Solving development problems  |  About this blog

Block IP address with Windows Firewall 2008

This procedure helped us when someone wanted to hack our server (taken from original post). If you ever feel that someone may be trying to break into your server or know an IP address that you want to block from accessing your server there is a built in firewall on all of our 2008 DDS servers. You can use this firewall to block either a range of IP addresses or a single address.

1. Log into your server via RDP.
2. Click on start > administrative tools > windows firewall with advanced security
3. On the left side of the firewall window click on the inbound rules option.
4. On the right side of the screen click on New Rule.
5. Click on the custom radio button and then click next.
6. Make sure the All programs radio is selected then click next.
7. On the protocol and ports options leave everything at its defaults and click next.
8. On the scope screen you will see two boxes the top one is for local IP addresses and the bottom is for remote IP addresses. In this scenario we are trying to block an outside (remote) IP from accessing anything on the server so we will need to add the IP address to this section only as it will not be a local IP address.
9. Click on the radio that says these IP addresses in the remote section as shown below:
   
10. Click on the Add button.
11. In the next window we will be adding a single IP address to the rule, you can also add an entire range at this point if you wish.
    
12. Click ok, click next.
13. Make sure you select the Block the connection radio on the next screen and then click next.
14. Leave all of the options on the next screen checked this will be sure to block the IP no matter the connection they are trying to use. Click next.
15. Name the rule on the next screen something you can remember in case you wish to remove or edit it in the future. Click finish and thats it

Sometimes you need to link folder that is outside your web folder and this outside folder should “pretend” as it is local web folder.

This is what works for Windows 2008 Server….

There are two ways to do this:

1. From IIS management studio you can do right mouse click on your website and then choose Add Virtual Directory
   

   Problem with this approach that you can only read files from linked folder and you can not delete them

2. Alternative approach is to use mklink function and to link wished folder. Position yourself in the webroot of your website, open Command Prompt and type:

   
   mklink /D “YourLinkedFolderName” “Physical full path to real folder”

   Here is full syntax:

   mklink [[/D] | [/H] | [/J]] link target

   • /D – Creates a directory symbolic link. Default is a file symbolic link.
   • /H – Creates a hard link instead of a symbolic link.
   • /J – Creates a Directory Junction.
   • link – Specifies the new symbolic link name.
   • target – Specifies the path (relative or absolute) that the new link refers to.

   

We had some problems with subdirectories under our root website.

We wanted to add different examples under our website root (organized into folders) like this:

• www.our-website.com/example1
• www.our-website.com/example2
• …

And we always got these errors.

At root of our website www.our-website.com we didn’t have any web.config and we didn’t want any. Every subfolder has its own web.config and it didn’t worked under IIS7

Solution:

Click on each folder under IIS and then right mouse click Convert To Application and it worked.

PROBLEM: Enabling RPC over HTTP on a 64-bit Internet Information Services 7.0 webserver results in application pool failures.

Just run these 4 command and restart IIS and application pools:

1) %windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/globalModules -[name='PasswordExpiryModule'].preCondition:bitness64

2) %windir%\system32\inetsrv\appcmd.exe add apppool -name:RpcAppPool -enable32BitAppOnWin64:false

3) %windir%\system32\inetsrv\appcmd.exe set app “Default Web Site/Rpc” -applicationPool:RpcAppPool

4) %windir%\system32\inetsrv\appcmd.exe set app “Default Web Site/RpcWithCert” -applicationPool:RpcAppPool

http://support.microsoft.com/kb/970259