1" allowed="true"/>
<add ipAddress="83.116.19.53" allowed="true"/>
</ipSecurity>
</security>
</system.webServer>
</configuration>
My intention is to block any other IP except the above. The above is the only Ip address I want the website to be accessible from . But with "ipSecurity" tag I am always getting
500 - Internal server error and the site runs fine without it.
I have made sure that "IP and Domains Restrictions" are installed on the server.
Please let me know if I am missing anything.
Thank you.
For others that run into this issue. The cause of the issue is that Feature Delegation doesn't allow the feature to be managed by web.config.
To Fix:
Verify that the Feature is enabled for web.config management
In IIS 7, click on the root server
Double click Feature Delegation (under management)
Scroll down to IPv4 Address and Domain Restrictions
Change the delegation to Read/Write (in my case it was Read Only, which was the issue)
Hope this helps someone else.
For Windows 10 and Visual Studio 2015 note that the ApplicationHost.config file has been relocated to the .vs\config folder in your project's folder hierarchy. You will need to edit the project specific version of the ApplicationHost.config file found there with...
<section name="ipSecurity" overrideModeDefault="Allow" />
If you only edit the ApplicationHost.config located in your Documents\IISExpress folder this will not affect your existing application (MVC5 appl in my case).
Open the applicationHost.config file (located at %windir%\system32\inetsrv\config\applicationHost.config) and edit the ipSecurity section.
Change this line:
<section name="ipSecurity" overrideModeDefault="Deny" />
To:
<section name="ipSecurity" overrideModeDefault="Allow" />
Are you editing the config by hand or through IIS manager?
See this post about that error message as you may not have that feature delegation enabled
http://forums.asp.net/t/1220987.aspx
Try this outside System.Webserver tag
<location path="Default WebSite">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<clear/>
<add ipAddress="127.0.0.1" allowed="true"/>
<add ipAddress="83.116.19.53" allowed="true"/>
</ipSecurity>
</security>
</system.webServer>
</location>
Hopefully this will help someone...
I am running IIS express on Windows 7 locally and did the following - Control panel > Programs > Programs and features > Turn Windows features on or off
In the Windows Features dialog ensure the IP Security option is checked:
I also had to open up my applicationhost.config (under %userprofile%\Documents\IISExpress\config) file and change the following:
<section name="ipSecurity" overrideModeDefault="Deny" />
To
<section name="ipSecurity" overrideModeDefault="Allow" />
Don't forget custom site delegation. This allows you to only allow delegation to sites you intend.
Related
From what I understand this error occurs when the web.config is not configured properly. However when I publish the app the following web.config gets generated
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath=".\Lotus.Server.exe" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
</system.webServer>
</location>
</configuration>
<!--ProjectGuid: 85a43eb6-3576-401d-b025-a15a2cc377b6-->
I first thought of installing URL Rewrite, this did not solve the problem. I am stressing out have tried almost everything any ideas on how to resolve it?
The error page looks like this:
I had this same problem and I was trying to fix it for 4 days. Then I found the solution.
Firstly you need to download dotnet hosting 2.2.2
https://dotnet.microsoft.com/download/dotnet-core/thank-you/runtime-aspnetcore-2.2.2-windows-hosting-bundle-installer
Then after instalation try to restart IIS with cmd (run as admin and then write iisreset).
If error page has changed we are going in good direction :)
Now it should say that you are using wrong module (which indeed is true).
Open IIS, get to your website and check installed modules. On list you should be able to see AspNetCoreModule but not AspNetCoreModuleV2.
go to:
%ProgramFiles%\IIS\Asp.Net Core Module\V2\
and copy aspnetcorev2.dll
Then go into %SystemRoot%\system32\inetsrv\ and paste it
Now after this, open config folder in %SystemRoot%\system32\inetsrv\ and then open applicationHost.
IMPORTANT
At this stage you need to turn off your iis
Now find this line:
<add name="AspNetCoreModule" image="%SystemRoot%\system32\inetsrv\aspnetcore.dll" />
and add under it:
<add name="AspNetCoreModuleV2" image="%SystemRoot%\system32\inetsrv\aspnetcorev2.dll" />
And this same goes with this one:
<add name="AspNetCoreModule" />
add under it:
<add name="AspNetCoreModuleV2" />
Now save it, overwrite old one, and enable IIS. Go to your website, check modules and at the list you should be able to see AspNetCoreModuleV2:
AspNetCoreModule and AspNetCoreModuleV2 on list
For me It was lacking the Url Rewrite Module
https://www.freecodecamp.org/news/how-to-deploy-a-blazor-application-on-internet-information-services-iis-f96f2969fdcb/
Fixed this by changing "AspNetCoreModuleV2" to "AspNetCoreModule" in the generated web.config in my publish folder, i.e., from
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
to
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
This had me scratching my head for a while as everything was working fine on LocalHost - the error occured on the production server.
After rebuilding the site I realised that I had deleted the site folder on the production server along with its contents.
When I replaced the site I had posted it to my server node without recreating the site folder, so obviously the server couldn't access my web.config file as it was unbable to find the site folder.
Lesson learnt! Hope it saves other running down the 500.19 rabbit hole.
I'm running IIS Express (not to be confused with the normal IIS) under Windows 10. My understanding is the settings are stored in "My Documents\IISExpress\config\applicationhost.config"
These settings can be overriden by a local web.config file when using creating an asp.net core project.
