WAP How to know which IIS configuration section is allowed to be customized


For a web site hosted on Windows Azure Pack (Previously, Windows Server for Hosting Service Providers), sometimes, customer need to customize some IIS settings based on their application requirement. Due to various reason (security, performance, etc.), some configuration section are locked by default. This means customers are not allowed to change these settings.

To know which section is allowed/denied to customize, you can use follow steps:

1.       Logon to Controller role

2.       Open Powershell, and run follow command to add the WebHosting snapin.

add-pssnapin webhostingsnapin

3.       Then, run follow command to get the section OverrideMode.

Get-DefaultAppHostConfigSection | Format-Table OverrideModeDefault, SectionName -AutoSize

4.       You will see result like this. Now, you know which section is allowed to customize.

OverrideModeDefault SectionName                                                                       

------------------- -----------                                                                      

               Deny system.applicationHost/applicationPools                                          

               Deny system.applicationHost/configHistory                                             

               Deny system.applicationHost/customMetadata                                            

               Deny system.applicationHost/listenerAdapters                                           

               Deny system.applicationHost/log                                                       

               Deny system.applicationHost/serviceAutoStartProviders                                 

               Deny system.applicationHost/sites                                                     

               Deny system.applicationHost/webLimits                                                 

               Deny system.ftpServer/caching                                                          

               Deny system.ftpServer/firewallSupport                                                 

               Deny system.ftpServer/log                                                             

               Deny system.ftpServer/providerDefinitions                                             

               Deny system.ftpServer/security/authorization                                          

               Deny system.ftpServer/security/ipSecurity                                             

               Deny system.ftpServer/security/requestFiltering                                       

               Deny system.ftpServer/serverRuntime                                                   

               Deny system.webServer/asp                                                             

              Allow system.webServer/caching                                                          

               Deny system.webServer/cgi                                                             

              Allow system.webServer/defaultDocument                                                 

              Allow system.webServer/directoryBrowse                                                 

               Deny system.webServer/diskCache                                                       

              Allow system.webServer/externalCache/diskCache                                         

               Deny system.webServer/fastCgi                                                         

               Deny system.webServer/globalModules                                                   

               Deny system.webServer/handlers                                                        

               Deny system.webServer/httpCompression                                                  

              Allow system.webServer/httpErrors                                                      

               Deny system.webServer/httpLogging                                                     

              Allow system.webServer/httpProtocol                                                    

              Allow system.webServer/httpRedirect                                                    

               Deny system.webServer/httpTracing                                                      

               Deny system.webServer/isapiFilters                                                    

               Deny system.webServer/modules                                                         

               Deny system.webServer/odbcLogging                                                     

               Deny system.webServer/proxy                                                           

               Deny system.webServer/rewrite/allowedServerVariables                                   

               Deny system.webServer/rewrite/globalRules                                             

              Allow system.webServer/rewrite/outboundRules                                           

              Allow system.webServer/rewrite/providers                                               

              Allow system.webServer/rewrite/rewriteMaps                                             

              Allow system.webServer/rewrite/rules                                                   

               Deny system.webServer/security/access                                                 

               Deny system.webServer/security/applicationDependencies                                

              Allow system.webServer/security/authentication/anonymousAuthentication                 

              Allow system.webServer/security/authentication/basicAuthentication                      

              Allow system.webServer/security/authentication/clientCertificateMappingAuthentication  

              Allow system.webServer/security/authentication/digestAuthentication                    

               Deny system.webServer/security/authentication/iisClientCertificateMappingAuthentication

               Deny system.webServer/security/authentication/windowsAuthentication                   

              Allow system.webServer/security/authorization                                           

               Deny system.webServer/security/ipSecurity                                             

               Deny system.webServer/security/isapiCgiRestriction                                    

              Allow system.webServer/security/requestFiltering                                       

               Deny system.webServer/serverRuntime                                                   

               Deny system.webServer/serverSideInclude                                                

              Allow system.webServer/staticContent                                                   

              Allow system.webServer/tracing/traceFailedRequests                                     

               Deny system.webServer/tracing/traceProviderDefinitions                                

              Allow system.webServer/urlCompression                                                  

              Allow system.webServer/validation                                                       

               Deny system.webServer/webdav/authoring                                                

               Deny system.webServer/webdav/authoringRules                                           

               Deny system.webServer/webdav/globalSettings                                           

               Deny webFarms                                                                         

 

See you next time.

Wei from APGC DSI Team

Comments (0)

Skip to main content