IIS - Microsoft Internet Information Services

HomeForumsIIS 7.0IIS7 - Known Issues and WorkaroundsEditing a collection element for a site changes the collection element at both the site and the server levels (config bug)

Previous Next

Thread: Editing a collection element for a site changes the collection element at both the site and the server levels (config bug)

Last post 05-31-2006 8:12 PM by alexise. 0 replies.

Average Rating Rate It (5)

RSS

Page 1 of 1 (1 items)

Sort Posts:

  • 05-31-2006, 8:12 PM

    • alexise
    • Top 500 Contributor
    • Joined on 08-15-2003, 1:34 PM
    • Posts 8
      • alexise

    Editing a collection element for a site changes the collection element at both the site and the server levels (config bug)

    Reply Contact

    [symptoms]

    You used any of the IIS management tools, e.g. IIS Manager, appcmd, WMI, or Microsoft.Web.Administration to edit a collection element (e.g. change the target file path for a custom error page), and the same element changed at the server level as well.

     

    [notes]

    This will only happen for collections on sections that are locked by default, and that are being managed using the IIS management tools mentioned above. 

    • ASP.NET and .NET Framework should not have this problem because their sections are not locked by default.  If you explicitly locked them, you will see this problem. 
    • IIS sections that contain collections and are locked by default will have this problem, for example:
      • Custom Errors (system.webServer/httpErrors)
      • IP and Domain Restrictions (system.webServer/security/ipSecurity)
      • ISAPI Filters (system.webServer/isapiFilters)
      • Output Caching Rules (system.webServer/caching)
      • Failed Request Tracing Rules (system.webServer/tracing/traceFailedRequests)
      • Modules (system.webServer/modules) - only if ASP.NET is installed, because installing ASP.NET will cause this section to become unlocked
      • Handlers (system.webServer/handlers)  - only if ASP.NET is installed
      • Request Filtering (system.webServer/security/requestFiltering): e.g. at the server level you set a rule that the file extension ".xml" must not be served, and then you edit that rule for site "Default Web Site" so that ".xml" files can be served on that one specific site.  The end result will be that ".xml" files can now be served from any site on the server.

    If you're a super user, you might also run into these ones:

    • Windows Auth Providers (system.webServer/security/authentication/windowsAuthentication)
    • IIS Client Certificate Authentication (system.webServer/security/authentication/iisClientCertificateMappingAuthentication)
    • Configuring Trace Providers (system.webServer/tracing/traceProviderDefinitions)
    • system.webServer/httpTracing

     

    [workaround]

    Unfortunately, there aren't any great workarounds (sorry, this sucks, I know).  Here are the not-so-great workarounds:

    1) Be aware of the problem, and reverse the changes to server collection elements after changing the site collection element.

    2) Edit config by hand (... but really, don't do this, because it's too easy to muck up applicationHost.config with hand editing)
Page 1 of 1 (1 items)

Powered by IIS7   Powered by ASP.NET 2.0

Copyright © 2008 Microsoft Corporation. All Rights Reserved. | Terms of Use | Privacy Statement
Questions/Problems with www.iis.net? | Interested in Advertising with us? | Hosted by OrcsWeb | Ads served by BanManPro

Page view counter