Many friends encounter a lot of problems when using IIS6 websites, and these problems have encountered in the past IIS5, some are new, have made many tests, combined with the previous exhalation experience, make This summary, I hope I can help you.
Question 1: No parent path is enabled
Example:
Server.mappath () error / 'ASP 0175: 80004005 /'
Not allowed PATH characters
/ 0709/dqyllhsub/news/opendatabase.asp, line 4
Characters /'/ 'are not allowed in the Path parameter of Mappath.
Cause Analysis:
In many web pages, you should use a statement such as ../ format (that is, the page of the previous layer, that is, the parent path), and IIS6.0 is turned off by default for security considerations.
Solution:
In IIS Properties -> Home Directory -> Configuration -> Options. Took the "Enable Parent Path". Confirm the refresh.
Question 2: Improped ASP's web extension configuration (equally applicable to ASP.NET, CGI)
Example:
HTTP error 404 - File or directory is not found.
Cause Analysis:
In IIS6.0, the web program extension is added, which allows you to allow or disabled for procedures such as ASP, ASP.NET, CGI, IDC, by default ASP and other programs are disabled.
Solution:
Select Active Server Pages in the Web Service Extension in IIS, click "Allow".
Question 3: Improper authentication configuration
Example:
HTTP Error 401.2 - Unauthorized: Accessing Due to the server configuration is rejected.
Cause Analysis: IIS supports the following Web authentication methods:
Anonymous authentication
IIS Create IUSR_bura Name Account (where the computer name is the name of the server running IIS), which is used to authenticate them when requesting Web content in anonymous users. This account grants the user local login permissions. You can reset anonymous users to use any valid Windows account.
Basic authentication
Use basic authentication to limit access to files on the NTFS format web server. With basic authentication, the user must enter credentials and access is based on user ID. The user ID and password are sent between the network in the form of a clear text.
Windows integrated authentication
Windows Integration Authentication is better than basic authentication, and can play a good role in the internal network environment with the user's Windows domain account. In integrated Windows authentication, the browser attempts to use the current user's credentials used in the domain login process. If the attempt fails, you will prompt the user to enter the username and password. If you use an integrated Windows authentication, the user's password will not be transferred to the server. If the user logs in to the local computer as a domain user, he does not have to perform authentication again when accessing the network computer in this domain.
Summary authentication
Abstract Authentication overcomes many of the shortcomings of basic authentication. When using a summary authentication, the password is not sent in a clear manner. Alternatively, you can use a summary authentication through a proxy server. Summary Authentication Use a challenge / response mechanism (integrated with Windows authentication), where the password is sent in encryption.
.NET Passport authentication
Microsoft .NET Passport is a user authentication service that allows a single check in security that allows users to be more secure when accessing .NET Passport's Web site and services. Enabled .Net Passport's site will rely on the .NET Passport central server to authenticate the user. However, the center server will not authorize or reject a specific user to access the site of the .NET Passport. Solution:
Configure different identity authentication as needed (generally anonymity authentication, this is the authentication method used by most sites). Authentication options in the properties of IIS -> Security -> Authentication and Access Control.
Question 4: IP limit configuration is not properly configured
Example:
HTTP Error 403.6 - Disable Access: The client's IP address is rejected.
Cause Analysis:
IIS provides an IP-limiting mechanism that allows you to limit some IPs that cannot access sites, or limit only some IPs can access the site, and if the client is in the IP range you blocked, or is not allowed Error prompts will occur within the range.
Solution:
Enter IIS properties -> Security -> IP address and domain name limit. If you want to limit access to some IP addresses, you need to select an authorization access, and add the IP address that is not allowed. Conversely, you can only allow access to some IP addresses.
Question 5: IUSR account is disabled
Example:
HTTP Error 401.1 - Unauthorized: Access Since the credential is invalid.
Cause Analysis:
Since the account used by the user anonymous access is the IUSR_ machine name, if this account is disabled, the user will cause the user to access.
Solution:
Control Panel -> Administrative Tools -> Computer Management -> Local Users and Groups, enabled IUSR_ machine name accounts.
Question 6: NTFS permission setting is improper
Example:
HTTP Error 401.3 - Unauthorized: Access Due to the setting of the ACL to the requested resource is rejected.
Cause Analysis:
The user of the web client is part of the User group, so if the NTFS permission of the file is insufficient (for example, no read rights), the page will not be accessible.
Solution:
Enter the security tab of the folder, configure USER's permissions, at least to read permissions. About NTFS permissions settings are no longer fed here.
Question 7: IWAM account is not synchronized
Example:
HTTP 500 - Internal server error
Cause Analysis:
The IWAM account is an built-in account that automatically created when the system is installed. After IWAM account is established, it is used by the Active Directory, IIS Metabase database, and COM applications. The account password is saved separately, and the operating system is responsible for the synchronization of the IWAM password saved by these three parties. The system's password to IWAM account is sometimes failed, resulting in the password used by the IWAM account.
Solution:
If there is AD, select Start -> Program -> Administrative Tools -> Active Directory users and computers. Set a password for the IWAM account. Run C: / INETPUB / Adminscripts> AdsUTIL SET W3SVC / WAMUSERPASS password synchronization IIS Metabase database password Run CScript c: /inetpub/adminscripts/synciwam.vbs -v synchronization IWAM account password in COM application password
Question 8: MIME Settings Problem caused some types of files unable to download (with ISO as an example)
Example:
HTTP error 404 - File or directory is not found. Cause Analysis:
IIS6.0 cancels support for certain MIME types, such as ISO, causing client download errors.
Solution:
In IIS Properties -> HTTP Head -> MIME Type -> New. In the subsequent dialog box, the extension fills in .ISO, the MIME type is Application.
In addition, firewall blocking, ODBC configuration errors, web server performance limits, thread restrictions, etc. are also possible to cause the IIS server that cannot be accessed, this is no longer feased.