When attempting to use this web.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="" inheritInChildApplications="false">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
</configuration>
I receive the following error.
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
identifying this line
<authentication>
**<anonymousAuthentication enabled="false" />**
<windowsAuthentication enabled="true" />
This in spite of changing this line to state allow
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
Is there any other place I should be looking?
Based upon feedback received.
The correct location for the configuration file is {ProjectDirectory}.vs\config\applicationhost.config when working within visual studio.
"My Documents\IISExpress\config\applicationhost.config" is incorrect
I like to secure all aspx files in a folder ~/Secure/ secure such that specific IP addresses can access the folder's aspx files. I added the following web.config file to the folder, hoping that it adds to the parent web.config:
<configuration>
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<clear/>
<add ipAddress="192.168.100.1" />
<add ipAddress="169.254.0.0" subnetMask="255.255.0.0" />
</ipSecurity>
</security>
</system.webServer>
</configuration>
The problem is that I get this error when I try to access to any of the aspx pages in the folder:
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
What does it take to make this idea happen? I like to just include one web.config file to a folder and that enforces the IP address authorization. I like this idea, since it is no-code and config only.
You cannot do it in the website web.config only.
If you can use IIS manager:
Open IIS Manager, locate the site, click on the folder you want to protect, then click on IP address and Domain Restrinctions.
Also click on "Edit feature settings" in the right Actions panel" to specify actions for unspecified clients (i.e. Deny with Forbidden, or simply Deny With Not Found).
This will generate the right configuration for you.
In your root web.config use the location element:-
<location path="Secure">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<clear/>
<add ipAddress="192.168.100.1" />
<add ipAddress="169.254.0.0" subnetMask="255.255.0.0" />
</ipSecurity>
</security>
</system.webServer>
</location>
My application has this structure
MyApplication
-Themes
In my application's webconfig I remove the UrlAuthorization module and add my own:
<modules runAllManagedModulesForAllRequests="true">
<remove name="UrlAuthorization" />
<add name="MyModule" type="MyType, MyNamespace" preCondition="managedHandler" />
</modules>
My Theme folder has this webconfig (this is the complete webconfig):
<?xml version="1.0"?>
<configuration>
<system.web>
<pages styleSheetTheme="" validateRequest="false" />
</system.web>
</configuration>
I have this deployed in 3 environments. 2 of them works correctly but in one of them I have the UrlAuthorization module working when I make a request do a file inside the Theme folder.
I know that the UrlAuthorization is active because I do not get the resource I requested, but an URL /ReturnURl/... path
The < remove> tag is working because removing it causes the whole request to be redirect to the /ReturnUrl
Is there any reason that may cause this behavior to happen only in this machine?
I deployed all of them and I do not remember making and different task on any of them
thanks!
FYI, it was an issue due to the folders permissions in the file system. I made the environments identical and it worked.
As per my other question UrlRewriter.NET with .NET 4.0 not working I was unable to get UrlRewriter.NET to work.
So now I have tried ManagedFusion. It works locally but does not work on the server BUT the errors are different and I sense that this might actually work and I have done something wrong in the configuration.
So my web.config settings are (condensed version)
<configuration>
<configSections>
<section name="managedFusion.rewriter" type="ManagedFusion.Rewriter.Configuration.ManagedFusionRewriterSectionGroup"/>
</configSections>
<managedFusion.rewriter xmlns="http://managedfusion.com/xsd/managedFusion/rewriter">
<rules engine="Apache">
<apache defaultFileName="ManagedFusion.Rewriter.txt" />
</rules>
<rewriter>
<proxy useAsyncProxy="true" />
</rewriter>
</managedFusion.rewriter>
<system.web>
<identity impersonate="false" />
<httpModules>
<add name="RewriterModule" type="ManagedFusion.Rewriter.RewriterModule, ManagedFusion.Rewriter"/>
</httpModules>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<add name="RewriterModule" type="ManagedFusion.Rewriter.RewriterModule, ManagedFusion.Rewriter" />
</modules>
<handlers>
<add name="RewriterProxyHandler" preCondition="integratedMode" verb="*" path="RewriterProxy.axd" type="System.Web.HttpForbiddenHandler, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</handlers>
<defaultDocument enabled="false" />
</system.webServer>
My ManagedFusion.Rewriter.txt is
RewriteEngine On
RewriteBase /
#
# Campaign
RewriteRule ^/Campaign/List /Campaign/List.aspx [NC]
Now this works perfectly fine on my local machine (Visual Studio 2010) but when I upload it I get a 404 that says it can't find /Campaign/List.aspx.
And on top of this it also goes to SSL, which I don't want as the SSL cert on that account is for a different subdomain and hence throws an SSL error.
Is there something I am doing wrong? It seems this time the URL module is handling all requests and this looks like I have configured it incorrectly somehow.
Additional Information
Running IIS 7.0 - Integrated Pipeline
.NET 4.0
Hi this is actually a very common GoDaddy issue. I am going to post an update to this answer after I review my notes and forums on the CodePlex site.
(by the way I am the primary developer of it)
You mind if we take this offline, we need to chat back and forth so I can understand your setup. A quick way as explained in the readme.txt to trouble shoot problems is to turn on the logging.
RewriteLog /log/log.txt
RewriteLogLevel 9
The only problem with GoDaddy is that you need to create this log directory and give it write permissions, because if I remember right GoDaddy doesn't allow write permissions in the root.