I have a site that will be "down" for a few hours while a third party (CC processor) performs maintenance (in other words, the machine will still be online/running). I have already created a maintenance.aspx page. At first, I was going to simply add the new page as the default document in IIS (Server 2003, IIS 6.0), but this still leaves the possibility of someone directly navigating to the real login page.
Is there someway to do a redirect of all pages in a given site to the new maintenance page. Also, the site will be down from 2am-4am, so for extra bonus points, is there a way to automatically do this using the system clock (and prevent me from having to be around for this)?
I am planning on giving an error during login to prevent any access, but I'd rather the users not even be able to make it that far.
Suggestions?
Use App_Offline.htm
Sounds like you want to use an App_Offline.htm file. Details over here:
http://weblogs.asp.net/scottgu/archive/2005/10/06/426755.aspx
To automate, you would just create a Windows Scheduled Task to move this file in and out of your application's root directory at the desired times.
Use a rewriting filter, like IIRF. Configure it to rewrite ALL pages to your maintenance page.
problem solved.
app_offline.htm is the way to go indeed. To automatically restore your site, you can simply use a scheduled task.
Related
My company creates sub-domains for our customers that sign up with us. For the longest time now, we'd create the site (for example https://foo.domainname.com), and it would go directly to the application. However recently, after creating a site when you go to navigate to it, it just shows the IIS 7 Splash page. After doing a bit of Googling, I found this thread, and it appears to be the case, because when you go to the main page directly, instead of the root, it works. Then after that the root works as expected.
It's great we have a way to help our customers now, however telling our customers to clear their cache and/or navigate to the main page directly is not ideal for many obvious reasons. So considering this is a new behavior, it seems safe to assume something is not working quite right. How do I go about fixing this, because I am stumped.
iis is also set to "application pool" of the sites.
Create and set new "application pool" sites. Thus, they work more efficiently.
https://docs.kentico.com/k11/installation/deploying-kentico-to-a-live-server/creating-virtual-directories-and-application-pools-in-iis-7-5-and-7-0
I am having a simple blank page without any source code.The page also taking very long time to come.I am not able to understand the reason behind this.
The domain is getting a high requests.
What exact settings needs to be done in iis 7.0 so that it will be faster.
Please help.
ASP.NET pages always have an initial delay when the first request is made after the file has been created/edited/uploaded because the server needs to recompile them, however it shouldn't be more than 2-3 seconds in practice, and does not affect subsequent pageloads.
The only thing I can think of is an overloaded server. Assuming you're on a shared hosting package then I recommend you find another ISP. If not, then I'm afraid there's a lot more to it than just a "page pages load faster" switch hidden away.
I usually place an app_offline.htm in my root directory when I am releasing a website to a production environment. However sometimes if there has been a few big changes to the site, I would like to click around first to make sure it's stable without allowing access to anyone other than me.
As far as I am aware this isn't possible, but I'm hoping someone has a neat solution...
The solution has to include if someone has a deeplink into the site, so using a default.htm/asp page in the root won't do the trick unfortunately.
I agree with the staging environment answer above, but otherwise here's one possible approach: Temporarily block all IP addresses besides your own. This can be achieved through IIS Directory Security configuration, or programmatically in any number of ways
You can redirect all the non-authorized users to an Under Construction page of some sort. Meanwhile, you can happily browse the site from your IP. When the site is vetted, you remove that IP restriction and the site becomes available to the world at large.
It's a difficult thing to achieve. That's why you should have a staging environment where everything should be validated before shipping into production. Then during the deployment process (if it takes long, but it shouldn't) you could use an App_Offline file. This staging environment should be as close as possible to your production environment (in terms of software, patches and configurations installed, not in terms of hardware power of course).
Another quick suggestion that would allow you to control things from the web.config might include a custom module that redirected all requests to a static page except those defined by a filter (i.e. hostname, url sniffing) that could be configured via the web.config.
I have an ASP.NET site that I'm going to have to take down to make some major structural updates to, and I was wondering how I should go about it from the client-side perspective. I have heard of an App_Offline.htm file or something like that, but I've never really gotten that to successfully work. Does anyone know how to do this?
EDIT
My app is running ASP.NET 4.0, for what it is worth.
Rather than messing with the app_offline silliness (among other reasons, you can't continue to see the site internally while performing maintenance), I created an additional "down for maintenance" site in IIS, which is normally stopped. It has the same IP, host headers, etc as the main site, but only has a default.aspx, an images folder and a stylesheet. That file contains the "This site will be down for maintenance until xx:xx PM CST" message.
When I'm ready to perform the update, I stop the main site and start the maintenance site, which then processes any requests it receives and, of course, returns the maintenance message.
