SBServer Internet Web Site (default)

Discussion in 'Windows Small Business Server' started by Thomas, Jul 22, 2005.

  1. Thomas

    Thomas Guest

    I have created a new web site on my IIS6 SBServer assigned it an IP address.
    published web site to it. Can access Web site locally via
    \\Servername\sitename Gave it the host header, redirected incoming web
    requests to that IP address. I get 403 Forbidden Error. Any help would be
    apprecitated
     
    Thomas, Jul 22, 2005
    #1
    1. Advertisements

  2. Hi Thomas,

    Thanks for using SBS newsgroup.

    Issue description:

    It seems you want to publish your own website created via IIS to the
    internet.

    Analyzing and suggestions:

    If this is a premium edition SBS 2003 server with ISA installed, you will
    need to create new destination set for these web sites and then create web
    publishing rules to publish them. Please refer to the following documents:

    http://www.isaserver.org/tutorials/Publishing_Multiple_Web_Sites_using_Web_P
    ublishing_Rules.html

    300435 HOW TO: Securely Publish Multiple Web Sites by Using ISA Server in
    http://support.microsoft.com/?id=300435


    At my point of view, there could be no benefit to host public web sites by
    using SBS 2003 server. Since the SBS 2003 server is an integrated business
    solution for small business environment, it is better to use a separate
    Windows server to host the company sites. SBS 2003 server built-in web site
    is recommended to be only used for the private users.

    Hosting public web sites will cause security, licensing and performance
    issues. The security issue is the top cause. Port 80 is never out of the
    top ten attacked ports. User account based authentication can prevent
    unauthorized access; however, each connection will take one user CAL.
    Considering the server performance, the public web site will increase the
    server workload.

    If you do want to host a public web site on the SBS 2003 server, it's your
    best interest to use SBS 2003 Premium Edition with ISA server. I would like
    to give you the steps for hosting a public web site on a SBS 2003 server
    with ISA:

    To deploy a customized public web site on the SBS 2003 box, you need to use
    different URL to access the customized web site and the SBS 2003 build-in
    web sites. I assume you have already registered an internet Domain name. I
    would like to suggest you try the following steps to configure the SBS 2003
    box.

    For example, you have an FQDN: www.mydomain.com pointing to the static IP
    address of your SBS server external NIC and you use the following URL to
    access the particular web sites:

    URL
    Website function
    http://www.mydomain.com
    Customized public web site
    https://www.mydomain.com:444/ Companyweb
    (SSL)
    https://www.mydomain.com/remote/ Remote Web
    workplace (SSL)
    https://www.mydomain.com/exchange/ Exchange
    Outlook Web Access (SSL)

    1. Use CEICW to automatically create the web publishing rules and
    certificates for web sites.

    Open "Server Management", navigate to "To Do List" and click "Connect to
    the Internet". Re-run CEICW and when you configure the firewall options,
    select "Enable Firewall" --> Select the services click "Next". In the web
    services configuration window, select *ALL web sites* --> In the
    certificate window, if you have already created a certificate, please
    select "Do not change" option. Follow the wizard to finish the
    configurations.

    2. Create a folder to store the web page files.

    Open Windows Explorer, create a folder (to store the customized web page
    files) on the hard disk. Copy all customized web page files (which were
    writen by some web author tools such as Front Page or Dream Weaver) to this
    folder.

    3. Create a new web site in IIS.

    Open "Internet Information Services (IIS) Manager", navigate to <Server
    Name>\"Web Sites". Right-click "Web Sites" folder, click "New"-->"Web
    Site". The web site creation wizard will launch. Click "Next", input the
    web site name such as "My Site"-->Select the *Internal IP address*, input
    the port number "80" and input "www.mydomain.com'''' in the host header
    box-->Click "Browse", find the folder that created in step2 --> Set the
    permission (by-default Read and Run scripts)-->"Finish".
    NOTE: Please ONLY select the Internal IP address as the identity for this
    new web site. DO NOT input 443 port as the SSL connection for this site.

    After the above steps, you can access all the web sites by using the listed
    URL"s. However, you could not access the public web site from the internal
    network. This is because we configure this web site to use a host header
    (www.mydomain.com) to accept the web request. As a workaround, you can
    modify the *hosts* file on the internal client computer (For windows
    XP/2000 the path is %systemroot%\system32\drivers\etc\) and add an entry
    for www.mydomain.com with the internal IP address of the SBS server.

    After doing this, you can configure the SBS 2003 server to publish the web
    site on the internal computer to the Internet by using Web publishing
    rules.

