IIS/CGI Restrictions

All replies

• 

  

  0

  Sign in to vote

  You can just ue that command in POwerShell pretty much exactly like it is.

  You can also use the IIS provider or XML.  THe provider is available after IIS is installed (IIS7 only)

  ---

  jv

  Thursday, August 11, 2011 5:51 PM
• 

  

  0

  Sign in to vote

  Thanks for the reply jrv. Whenever I try to call that command within Powershell, I can this error:

   

  The term 'appcmd' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
  At line:1 char:7
  + appcmd <<<<  set config /section:isapiCgiRestriction /[path='%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll'].allowed:True
      + CategoryInfo          : ObjectNotFound: (appcmd:String) [], CommandNotFoundException
      + FullyQualifiedErrorId : CommandNotFoundException

  Thursday, August 11, 2011 9:36 PM
• 

  

  0

  Sign in to vote

  Hi,

  Where is the appcmd command? Is it in the current directory? If that is the problem, PowerShell does not run programs from the current directory by default. If it is in the current directory, prefix the appcmd command with ".\" or "./".

  HTH,

  Bill

  Thursday, August 11, 2011 9:56 PM
• 

  

  0

  Sign in to vote

  Thanks for the reply jrv. Whenever I try to call that command within Powershell, I can this error:

   

  The term 'appcmd' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
  At line:1 char:7
  + appcmd <<<<  set config /section:isapiCgiRestriction /[path='%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll'].allowed:True
      + CategoryInfo          : ObjectNotFound: (appcmd:String) [], CommandNotFoundException
      + FullyQualifiedErrorId : CommandNotFoundException

  
  Add the path to the net classes folder.

   

  ---

  jv

  Thursday, August 11, 2011 10:08 PM
• 

  

  0

  Sign in to vote

  Hi,

  Where is the appcmd command? Is it in the current directory? If that is the problem, PowerShell does not run programs from the current directory by default. If it is in the current directory, prefix the appcmd command with ".\" or "./".

  HTH,

  Bill

  
  Bill appcmd is an IIS 7 utility located in the framework folder I believe.

   http://learn.iis.net/page.aspx/114/getting-started-with-appcmdexe/

  It will only exist on machines with IIS7 or later installed or on machines with teh IIS 7 management tools installed.

  In thois case we are talking about staging an IIS install.  It would be better to moodify the install script to adjust these parameters but that may be more difficult to someone who doesn't know the installer. 

  Using PowerShell to set this after the fact should work.  Ther are web site isnstaller routines in Visual Studio that let us define these things for the site - assuming we have more than a collection of files to XCOPY.

   

   

  ---

  jv
  

  Thursday, August 11, 2011 10:09 PM
• 

  

  0

  Sign in to vote

  After I added the directory to the folder path, when I enter this:

  appcmd set config /section:isapiCgiRestriction /[path='%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll'].allowed:True

  I get this:

  
  ERROR ( message:Malformed collection indexer; format is [@position,name='value',name2='value2',...].  The @position specifier is optional, and be '@start', '@end', or '@N' where N is a numeric index into the collection. )

  Friday, August 12, 2011 1:42 PM
• 

  

  0

  Sign in to vote

  Bill appcmd is an IIS 7 utility located in the framework folder I believe.

  Hi,

  I'm aware of that. I was drawing out the fact that by default PowerShell does not run executables sitting in the current directory by default unless you explicitly specify ".\" or "./" (i.e., you have to tell PowerShell explicitly where the program is located if it is not in the Path).

  HTH,

  Bill

  Friday, August 12, 2011 2:34 PM
• 

  

  0

  Sign in to vote

  Hi,

  What happens if you type this instead?

  appcmd set config /section:isapiCgiRestriction /[path='C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll'].allowed:True

  % signs to expand environment variable names is a cmd.exe convention that does not work in PowerShell. Also, PowerShell treats single quotes (') as a string delimiter.

  HTH,

  Bill

  
  

  • Edited by Bill_Stewart Friday, August 12, 2011 2:37 PM Formatting

  Friday, August 12, 2011 2:37 PM
• 

  

  0

  Sign in to vote

  This works for me:

  C:\Windows\System32\inetsrv\appcmd 'set config /section:isapiCgiRestriction /[path='%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll'].allowed:True'

  All on one line. Note the single quotes.

  You should not add Inetsrv to you path as it can cause issues with precedence.  Just prepend teh utility with the path.

   

   

  ---

  jv

  Friday, August 12, 2011 2:43 PM
• 

  

  0

  Sign in to vote

  Using the command you suggested, I get this:

   

  Object '%WINDIR%\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_ISAPI.DLL].ALLOWED:TRUE' is not supported.  Run 'appcmd.exe /?' to display supported objects.

  Friday, August 12, 2011 3:11 PM
• 

  

  0

  Sign in to vote

  Using the command you suggested, I get this:

   

  Object '%WINDIR%\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_ISAPI.DLL].ALLOWED:TRUE' is not supported.  Run 'appcmd.exe /?' to display supported objects.

  I didn't supply the comamnd - you did.

  I was wrong becuse I forgot to do something.  The command needs to be changed to work:

  C:\Windows\System32\inetsrv\appcmd "set config /section:isapiCgiRestriction /[path='c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll'].allowed:True"

  The problem with this version is that appcmd get finicky and doesn't like the format.  Your format is one way to state the change.