When the maintenance is complete, stop the maintenance placeholder site, and restart your main site.
If you're using host headers, you can modify this approach so that the site remains internally accessible over your LAN/WAN while the maintenance site is handling external requests. A simple approach is to remove the host headers for <*>.yourdomain.com from the main site before starting the maintenance site, and ensure that the main site has an additional host header that is internally accessible (added to your local hosts file, for instance). When you start the maintenance site, it'll handle external requests while the primary site will handle requests to the internal-only header.
Alternatively (this seems complex, but saves you the trouble of adding and removing headers), create three sites:
Main site: Configured as in normal operation.
Maintenance site: Has same IP, host headers, etc as main site, but only contains default "down for maintenance" page and any images, css, etc that are required.
Internal test site: Duplicates the configuration of the main site and points to the same folders, but only has host headers,etc for an internal name that is not in the public DNS.
This way, you have only to stop the main site and start the other two in order to funnel external traffic to the "down for maintenance" site, while you can still see and tweak the primary site. This is helpful for that last few minutes of testing/bug fixing that tends to come up during a deployment.
Update
If you don't have access to the server or IIS Manager, you most likely won't be able to use any of that. Assuming that your access is limited to your own folder, your options seem to be either to deploy app_offline.htm to the root of the site (ASP.NET checks for that filename), or to just replace the whole site with a "down for maintenance" app. Perhaps someone else will chime in with alternatives.
The trick for IE is to push over the wire particular count of bytes otherwise IE shows not so friendly 404 error anyway. here is more details: http://weblogs.asp.net/scottgu/archive/2006/04/09/442332.aspx
If you have a good pre-release testing process and careful release procedures you probably won't be down for long.
In that case dropping a file called App_Offline.htm into your site root works fine. IIS will replace your site with it until you remove it. It's a painless way of making sure nothing's updating while you transition.
Mine just has a header with the site logo and a message that we'll be down for maintenance for up to twenty minutes. That's it. It took me about five minutes to write IIRC.
I would definitely recommend this for short sharp down periods of less than half an hour. Anything longer and you're probably looking at a major system change that warrants an approach like David Lively's.
How to rename drupal's admin directory as I already have a directory named "admin"?
As Bleadedu pointed out, Drupal has no "directories" in its URL.
The urls you see are all so called "clean urls", achieved with a nifty trick in Apache (the webserver)
configuration. You could disable clean urls that will fix your problem, but may not be an option, if you rely on this feature for some reason.
Another option is to use path module to circumvent this issue. This has downsides too, most notably, the fact you need to manually change each url with admin in it.
The last option is to change the rewrite rules in Apache. This is hard to achieve and requires some knowledge of mod_rewrite.
you can't. simply because admin directory doesn't exist. it's just a url path (defined in all modules that have got a reference of it in hook_menu)
The only solution I have right now is to implements hook_menu_alter and redirect all menus that starts with admin/ somewhere else, but I can't say that it will work 100%.
Instead of changing the path of /admin, you should beef up security elsewhere.
First, finding out your site uses Drupal is a piece of cake.
Huge companies use Drupal, and don't change their /admin path.
Don't use User 1. Most of the time, there is no need for anyone to be using User 1. Even the highest of admins should be given a role, and certain permissions. User 1 should have a complicated long password, changed every (x) number of days or hours, but never actually used. I think there is also a module for this, but I can't remember off the top of my head because I just do this programmatically.
logintoboggan.module
The Login Toboggan module will display the login form for Access denied pages
login_security.module
protect_critical_users.module
userprotect.module
session_limit.module
nodeaccess.module
Don't let direct access to update.php and cron.php. Create a cronjob to run via shell.
-have them direct to forbidden/or a 404 with a search page
Use the tools in cpanel/whm or similar. Knock out bad login attempts and such.
There are a ton of other ways to beef up security in drupal.
I somehow forgot that you said "as I already have a directory named "admin". opps.
I think you would be wise to either alter that other directly instead, put it inside of another directory, or simply don't use it.
It is just going to be very messy. You would have to look into every single module to see if it needs adjusting.
Off the top of my head, the user.module will need to be altered, and also take a look at http://api.drupal.org/api/search/6/url_rewrite.
custom_url_rewrite_outbound and custom_url_rewrite_inbound will work, BUT you will still be able to access /admin by typing it in manually. You will get a forbidden if you stick a "admin" folder in your root.
All in all, I think it would be a messy venture, and you might get a lot of broken updates. Until something like this is offered in core, I wouldn't do it. Even if there was a module that could, I wouldn't use it.
*You will have to "Hack Core," and I don't think this justifies hacking the core.