Summary: Many friends are asking how to post a Web site located on the local host. In fact, the most important reason for the failure is because IIS's socket pooling problem. Through this article, you can learn how to successfully publish Web services on your local host. Many friends' ISA firewalls are also web servers, providing Web services for internal networks or external networks, which allow others to access your Web site by configuring access rules or web publishing rules. Use access rules to allow others to access very simple, you only need to allow internal or external networks to access the HTTP / HTTPS service on the local host. However, I strongly recommend that you use the web release rules to allow, because the ISA firewall filtering features for many application layers of the HTTP protocol, only in the Web Publish rules can be used. For common edge firewall models, ISA has two network interfaces, which connect internal and external networks, respectively. But when the web is established, the listener needs to listen to the corresponding port, so you cannot bind the Web site on the published network interface. You can bind your web site on the IP address of the internal network interface, then publish this web site on the IP of the external network interface, so that the user of the external network can access this Web site. Note: Of course, you can bind IIS in additional ports, such as TCP 81, and then ISA firewall uses standard TCP 80 port to publish services, there is no problem with port repeated occupation, and also avoided the Socket discussed below. Pooling problem. I have to talk about the IIS's socket poibility (on this question, I have already prohibited the Socket Pooling article, I suggest you look at this article first). SocketPooling defines IIS to bind the IP address of the Web site, the default is all IP addresses on this unit. But when you configure the IIS Manager IP address, no matter which IP address you choose, it is bound to all IP addresses in the socket. At this time, even if you only bind the IIS restriction web site, it will occupy the corresponding interface of the external IP address. At this time, the ISA firewall can no longer listen to this port of the external IP address to do Web. Publish, causing a warning that the ISA resource allocation failed. So, we must limit the sockets used by IIS to limit it only the IP address of the internal network interface. Other web servers (such as Apache, etc.) do not have this problem, and can directly modify the bound IP address. The following figure is our network topology, the ISA firewall operating system is Windows Server 2003 Enterprise Edition, and ISA firewall software version is ISA Server 2004 enterprise version of English version of Beta, but the operation and standard version are basically consistent. The ISA firewall acts as an edge firewall / web server, connects internal and external networks, while providing Web services for internal and external networks. The ISA firewall has configured a policy that allows local hosts to access all services to all networks.
The TCP / IP settings of each computer are as follows. This test does not design DNS, and the DNS server IP address of each computer is set to empty: ISA firewall: External Interface: · IP: 61.139.0.1/24 · DG: 61.139.0.1Internal Interface : · IP: 192.168.0.1/24 DG: NoneClient1 · IP: 192.168.0.0.1External Client: · IP: 61.139.0.10/24 NONE This article will follow the steps: • In Web Socket poibility on the server; • Establish a web release rule to publish the web site bound on the internal IP address; • Establish access rules, allow internal access to local hosts and external HTTP / HTTPS; · Test; 1, on the web server Prohibiting Socket Pooling We first bind the web site on the IIS's Web site properties, on the IP address of the internal interface, running netstat -an under CMD, it is obvious, IIS is bound to all IP addresses: Now we need to ban Socket Pooling, detailed operational procedures, see how to disable SocketPooling. First, we need to install httpcfg.exe. In the% CDROM_ROOT% / Support / Tools / Directory of the Windows Server 2003 installation CD, double-click Suptools.msi and follow the prompts to complete the installation. Then click Start -> All Programs -> Windows SupportTools-> Command Prompt, run httpcfg set iplisten -i 192.168.0.1 to bind, then run HTTPCFG QueryIPListen to query, and finally restart your computer. After the computer is restarted, log in as an administrator, running netstat -an, and you can see the IIS's Web site has just bind the IP address of the internal interface. 2. Create a web release rule, publish the web site on the internal IP address, now we can establish a web release rule to publish the web site that binds on the internal IP address.