    As your convenience, I suggest you design a backup for your SBS 2003
    server, it will make your server more reliable:

    Backup and restore SBS 2003:
    http://download.microsoft.com/download/b/d/8/bd8e1a40-d202-429a-8eb7-26300d6
    2bcc9/BKU_BkupRstr.doc

    If you have any concerns about publishing website via IIS, I suggest you
    also post to IIS newsgroup. There you may get better sharing.

    I hope the above information helps. If you have any questions, please feel
    free to let me know. I am glad to be any further updates.

    Have a nice day!
    ========================
    This response contains a reference to a Third party World Wide Web site.
    You should know that Third party sites are not under the control of
    Microsoft. Accordingly, Microsoft can make no representation concerning
    the content of these sites. Microsoft is providing this information only
    as a convenience to you. This is to inform you that Microsoft has not
    tested any software or information found on these sites and therefore
    cannot make any representations regarding the quality, safety, or
    suitability of any software or information found there. There are inherent
    dangers in the use of any software found on the Internet, and Microsoft
    cautions you to make sure that you completely understand the risk before
    retrieving any software on the Internet.
    ========================



    Best regards,

    Charles Yang (MSFT)

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    ======================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.


    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Charles Yang [MSFT], Jul 22, 2005
    #2
    1. Advertisements

  3. Thomas

    CO-DBA-SC-EL Guest

    Hi Charles,

    What "licensing issues" are you referring to regarding a public web site?
    Since when does a connection to the web site consume a CAL?

    The SBS2003 marketing material on the Microsoft web site at
    http://www.microsoft.com/windowsserver2003/sbs/evaluation/overview/default.mspx
    actually touts the use of SBS 2003 for a public web site. Quote:

    " Connect with customers more professionally. With Windows Small
    Business Server 2003, you can host your own company Web site and e-mail,
    increasing credibility with your customers."

    This being said, I agree that it is not a good idea to host the
    customer-facing company's public web site on SBS, because of the performance
    and security issues you mention. But it would be nice if Microsoft could get
    its act together regarding what this product is and is not.

    C_O




     
    CO-DBA-SC-EL, Jul 22, 2005
    #3
  4. Thomas

    lowballr Guest

    Charles [MSFT] appears to be a contractor. Interesting cut and paste
    template he responded with. Not sure he read/understood/both your
    question before responding.

    Here's how you do it:

    Create an additional website under the website folder -
    website icon\properties\Web site tab - Leave the address unassigned for
    the new website-

    Reason: Websites are directed by ip, port or host header. By not
    assigning the IP [all unassigned], it reverts to port or host header, if
    no special port is requested/specified then reverts to host header.

    On the properties of the website icon <under the website folder> -
    Select Directory Security tab\authentication and access control
    button\place check next to enable anonymous access\place check next to
    integrated windows authentication - ok button

    <Directory Security tab> IP address and domain name restriction
    button\place . next to Grant access option\No addresses should be listed
    below - if so remove them.\ok

    Go to command prompt\iisreset <restart IIS services>

    Thx,
    L0wballr
     
    lowballr, Jul 22, 2005
    #4
  5. Thomas

    lowballr Guest

    To clarify:
    "Create an additional website under the website folder" - Do not use the
    Default website - create a new website for the site in question.

    Thx,
    l0wballr
     
    lowballr, Jul 22, 2005
    #5
  6. Thomas

    lowballr Guest

    "Create an additional website under the website folder" means do not use
    the Default Website - create a new website for the site in question.

    Thx,
    l0wballr
     
    lowballr, Jul 22, 2005
    #6
  7. MicroSoft Full Time employee.

     
    SuperGumby [SBS MVP], Jul 23, 2005
    #7
  8. HI Thomas,

    Thanks for updates. Thanks a lot for Lowaballr's suggestions.

    The license I means is about the user CAL, when you connect website on SBS
    server and if you enable user authentication on website. Then every
    authenticated user will only be allowed to enter into website, then one
    authenticated user might need a CAL, if you set per user CAL on SBS 2003.
    This is the license issue I refer to.

    Host a website on SBS server is not a good choices, if you want to host
    website on SBS domain, it is your best interest to host it on a member
    server.

    Of course, if you like to create a new website, you can create a website
    via IIS, make sure you use different port, or via different IP or create it
    via different host header. If you want to publish the website to internet
    user, you might have to use different IP or different port.

    You can refer to the KB article I refer to, to create a public websites and
    publish it.

    I appreciate your understanding, Any other concerns would be appreciated.




    Best regards,

    Charles Yang (MSFT)

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    ======================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.


    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Charles Yang [MSFT], Jul 24, 2005
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.