Poll: Is your school Intranet accessible via the Internet

Be advised that this is a public poll: other users can see the choice(s) you selected.

+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 25 of 25
Web Development Thread, External Web Access to IIS 6.0 Server in Coding and Web Development; Originally Posted by webman Originally Posted by ryan_powell I think IIS 6.0 is prety secure 8O :? http://secunia.com/product/1438/ http://msmvps.com/blogs/bernard/arch...6/10/7882.aspx 3 ...
  1. #16

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,025
    Thank Post
    238
    Thanked 193 Times in 149 Posts
    Rep Power
    107

    Re: External Web Access to IIS 6.0 Server

    Quote Originally Posted by webman
    Quote Originally Posted by ryan_powell
    I think IIS 6.0 is prety secure
    8O :?
    http://secunia.com/product/1438/

    http://msmvps.com/blogs/bernard/arch...6/10/7882.aspx

    3 IIS 6 vulnerabilities might be 3 more than you'd want in an ideal world but I think it compares pretty well with Apache, for example.

    http://secunia.com/product/9633/
    http://secunia.com/product/73/
    http://secunia.com/product/72/

    I've never had an IIS server of any version that was under my control exploited, personally.

  2. #17

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,406
    Thank Post
    639
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    324

    Re: External Web Access to IIS 6.0 Server

    In my opinion, the reason for those figures are down to the closed source nature of IIS - how many other vulnerabilities are there that we don't know about waiting to be exploited?

  3. #18

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,025
    Thank Post
    238
    Thanked 193 Times in 149 Posts
    Rep Power
    107

    Re: External Web Access to IIS 6.0 Server

    If open source were a panacea then why did Apache take between 3 and 33 hits?

    My point was, and still is, that when you actually look at the hard info on IIS 6 the "legend" of IIS being useless doesn't stand up the way it did with previous versions. We're supposed to be in the education business after all. The OP made a choice which is supported by the currently available figures, and carping on about it doesn't help.

    Anyway, I'm done on that subject, because turning the thread into a IIS vs Apache or Open Source vs. Closed Source thread wasn't my intention and I've got about as much interest in those topics as I have in the Exclusive Sky Sports channel's feature on olympic nose-hair growing.

  4. #19

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,025
    Thank Post
    238
    Thanked 193 Times in 149 Posts
    Rep Power
    107

    Re: External Web Access to IIS 6.0 Server

    Quote Originally Posted by ryan_powell
    Hi. Anyone have any ideas...

    We've now got the server visible from the Internet after emailing the helpdesk.

    Anyway. When we put the Server Public IP address into the browser i get the enter credentials message come up. I enter my administrative credentials and the server accepts them. However it returns an error page stating that there could have been a DNS Error or the page is unavailiable.

    Inside school, the server works. although I cannot access the hosted Intranet using the server itself. E.g. Entering http://odyssey on a workstation opens the Intranet. But entering it in the server's browser or using the Public IP off-site returns the DNS / Page Unavailable error.

    Any Ideas?

    Thanks
    Having had a think about this for a while, the following spring to mind as worth checking if you have not already.

    First, what is the exact error message you get.
    Is it from the server? Or from a proxy between the home user and the web server?

    Have you defined host headers as a requirement for reaching the site.
    Do you have redirects in place? Can you check the HTML links in the page code?

    If so, do any of these re-direct to the intranet 'http://odyssey' internal address rather than to whatever appropriate FQDN or IP address you're using for external users?

    Assuming IIS logging is turned on, you should be able to extract the host/server conversation for one of these connection attempts to see what exactly is happening. It should be possible to see from that at what stage things begin to fall apart.

    Incidentally, if you're logging in with your Active Directory credentials, I _do_ hope you're using SSL at that point.

  5. #20

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,935
    Thank Post
    1,341
    Thanked 1,784 Times in 1,107 Posts
    Blog Entries
    19
    Rep Power
    595

    Re: External Web Access to IIS 6.0 Server

    I've had a bit more of a chat with Ryan about this ... and i am scratching my head with some of the description.

    A little background.

    The school connects via EMBC. They use the EMBC ranges and have seperate admin / curriculum domains.

    The admin domain is <school>.county.sch.uk ... with a netbios name of <school>. The curriculum domain is <shortschoolname>.<school>.county.sch.uk ... the server in question is on the curriculum domain but registered externally as host.<school>.county.sch.uk ...