  We can put the command in a batch file and executre that fromPOwerSHell.

  Why do you need to run this from PowerShell?  Are you trying to remote it? 

   

  ---

  jv

  Friday, August 12, 2011 3:22 PM
• 

  

  0

  Sign in to vote

  I just placed the original command into a batch file and it executed correctly.  Not sure why appcmd dislikes the command when it comes from powershell.  It even looks the same but appcmd says the format is wrong.

  If you batch is: runappcmd.bat

  in PowerShel

  .\runnappcmd.bat

  OR

  <path>\runappcmd.bat

  Check $LASTEXITCODE for non-zero (0).  If it is not zero then the command failed. You can grab the text:
  $result=.\runnappcmd.bat

   

  ---

  jv

  Friday, August 12, 2011 3:30 PM
• 

  

  0

  Sign in to vote

  Hi,

  What happens if you use this?

  c:\windows\system32\inetsrv\appcmd set config /section:isapiCgiRestriction /[path=`'C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll`'].allowed:True

  (Notice ` backquotes)

  Bill

  Friday, August 12, 2011 3:38 PM
• 

  

  0

  Sign in to vote

  Hi,

  What happens if you use this?

  c:\windows\system32\inetsrv\appcmd set config /section:isapiCgiRestriction /[path=`'C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll`'].allowed:True

  (Notice ` backquotes)

  Bill

  
  I couldn't get that to work.  I tried a number of variatiosn.  The command line appears to be sent correctly as appcmd echos back what it sees withteh error.  It just doesn't like the command coming from PowerShell.

  Its a bitchy commandline so maybe somone else can get it to work directly. Using a batch wrapper has always been a good way to bypass this sort of issue.

   

  ---

  jv

  Friday, August 12, 2011 4:02 PM
• 

  

  0

  Sign in to vote

  Hi jv,

  The question was for the OP, not for you.

  Thanks,

  Bill

  Friday, August 12, 2011 4:05 PM
• 

  

  0

  Sign in to vote

  Hi jv,

  The question was for the OP, not for you.

  Thanks,

  Bill

  
  Bill - the answer was we tried that alreasy an it doesn't work although a second attemppt won't hurt.

   

   

  ---

  jv

  Friday, August 12, 2011 4:34 PM
• 

  

  0

  Sign in to vote

  Hi jv,

  Correct - usually the exact error message proves instructive.

  Bill

  Friday, August 12, 2011 4:40 PM
• 

  

  0

  Sign in to vote

  PS>C:\Windows\System32\inetsrv\appcmd "set config /section:isapiCgiRestriction /[path=`'c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapdll`'].allowed:True"

  Error:
  Object 'SET CONFIG /SECTION:ISAPICGIRESTRICTION /[PATH='C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_ISAPDL
  L'].ALLOWED:TRUE' is not supported.  Run 'appcmd.exe /?' to display supported objects.

  PS>

  Note that is echos the exact command that we want.  This comamnd work in a batch file or at a CMD prompt without the extra quotes.

  All variation will produce a different error claiming the format is wrong or teh objects are not correct.

  Removing the outer quotes does not work either.

  I have seen this before and it has, inthe past, been unsolvable with normal methods.

  Any ideas?

  ---

  jv

  Friday, August 12, 2011 5:03 PM
• 

  

  2

  Sign in to vote

  Hi jv,

  I would actually expect the outer quotes to break the command. That would have the effect of passing that entire string to appcmd.exe as a single argument, which we don't want. That is why I suggested this command:

  c:\windows\system32\inetsrv\appcmd set config /section:isapiCgiRestriction /[path=`'C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll`'].allowed:True

  This command escapes ' with `, because the ' has meaning to PowerShell as a string delimiter. Escaping them should pass them unhindered to appcmd.exe.

  The exact output of this command may be instructive.

  HTH,

  Bill

  • Proposed as answer by jrv Friday, August 12, 2011 5:52 PM
  • Marked as answer by IamMred Saturday, September 10, 2011 6:07 AM

  Friday, August 12, 2011 5:11 PM
• 

  

  0

  Sign in to vote

  Bill - you got it.

   

  I had tried that before but it didn't work so I must have screwed it up when I edited teh string.

  This works:

  PS>C:\Windows\System32\inetsrv\appcmd set config /section:isapiCgiRestriction /[path=`'c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll`'].allowed:True
  Applied configuration changes to section "system.webServer/security/isapiCgiRestriction" for MACHINE/WEBROOT/APPHOST" at configuration commit path "MACHINE/WEBROOT/APPHOST"
  PS>$LASTEXITCODE
  0
  PS>
  
  

   I hate those long strings in POwerShell.  Hard to see all of the pieces.

  Thanks Bill.

   

  ---

   

  jv

  Friday, August 12, 2011 5:52 PM
• 

  

  0

  Sign in to vote

  Hi jv,

  Thx for the update.

  Bill

  Friday, August 12, 2011 5:56 PM
• 

  

  0

  Sign in to vote

  jrv.. you're a genious!

   

  Thanks for all the help guys! I really appreciate it.

  Friday, August 12, 2011 6:05 PM
• 

  

  0

  Sign in to vote

  I onlu gotit started. It was AbqBill who had the working bits.

   

  ---

  jv

  Friday, August 12, 2011 6:28 PM