Skip to main content

IIS

Intro

Although Apache is the dominant web server, it is worth noting that there is a significant user base for IIS (Internet Information Services), which is Microsoft's web server offering. Consequently, it is important to provide specific information for this audience.

It is worth mentioning that PHP is compatible with IIS, meaning that websites built with the Origen framework can be hosted on IIS. For detailed instructions on how to install PHP on Windows and configure IIS to handle PHP webpages and scripts, it is recommended to refer to the official PHP.net website.

For developers who are interested in installing PHP and hosting Origen websites on IIS, the following links from the PHP.net website can be particularly helpful in getting started with the process.

The two prevalent challenges faced by system administrators responsible for managing Origen websites deployed on IIS webservers are as follows:

  • Configuring accurate directory and filesystem permissions for the website to ensure appropriate access control and security measures.
  • Activating Search Engine Friendly (SEF) URLs to optimize website usability and enhance search engine indexing and ranking.

Setting the filesystem permissions

Conceptual Overview

Windows filesystem permissions exhibit greater complexity compared to the Unix-style rw-r--r-- conventions, which have three levels and three values.

In the context of Windows servers, there exists a user named IUSR, equivalent to the apache user found on many Linux systems. PHP scripts are executed under the IUSR account. In the case of IIS 7.5, this user may belong to the group WEB\Users.

Levels

While Windows does have an owner for directories and files, and also supports groups, it does not include an equivalent of the "everyone else" concept found in Unix-like systems.

Windows does have a group called Users, encompassing all accounts utilized by human users to actively interact with the server. However, accounts associated with services, system operations, and software user permissions do not fall under this group. In fact, no accounts, whether human or otherwise, possess any privileges unless explicitly granted either directly to the user or through group membership.

Values

In addition to the standard Read, Write, and Execute permissions, Windows introduces additional values. For an Origen website, the most important ones to consider are Read and Write.

Configuration Instructions

To configure permissions, log in to the Windows server and launch Windows Explorer. Navigate to the inetpub directory.

Perform the following steps to configure directory permissions for your Origen site:

  1. Log in to the Windows server and launch Windows Explorer.
  2. Navigate to the inetpub directory.
  3. Right-click on the directory that contains your Origen site.
  4. Select "Properties" and navigate to the "Security" tab.
  5. Click on the "ADD" button.
  6. Ensure that the "LOCATION" field is set to the local computer, not a domain controller.
  7. Enter "iis_iusrs" in the field to specify the user/group you want to grant access to.
  8. Confirm the selection.
  9. Highlight the "iis_iusrs" entry in the access control list.
  10. Check the boxes for "Read & Execute," "List Folder Contents," "Read," and "Write."
  11. Confirm the changes and close the security window.
  12. Open the Start menu, go to "Administrator," and select "Computer Management."
  13. Navigate to "Local Users and Groups" and then to "Groups."
  14. Locate or create the group "iis_iusrs."
  15. Add a member to the group, ensuring that the "LOCATION" field is set to the local computer.
  16. Enter "IUSR" in the field to identify the user/group you want to grant access to.
  17. Confirm the selection.
  18. Save the changes.
  19. Run the Origen installer once again, and you will now have write privileges for your PHP user in the website folder.

Search Engine Friendly URLs

The functionality of Search Engine Friendly (SEF) URLs relies on a technique called "URL rewriting." This involves matching patterns in incoming HTTP requests and transforming the request format before passing it to the webserver. In the case of Origen, it can only interpret parameters present in the original "ugly" request format. Therefore, the human-readable path in the incoming HTTP request needs to be rewritten to accommodate Origen's requirements.

Apache's mod_rewrite

For many webmasters, the widely known method of achieving this URL transformation is through the use of Apache's mod_rewrite module. This module enables the translation of user-friendly, search engine-friendly URL requests, such as /about_us/contact_information, into the "ugly" internal server path format, like /index.php?option=app_origenapp&view=item&id=111&Itemid=123, which Origen can process. The rewrite rules responsible for this transformation are typically specified in a text file called .htaccess and follow a specific syntax.

IIS

Prior to Windows Server 2008 and IIS7, adding URL rewriting functionality to an IIS webserver required the use of third-party add-ons. Although these add-ons are still available for servers running IIS6 or earlier versions, there are now native solutions available. CodePlex, a Microsoft-associated website and code-sharing developer forge, hosts at least two high-quality URL rewrite solutions for IIS6. These modules are capable of parsing and executing the same rewrite rules used in Apache's .htaccess files.

Windows Server 2008 introduced IIS7, which was the first webserver from Microsoft to offer a native module specifically designed for URL rewriting.

This module, known as the "IIS URL Rewrite Module," is freely available for download and installation on IIS7 webservers.

Unlike Apache's .htaccess format, the IIS7 module stores and configures its rules in a different manner. The rules are stored as XML data in the web.config file located in the website's root directory. The IIS Management Console provides a graphical user interface (GUI) and a wizard for creating and testing these rules. The wizard is capable of reading a text file containing rules in a similar format to .htaccess and converting them to the native format used by the IIS7 module.


You can implement server-level IP protection using the IP and Domain Security feature in IIS 7.5 on Windows Server 2008. To enable this feature, access the Server Manager MMC panel and navigate to "Roles" and then "Web Server (IIS)". In the window that appears, scroll down to the security section and select the "IP and Domain Security" option. Proceed with the installation by clicking "Next".

iis-ip-and-domain-restrictions-role.webp

Once the feature is installed, open the IIS Manager MMC panel. If it was already open, you may need to restart it to access the appropriate panel. Within the IIS Manager, locate the administrator directory of the site and click on "IPv4 Address and Domain Restrictions". You can modify the default behavior by clicking "Edit Feature Settings" and configuring the default response for unspecified clients to be "Deny". To allow access, you can add entries for trusted IP addresses or subnets. For more detailed information, refer to the following article: [1]