defaultDocument Contains the confi guration for the default document functionality and the collection of fi les that can be served by default.. httpCompression Contains confi guration se
Trang 1Table 15.2 system.webServer Sections
Section Name Description
asp Contains global defaults for ASP By default its content is
empty, and the defaults are taken from the schema
caching Contains cache-related confi guration
cgi Contains the confi guration for CGI
defaultDocument Contains the confi guration for the default document
functionality and the collection of fi les that can be served by default
directoryBrowse Contains the confi guration for the directory listing
functionality
globalModules Contains the collection of global native modules on the server
handlers Contains the collection of handlers: both native-code ISAPI
extensions and managed-code HTTP handlers
httpCompression Contains confi guration settings for both static and
httpErrors Contains the collection custom errors
httpLoggins Contains global defaults for the per-URL logging confi guration httpProtocol Contains the collection of HTTP custom and redirect headers
httpRedirect Contains the confi guration settings for the client
httpTracing Contains trace-related confi guration settings By default
its content is empty, and the values are taken from the schema isapiFilters Contains the collection of ISAPI fi lters, both global fi lters
and site fi lters
modules Contains the collection of modules, some native code and
all managed code modules reside here Can be customized
odbcLogging Contains confi guration for the ODBC logging functionality
By default its content is empty, and the values are taken from the schema
serverRuntime Contains performance-related confi guration settings that
affect the runtime behavior By default its content is empty, and values are taken from the schema
serverSideInclude Contains settings for the server side including functionality
By default its content is empty, and values are taken from the schema
staticContent Contains confi guration that controls static content serving,
including the collection of MIME maps
Continued
Trang 2Now we will examine the security section group which is nested within the system webServer section group in Table 15.3 The security section group contains sections related to web server security.
Table 15.2 Continued
Section Name Description
urlCompression Used to enable or disable per-URL and dynamic compression
By default its content is empty, and values are taken from the schema
validation Used to confi gure the validation module It is responsible
for detecting the existence of NET Framework confi guration that will be ignored by the Web server while integrated mode
Table 15.3 Security Section Group
Section Description
access Contains global defaults for access fl ags
applicationDependencies Contains dependencies between applications or ISAPI fi lters
for the purpose of security lockdown By default its content
is empty and is modifi ed as applications are installed
authorization Contains confi guration for authorizing users and roles
optionally depending on whether HTTP is being used
in the request
ipSecurity Contains the collection of IP addresses to block
from accessing the server
isapiCgiRestriction Contains the extension restriction list confi guration to
control which functionality is enabled or disabled on
requestFiltering Contains confi guration for restricting requests It contains
a collection of physical directories to hide from the Web space
We’ve already shown that the security section group is nested in the system.webServer Within the security section group is another section group called authentication This section group contains several sections for authentication Each section corresponds to a specifi c authentication schema Table 15.4 displays its sections with some description and the default setting
Trang 3Another section group is nested directly underneath the system.webServer section group: the
tracing section group The tracing section group contains sections for failed requests tracing
Table 15.5 lists its sections a description
Table 15.4 Authentication Section Group
Section Description
anonymousAuthentication Contains confi guration for anonymous
authentication
basicAuthentication Contains confi guration for basic
authentication
clientCertifi cateMappingAuthentication Contains confi guration for client
certifi cate mapping authentication
digestAuthentication Contains confi guration for digest
authentication
iisClientCertifi cateMapping Authentication Contains confi guration for IIS client
certifi cate mapping authentication
windowsAuthentication Contains the confi guration for
Table 15.5 Tracing Section Group
Section Description
traceFailedRequests Contains confi guration for failed requests tracing
By default its content is empty
traceProviderDefi nitions Contains the defi nitions for trace providers
The IIS Schema: Your Cheat Sheet for Success
New users to IIS 7.0 are often caught off guard by errors, painful research, and unanswered questions
It isn’t as though IIS 7.0 provides a cheat sheet or anything Little do many users know that IIS 7.0’s
confi guration is an open-book test with the answers living right inside the IIS schema Many
mem-bers of Microsoft’s IIS team learned IIS 7.0 step by step using this schema as their guiding light You
should do the same thing if you want to understand the underlying confi guration and how you work
with it
In this section, we will familiarize you with what the IIS schema looks like and show you how
to understand what it is you are looking at
Trang 4What Is a Schema?
Before we can read the schema or extend it, we must fi rst defi ne is the term A schema is an abstract
representation of an object’s characteristics and its relationship to other objects An XML schema, such as the one in IIS 7.0, represents the interrelationship between the attributes and elements of an XML object In IIS 7.0 the schema is declarative In IIS 7.0, the schema is extensible in that all that needs to be done is add declarations to the system Just like the ApplicationHost.confi g fi le, the
schema is hierarchical and easy to read The IIS 7.0 schema is located in the %windir%\ system32\
inetsrv\ confi gs\ chema Those looking to extend the schema simply need to create their own schema fi les
and drop them into the schema directory You do not extend the schema by modifying any of the default schema fi les
How to Read the Schema
Each confi guration section in the schema is read as an XML element Section groups found in the schema have no schema defi nition The schema is read as follows:
<attribute-name>=“<default-value>” [<metadata>] [<description>]
■ <attribute-name> The name of the confi guration attribute Every attribute must have a name
■ <default-value> Value used if no other value is specifi ed Not all attributes have default values
■ <metadata> Contains several items such as the runtime type of the attribute For
example: bool, enum, fl ags, int, int64, String, timeSpan.
■ <description> A short description of the attribute
Section Schema
The <sectionSchema> is an XML element that represents the base unit of schema information
All schema information is specifi ed underneath it It has one direct attribute, which is name, and no others The remaining parts of the schema are in subelements within the <sectionSchema> Figure 15.9 shows the IIS_schema.xml fi le, notice the <sectionSchema> elements and the schema information
in each
Attribute Schema
All attributes are defi ned in corresponding <attribute> XML elements in the schema The <attribute> element can be in the <sectionSchema>, in the element (if in a sub-element within the section), or in the <collection> element The attribute schema has to specify a name and a runtime type for the
attribute It can also mark the attribute as required For example, looking at Figure 15.9 you will fi nd
the following attribute under <sectionSchema name=“system.webServer/security/authorization”>:
<attribute name=“accessType” type=“enum” required=“true”>
Trang 5Obviously, the attribute name is accessType, the runtime type is enum, and that it is marked as
required Enum is a set of possible values, where only one of them can be set for the attribute Below
accessType you see the possible values for this attribute We’ll go over Enum Schema a little later The
attribute schema may also specify any of the following:
■ Whether the attribute is required
■ Whether the attribute is a unique key or as part of a collection key along with other
attributes
■ Whether the attribute has a default value
Figure 15.9 IIS_schema.xml