Continued from IIS 5.1 - Installation
In order to go configure your website, you need to go:
Start -> Settings -> Control Panel -> Administrative Tools -> Internet Information Services
It's a good idea to make a desktop shortcut to Internet Service Manager since we'll be playing with it a lot.
Double-click on "Internet Service Manager" and let's get started.
Click on the name of your computer to see the summary of what's going on with your computer. In my case, my computer is called "DELL-500SC". Double-click on "Web Sites" in the right pane. You'll see this:
You can disable a particular service (Web, FTP, or SMTP) by right clicking on the service and choosing "pause" or "stop".
You'll notice under "IP Address" it says "All Unassigned" This means that all requests to your server will be answered by your computer. If for some reason your server has several IP addresses, you will want to specify the exact IP address that the Internet Services is supposed to respond to.
If your computer only has 1 IP address, we can leave the IP address as "All Unassigned".
Let's take a look at the Web Service. Right click on "Default Web Site" then select "Properties".
Since there are so many options I'll just hit the major points.
Tab: Web Site
Description - Can be changed to your liking
IP Address - Can leave as "All unassigned" or the specific IP address of your computer.
TCP Port - 80 is the standard and should remain that way unless you have a good reason to change it.
Connections - Although it doesn't say so, we are limited to 10 concurrent web connections. Each visitor creates 2-3 connections so this means your webserver using this software is limited to 3-4 concurrent visitors which should not be a problem for a small website.
Tab: ISAPI Filters
Tab: Home Directory
Local Path - This is where your files for your website reside. Please change this to something else. Many hackers will attack the default directory. You can change this directory to whatever directory you like, but DO change it.
Write - Unless you want your visitors to actually change your website, you must leave this unchecked.
Directory Browsing - If you check this box, When a visitor comes to a directory that does not have a default document, the visitor will see an error message stating that they are not authorized to view the contents of that directory. If you uncheck this box, they will get a complete list of what files you have in the directory. It is best to leave the box unchecked.
Tab: Home Directory
Local Path - This is where your files for your website reside. Please change this to something else. Many hackers will attack the default directory. You can change this directory to whatever directory you like, but DO change it.
Write - Unless you want your visitors to actually change your website, you must leave this unchecked.
Directory Browsing - If you check this box, When a visitor comes to a directory that does not have a default document, the visitor will see an error message stating that they are not authorized to view the contents of that directory. If you uncheck this box, they will get a complete list of what files you have in the directory. It is best to leave the box unchecked.
Tab: Home Directory
Local Path - This is where your files for your website reside. Please change this to something else. Many hackers will attack the default directory. You can change this directory to whatever directory you like, but DO change it.
Write - Unless you want your visitors to actually change your website, you must leave this unchecked.
Directory Browsing - If you check this box, When a visitor comes to a directory that does not have a default document, the visitor will see an error message stating that they are not authorized to view the contents of that directory. If you uncheck this box, they will get a complete list of what files you have in the directory. It is best to leave the box unchecked.
Tab: Documents
There is a list of default documents that the webserver will look for when a visitor accesses a directory. The starting point of your website must be listed here. You can either rename your first page of your website to Default.htm or another default document type that you specify. Traditionally, the first page of most websites is "index.html" so you can add that to the list and promote it to the top using the up arrow on the left side.
Tab: Directory Security
Tab: HTTP Headers
Tab: Custom Errors
Tab: Server Extensions
Webserver Software:
If the server hardware is the heart and soul of a webserver, then the server's software would have to be the brains of the webserver. You will be able to control all aspects of your webserver from this software.
Windows XP Professional is the most popular operating system because of its ability to run the latest software and work with the coolest hardware. Windows XP is a very stable operating system. You can leave it on for days or weeks without any problems. But most likely, you'll have to reboot after a few weeks in order to complete installation of the latest Microsoft Windows updates. Windows XP Professional includes Internet Information Services 5.1 (IIS 5.1). IIS 5.1 is limited to 10 connections. One web user will create 2-3 connections to your server at any one time, so practically, you will be able to handle about 3-4 visitors to your website simultaneously. If you do not expect your site to deal with heavy traffic, IIS 5.1 will be fine.
If you do plan on having more visitors, a very good combination is Windows XP Professional with Apache. You get the ease of running Windows with the power and flexibility of Apache. This is my top choice.
Of course there is always Linux. Linux is a very good operating system that is very stable and runs Apache, which is the most popular webserver software in the world (for now). A Linux system is extremely stable, has several applications available for almost anything you can throw at it. While Windows includes networking as an add on, Linux was built around networking. Linux with Apache webserver will make a great webserver, unfortunately, most people who just dabble in computers find Linux too difficult to configure and use. Just wanted to let you know the option is out there.
Operating System Webserver Software Number of Connections Multiple Web Sites?
Windows 98 PWS 4.0 10 No
Windows 98 SE PWS 4.0 10 No
Windows Me Not Included N/A N/A
Windows NT 4.0 Workstation IIS 4.0 10 No
Windows NT 4.0 Server IIS 4.0 Unlimited Yes
Windows 2000 Professional IIS 5.0 10 No
Windows 2000 Server IIS 5.0 Unlimited Yes
Windows 2000 Adv. Server IIS 5.0 Unlimited Yes
Windows XP Home Not Included N/A N/A
Windows XP Professional IIS 5.1 10 No
Linux Apache Unlimited Yes
What if I don't want to use PWS or IIS?
One thing I should mention is that the webserver software included in the above mentioned operating systems are not your only choice. You can download or buy special software packages that run in almost any operating system which will turn your machine into a webserver. For example, Apache now has a Windows version of their webserver software that you can download for free and run on your Windows machine. I focused on the native packages because they're included with the operating system and are free, but that doesn't mean you have to use it!
An advantage of using a 3rd party software package is that you will not be limited by the 10 concurrent connection restriction built into PWS and IIS if you are not using the Server Editions of Windows.
Here is a list of free webserver and FTP software you can try out:
Web Server Software
Apache Web Server
Sambar Web Server
Xitami Web Server
Omni HTTPD Web Server
MiniPortal - Win32 - Web server, FTP server, PHP and MySQL plug-ins
TinyWEB Server - very small Win32 daemon for regular (TCP/http)
TinySSL - very small Win32 daemon for secure (SSL/TLS/https)
thttpd - tiny/turbo/throttling web server (*nix)
mini_httpd - simple web server that does HTTPS (*nix)
micro_httpd - world's smallest web server? (*nix)
BadBlue - Webserver + Peer-to-Peer (P2P) webserver (Win32)
E-smith - Webserver + Linux based operating system (complete solution)
Lil HTTP Server - Webserver for Win32 machines
WebSite - Win32 - designed for ecommerce site for a small or medium businesses
Abyss Web Server - Win32 or Linux, supports Perl and PHP - Free
Small HTTP Server - HTTP, FTP, SMTP, DNS, POP3, supports Perl
MiniHTTPServer.net - Win32 - HTTP, BBS, P2P, database, photo album
HostYourOwnWeb - Win32 - Web server, based on Apache, Graphical console, Dynamic Update Service
KeyFocus Web Server - Win32, unlimited web sites, multiple domain names, multiple ports
Mail Server Software
MailEnable
Pegasus Mail Server
ArGoSoft Mail Server
MDaemon Mail Server
w3 JMail Mail Server
CommuniGate Mail Server
ISMail Mail Server
FTP Server Software
Serv-U
War FTP Server
Argosoft FTP Server
BulletProof FTP Server
Web based FTP Client
Web-FTP
Drall
DNS
Simple DNS Plus - Software to run your own DNS servers from home
Wanna be your own Webhost?
Webhost Free - Allows you to become a simple webhost. "WebHost Free is basically a CGI script that allows you to become your own Geocities. It allows you to automatically accept user signups and uploading from the Web."
FTP server info:
Running a FTP server from home on DSL or Cable modem can be difficult. The reason is that most FTP servers are written for computers that are directly connected to the Internet, while most people who run FTP servers from home, do so from behind a router. It is a bit more complicated to run a FTP server from behind a router, but follow along and you'll have one up in no time.
I would strongly advise you not to use IIS for a FTP server for several reasons. First of all, IIS doesn't have enough settings to run a FTP server from behind most routers. The resulting FTP server may have spotty connections. Second, IIS FTP server is highly targeted by hackers out there. The reason is that there are a ton of people out there who have IIS installed (knowingly or unknowingly) and most of these are unsecured. It's a popular target. By using a 3rd party FTP software, it is less likely to be exploited.
This Step-by-Step guide here shows you how to setup a FTP Server:
Serv-U FTP Server - Install and Setup
Build a Community with Message Boards / Forums
A great addition to almost any website are community forums or message boards. The type of forums you choose to run will depend on several things including cost, computer language of the software, and difficulty of operation. Here is a table of several different message boards that are very popular.
Forum Software Language Cost
Snitz Forums 2000 ASP Free
vBulletin PHP $160
Ultimate Bulletin Board CGI/Perl $249
phpBB PHP Free
IkonBoard CGI/Perl Free
OpenForum ASP Free
IdealBB ASP Free
ASP-DEV Support Forums ASP Free
POP Forums ASP $175
Fuse Talk Cold Fusion $189
ASP Fast Forum ASP $175
Make Your Site Interactive!
Perl - If your website requires cgi, then you need to install perl. A good free perl program is Active State's Active Perl. If you are using a Linux machine, perl should be installed by default. Here is our guide on how to setup Perl on a Windows webserver: Installing Perl (ActivePerl) on a Windows Webserver
PHP - A new script engine that is growing in popularity. You can download the programs for Linux and Windows machines.
Running Programs and Batch Files as Services
On your webserver, you may often times want to run programs constantly in the background. These are called services. Services are programs that always run when the computer is booted up whether or not somebody is logged in. What is the difference between a service and a program? A service runs whether or not somebody is logged in. A program only starts when somebody to logged in. Even if you put a program in the "Startup" folder, the program won't run until somebody logs in. And when when the program does start, it will be a window in the foreground. If you close the window, the program stops. On the other hand, a service will run all the time and in the background with no window. Here is a common scenario, you have cool program/utility that you want running all the time, such as FREEping which pings an IP address continuously to keep your DSL/Cable line alive. However, FREEping doesn't have an option to run as a service. How do you get around this problem. Most likely, you would install FREEping on your server and then put it into the "Startup" folder so that it runs when you log into the computer. But you want to keep the server secure so you use the "Control-Alt-Del" command and select the "Lock Workstation" Command. This works just fine, but there are potential problems. 1. If your computer is accidentally powered off and turned on again, and you are not there to log in, the program will never start and your DSL/Cable line could go to sleep. 2. The FREEping window is always on your taskbar and takes up space. The solution? Turn your favorite program / utility into a service which runs all the time and in the background. A good solution is FireDaemon. FireDaemon will turn practically any program into a service. Very useful tool.
On the other hand, if you have batch files that you need executed when a computer is turned on without somebody logging in, take a look at Greyware Autoexec Service. This program cannot run programs as services, but what it does is run batch files once when the computer is booted up and then quits.
Webserver Security
Regardless of which operating system and webserver software you you are using, make sure to keep an eye out for the latest patches and security updates for your software. By running a webserver, you are out there on the web for everybody to see and hack. Keep your webserver secure and safe. It seems like there are new security flaws found in software everyday. Recently, there are several instances of software worms written by hackers that can automatically find webservers with known security flaws and automatically hack into them. This is even with firewall software and hardware in place. What's next, GUI interface for hacking tools?
Let's put it this way, if a huge company like Microsoft can be hacked into, if NASA can be hacked into, then you can be hacked into. A firewall and gateway isn't enough. You need to plug up any holes in your webserver software as well.
If you use Windows, make sure to install the latest service packs and critical updates. The easiest way to make sure that you have all the proper patches is to visit Windows Update at http://windowsupdate.microsoft.com. When you go there, click on "Product Updates". The first time you visit, you will be asked to install a small plugin into your web browser. Accept this and then the system will scan your computer to see what updates you need. Don't worry, no information is being transferred to Microsoft. You'll then see a huge list of potential updates. The ones you really need to pay attention to are in the "Critical Updates and Service Packs" section. Check the appropriate boxes and hit "Download". The updates will then be installed automatically. Depending on which updates you install, you may or may not need to restart your computer. You should visit Windows Update at least once a week for all your computers running Windows, no matter if it's running as a server or not.
Virus Protection
Your server should definitely run some sort of virus protection such as Norton Antivirus or McAfee Antivirus. Many people forget to protect their server, but when you think about it, a server interacts with many people and who knows what kind of virus they might send to you, intentionally or not. If you use Windows, make sure your virus software can run as a service, which means that the program is active even when somebody isn't logged into the computer (the software is running in the background). I know for sure that Norton Antivirus can run as a service. I am not sure of the other products. Also make sure the keep your virus software is kept up to date. A webserver will send and receive a lot of data so make the extra effort to keep your webserver clean and not a gateway for computer viruses. This is especially true if you allow your visitors to FTP data to your server; who knows what viruses that data might contain? If your webserver is also a email server, infected email also poses a potential threat. As you can see, there is a lot of potential problems you can encounter with viruses so be protected!
How Do I Access My Website?
You can access your website from any web browser from the server itself, a LAN network computer, or from the Internet (WAN). Here's how.
From a computer on your network, try accessing your website by typing in the IP number of your DSL/Cable line or by typing in the domain name. In order for this to work, your router must support "loopback". Most routers do support loopback for web requests, but many don't for ftp requests. If your router doesn't support loopback or if you are testing out a ftp server, then you should disconnect your computer (not the server) from your network by unplugging the network cable and then dial into a local ISP with a 56k modem so that you will be "outside" your network.
From: Type into your web browser:
The server http://servername
Replace "servername" with the name of your server
The server http://xxx.xxx.xxx.xxx
Replace "xxx.xxx.xxx.xxx" with your server's internal LAN IP number - something like 192.168.1.xxx - not your DSL or Cable IP number
The server
(loopback required) http://xxx.xxx.xxx.xxx
Replace "xxx.xxx.xxx.xxx" with your server's external WAN IP number - Your DSL or Cable IP number. Not your internal LAN IP number.
The server
(loopback required) http://www.yourdomainname.com
Replace "yourdomainname.com" with your domain name and extension (.com, .org, .net)
The server http://127.0.0.1
Type this exactly. This may not work with host headers.
A computer on the LAN internal network http://servername
Replace "servername" with the name of your server
A computer on the LAN internal network http://xxx.xxx.xxx.xxx
Replace "xxx.xxx.xxx.xxx" with your server's internal LAN IP number - something like 192.168.1.xxx - not your DSL or Cable IP number
A computer on the LAN internal network
(loopback required) http://xxx.xxx.xxx.xxx
Replace "xxx.xxx.xxx.xxx" with your server's external WAN IP number - Your DSL or Cable IP number. Not your internal LAN IP number.
A computer on the LAN internal network
(loopback required) http://www.yourdomainname.com
Replace "yourdomainname.com" with your domain name and extension (.com, .org, .net)
From the Internet - WAN http://xxx.xxx.xxx.xxx
Replace "xxx.xxx.xxx.xxx" with your server's external WAN IP number - Your DSL or Cable IP number. Not your internal LAN IP number.
From the Internet - WAN http://www.yourdomainname.com
Replace "yourdomainname.com" with your domain name and extension (.com, .org, .net)
Depending on how your network is setup and which software package you're using, most of the techniques in the table should work, but some may not. All in all, most should work. Just don't freak out when one technique doesn't work, especially the http://127.0.0.1. The one you have to make sure works is the domain name method. That's the only one most people care about. But if your DNS nameservers or domain name registration isn't complete yet, you can still access your website by IP address unless you're hosting multiple websites through virtual hosting and host headers.
If you are using Windows 2000 and your router doesn't support loopback, then you can try the following trick a reader emailed me:
The solution is rather simple: I had to make an entry into the hosts file which in win2k is located in \winnt\system32\drivers\etc . This entry is pointing the domain name DIRECTLY to the internal IP of the Webserver. This means, when I make a request to my domain, the request never goes beyond the router but stays inside the LAN.
Make sense of your log files:
Regardless of which webserving software you choose to run on your webserver, you will most likely generate log files. However, to the unaided eye, these log files are just lines of text without any meaning. You need a log file analyzer to make sense of it all. One of the most popular tools for this is Analog. It works on almost every operating system and can mine useful info from your cryptic log files. Analog generates customizable reports. There is a lot of documentation but you'll still have to sit down with it for a good couple hours in order to find out how to get the info you want. But it's worth it. Did I mention Analog is free?
Codes, Codes, and more Codes:
As a webmaster and webserver professional, you will undoubtedly run into error codes while working on your website and while checking your log files for hackers. You're probably familiar with "404 Not Found" but there are tons more codes. Here is a list of what those codes actually mean.
HTTP Error Codes:
100 Continue
101 Switching Protocols
200 OK
201 Created
202 Accepted
203 Non-Authoritative Information
204 No Content
205 Reset Content
206 Partial Content
300 Multiple Choices
301 Moved Permanently
302 Moved Temporarily
303 See Other
304 Not Modified
305 Use Proxy
400 Bad Request
401 Unauthorized
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
408 Request Time-Out
409 Conflict
410 Gone
411 Length Required
412 Precondition Failed
413 Request Entity Too Large
414 Request-URL Too Large
415 Unsupported Media Type
500 Server Error
501 Not Implemented
502 Bad Gateway
503 Out of Resources
504 Gateway Time-Out
505 HTTP Version not supported
http://www.dslwebserver.com/main/fr_index.html?/main/sbs-iis-win-xp-webserver.html