IIS5 default application

Server Config
1

I have never worked with IIS and have this site that is setup in a Windows Server 2003 the site is built in ASP and was asked to move all content from the old database to wordpress so I made the template imported all the content and it all works fine except it is now time to move to the new wordpress, I have been playing around with the settings of IIS and I have not been able to figure out how to server the wordpress folder as the default site, in the default.aspx file I have this


<!--#include virtual="/artman2/publish/indexNew.asp" -->

wordpress is located at /wordpress so I tried doing this


<!--#include virtual="/wordpress/index.php" -->

which did not work and throws me an error “Server Error in ‘/’ Application.”

there is also a web.config file which, if deleted, I get another error


<?xml version="1.0" encoding="utf-8" ?>
<configuration>

	<appSettings>
		<add key="DBConnectionString" value="server=xxxx\\SQLWEB;UID=xxxx;PWD=xxxx;DATABASE=xxxx" />
		<add key="BMP_Optimized" value="0" />
		<add key="Demo" value="False" />
		<add key="bmp_License" value="42478" />
	</appSettings>

  <system.web>

    <httpRuntime executionTimeout="36000" maxRequestLength="500000"/>
    <!--  DYNAMIC DEBUG COMPILATION
          Set compilation debug="true" to insert debugging symbols (.pdb information)
          into the compiled page. Because this creates a larger file that executes
          more slowly, you should set this value to true only when debugging and to
          false at all other times. For more information, refer to the documentation about
          debugging ASP.NET files.
    -->
    <compilation defaultLanguage="vb" debug="true" />

    <!--  CUSTOM ERROR MESSAGES
          Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.
          Add <error> tags for each of the errors you want to handle.

          "On" Always display custom (friendly) messages.
          "Off" Always display detailed ASP.NET error information.
          "RemoteOnly" Display custom (friendly) messages only to users not running
           on the local Web server. This setting is recommended for security purposes, so
           that you do not display application detail information to remote clients.
    -->
    <customErrors mode="Off" />

    <!--  AUTHENTICATION
          This section sets the authentication policies of the application. Possible modes are "Windows",
          "Forms", "Passport" and "None"

          "None" No authentication is performed.
          "Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to
           its settings for the application. Anonymous access must be disabled in IIS.
          "Forms" You provide a custom form (Web page) for users to enter their credentials, and then
           you authenticate them in your application. A user credential token is stored in a cookie.
          "Passport" Authentication is performed via a centralized authentication service provided
           by Microsoft that offers a single logon and core profile services for member sites.
    -->
    <authentication mode="Windows" />


    <!--  AUTHORIZATION
          This section sets the authorization policies of the application. You can allow or deny access
          to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous
          (unauthenticated) users.
    -->
    <authorization>
        <allow users="*" /> <!-- Allow all users -->

            <!--  <allow     users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
                  <deny      users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
            -->
    </authorization>

    <!--  APPLICATION-LEVEL TRACE LOGGING
          Application-level tracing enables trace log output for every page within an application.
          Set trace enabled="true" to enable application trace logging.  If pageOutput="true", the
          trace information will be displayed at the bottom of each page.  Otherwise, you can view the
          application trace log by browsing the "trace.axd" page from your web application
          root.
    -->
    <trace enabled="true" requestLimit="10" pageOutput="true" traceMode="SortByTime" localOnly="true" />


    <!--  SESSION STATE SETTINGS
          By default ASP.NET uses cookies to identify which requests belong to a particular session.
          If cookies are not available, a session can be tracked by adding a session identifier to the URL.
          To disable cookies, set sessionState cookieless="true".
    -->
    <sessionState
            mode="InProc"
            stateConnectionString="tcpip=127.0.0.1:42424"
            sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
            cookieless="false"
            timeout="20"
    />

    <!--  GLOBALIZATION
          This section sets the globalization settings of the application.
    -->
    <globalization requestEncoding="utf-8" responseEncoding="utf-8" />

  </system.web>

</configuration>

Can someone guide me on what needs to be done for IIS5 to change the default document being server?

2

Server 2003 comes with IIS6. Are you sure about the version you are running? (open IIS and go to help > about)

Second, wordpress does not run natively on IIS. Since wordpress is built on PHP, you’ll either need a WAMP/LAMP stack (Linux/Windows, Apache, MySQL, PHP), or install FastCGI for integration into IIS.

I really don’t recommend running PHP web apps on IIS if you can avoid it. There are usually more headaches involved because they’re not designed to run on IIS, and thus, you have to find ways around these issues.

3

Mike,

The cgi connector for PHP has a security problem whereby PHP directives can be added to the query string and will be handled by PHP. Therefore, SuPHP is what has eliminated that problem on a server. In other words, for security reasons, tlacaelelrl really has to move to a LAMP server to use WP.

Regards,

DK

4

I have a small problem with that, the owner of the site wants to keep running the old version so people who have old links can still access them and yes I am running IIS6

5

The “PHP connector” merely changes how PHP is called by the server, not any of the code. Apache can redirect .asp links to .php files but, in the simplest form, the file names should be identical (except for the file extensions). Unfortunately, when the owner wants something which is not secure, you must advise of the problem and just do it - better for you as you can charge more! That’s not the way I like to operate but that’s what’s required with an owner like yours.

Regards,

DK

6

Thank you for all your help and well as you can see from my other post I moved to Apache and am using rewrites, everything appears to be working fine!!

7

Seriously…? IIS cannot run PHP or Wordpress?! You have to be kidding me. With PHP 5.3 the PHP team has giving Windows first-class support as they have with Linux/Unix, its runs just fine with IIS6/7. Even the folks at Wordpress have giving full Windows support. Also. IIS uses FastCGI with PHP, which is not vulnerable to the security vulnerability that Dklynn talked about (Which was also patched already). There is so little that is different with PHP whether you are using IIS or Apache that it doesn’t matter to the various applications.

I swear…has anyone actually tried to use IIS? Or do they just assume it won’t work?

8

^^^This.

Seriously people, learn your web servers. It ain’t that hard. I’ve been running PHP on IIS since 2001 or so. Loads easier now, especially with IIS7 and the web PI where it is a one click install to get PHP w/ FastCGI stood up and running securely.

If you need to do url rewriting in IIS6 and you’ve got a dedicated server, check out http://iirf.codeplex.com/ ; straight copy/paste support for your mod rewrite rules with very little fuss.

9

Well the server is running IIS6 and now I have PHP running on Apache and the asp applications running on IIS on a different port as those applications are being used internally only and just for about an hour and everything seems to be working fine, also the reason I moved to Apache is because I feel more comfortable working with it I am not saying it is better than x just don’t have experience with IIS and was not going to start right now in a rush when the site needed to be up and running!