    The intranet server (hosted on the curriculum domain, can be accessed using http://<hostname> whilst in school (IIS appears to be integrated authentication and lets users right in ...) but if you try to access it via the FQDN that is registered in external DNS (and internal) it will not allow you to authenticate.

    I think that this is more to do with IIS handly authentication than DNS (but that probaby does not help) and so Ryan is going to try and change the access levels tomorrow to see what works best.

    If anyone else has any ideas I am sure Ryan would appreciate them.

  6. #21

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,025
    Thank Post
    238
    Thanked 193 Times in 149 Posts
    Rep Power
    107

    Re: External Web Access to IIS 6.0 Server

    Quote Originally Posted by GrumbleDook
    The intranet server (hosted on the curriculum domain, can be accessed using http://<hostname> whilst in school (IIS appears to be integrated authentication and lets users right in ...) but if you try to access it via the FQDN that is registered in external DNS (and internal) it will not allow you to authenticate.
    Just to be clear about this, if this is all hosted on the same IP range, does the FQDN point to the same actual network card from both external and internal clients?

    Does it definately fail auth when being accessed by FQDN internally?

    Do the netbios / wins name of odyssey and the FQDN point to the same network card "internally"? Where is "internal" and "external" delimited? On the site or at the hosting company's external gateway to the internet at large? E.G. Are they routing onto the internet directly or onto a MAN/WAN?

    I think that this is more to do with IIS handly authentication than DNS (but that probaby does not help) and so Ryan is going to try and change the access levels tomorrow to see what works best.
    I'd be looking at the IIS logs AND the event viewer at this point. That would show where the exact breaking point is.

  7. #22

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,935
    Thank Post
    1,341
    Thanked 1,784 Times in 1,107 Posts
    Blog Entries
    19
    Rep Power
    595

    Re: External Web Access to IIS 6.0 Server

    Curriculum and Admin on seperate ranges, linked via a router that routes in 3 ways ... admin | curriculum, admin | EMBC, curriculum | EMBC. The admin range hosts the admin domain that is school.county.sch.uk ... the curriculum hosts the curriculum domain which is schoolshortenedname.school.county.sch.uk ... and within this domain is a server (server.schoolsshortenedname.school.sch.uk) that needs to have the address of server.school.county.sch.uk ...

    Confused?

    Yeah ... I was when he described it to me.

    Obviously http://server works fine within the curriculum network, but server.school.county.sch.uk takes you to the site but fails to authenticate (IIS / Windows integrated authentication?)

    Likewise, trying to access externally causes an issue. I have suggested the lowering of auth level on IIS for the site and building it back up again.

    Also, a good check of DNS is in order methinks.

  8. #23

    Join Date
    Aug 2006
    Location
    Notts
    Posts
    38
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: External Web Access to IIS 6.0 Server

    Good news, guys the server's working.

    We had to contcat EMBC to put the server onto the group for direct internet connections. Then i had to configure the IIS to allow active directory integrated authentication.

    But everything works.

    Thanks for all of your replies and help. Especially Grumbledook and webman

  9. #24

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,406
    Thank Post
    639
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    324

    Re: External Web Access to IIS 6.0 Server

    Lol, don't mention it

  10. #25

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,935
    Thank Post
    1,341
    Thanked 1,784 Times in 1,107 Posts
    Blog Entries
    19
    Rep Power
    595

    Re: External Web Access to IIS 6.0 Server

    No worries ... happy to help.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Sharepoint Learning Kit External Access
    By adamt82 in forum Virtual Learning Platforms
    Replies: 4
    Last Post: 7th November 2008, 11:34 AM
  2. Sharepoint Services 3.0 External Access
    By adamt82 in forum Virtual Learning Platforms
    Replies: 2
    Last Post: 21st April 2007, 12:09 PM
  3. External Access to Public Area
    By mrforgetful in forum How do you do....it?
    Replies: 8
    Last Post: 15th November 2006, 02:04 PM
  4. External student email access
    By Norphy in forum How do you do....it?
    Replies: 30
    Last Post: 10th November 2006, 12:24 AM
  5. External IMAP or POP3 access through AD and LEA ISP
    By contink in forum Wireless Networks
    Replies: 10
    Last Post: 14th September 2006, 11:07 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •