WAP How to know which IIS configuration section is allowed to be customized
For a web site hosted on Windows Azure Pack (Previously, Windows Server for Hosting Service Providers), sometimes, customer need to customize some IIS settings based on their application requirement. Due to various reason (security, performance, etc.), some configuration section are locked by default. This means customers are not allowed to change these settings.
To know which section is allowed/denied to customize, you can use follow steps:
1. Logon to Controller role
2. Open Powershell, and run follow command to add the WebHosting snapin.
add-pssnapin webhostingsnapin
3. Then, run follow command to get the section OverrideMode.
Get-DefaultAppHostConfigSection | Format-Table OverrideModeDefault, SectionName -AutoSize
4. You will see result like this. Now, you know which section is allowed to customize.
OverrideModeDefault SectionName
------------------- -----------
Deny system.applicationHost/applicationPools
Deny system.applicationHost/configHistory
Deny system.applicationHost/customMetadata
Deny system.applicationHost/listenerAdapters
Deny system.applicationHost/log
Deny system.applicationHost/serviceAutoStartProviders
Deny system.applicationHost/sites
Deny system.applicationHost/webLimits
Deny system.ftpServer/caching
Deny system.ftpServer/firewallSupport
Deny system.ftpServer/log
Deny system.ftpServer/providerDefinitions
Deny system.ftpServer/security/authorization
Deny system.ftpServer/security/ipSecurity
Deny system.ftpServer/security/requestFiltering
Deny system.ftpServer/serverRuntime
Deny system.webServer/asp
Allow system.webServer/caching
Deny system.webServer/cgi
Allow system.webServer/defaultDocument
Allow system.webServer/directoryBrowse
Deny system.webServer/diskCache
Allow system.webServer/externalCache/diskCache
Deny system.webServer/fastCgi
Deny system.webServer/globalModules
Deny system.webServer/handlers
Deny system.webServer/httpCompression
Allow system.webServer/httpErrors
Deny system.webServer/httpLogging
Allow system.webServer/httpProtocol
Allow system.webServer/httpRedirect
Deny system.webServer/httpTracing
Deny system.webServer/isapiFilters
Deny system.webServer/modules
Deny system.webServer/odbcLogging
Deny system.webServer/proxy
Deny system.webServer/rewrite/allowedServerVariables
Deny system.webServer/rewrite/globalRules
Allow system.webServer/rewrite/outboundRules
Allow system.webServer/rewrite/providers
Allow system.webServer/rewrite/rewriteMaps
Allow system.webServer/rewrite/rules
Deny system.webServer/security/access
Deny system.webServer/security/applicationDependencies
Allow system.webServer/security/authentication/anonymousAuthentication
Allow system.webServer/security/authentication/basicAuthentication
Allow system.webServer/security/authentication/clientCertificateMappingAuthentication
Allow system.webServer/security/authentication/digestAuthentication
Deny system.webServer/security/authentication/iisClientCertificateMappingAuthentication
Deny system.webServer/security/authentication/windowsAuthentication
Allow system.webServer/security/authorization
Deny system.webServer/security/ipSecurity
Deny system.webServer/security/isapiCgiRestriction
Allow system.webServer/security/requestFiltering
Deny system.webServer/serverRuntime
Deny system.webServer/serverSideInclude
Allow system.webServer/staticContent
Allow system.webServer/tracing/traceFailedRequests
Deny system.webServer/tracing/traceProviderDefinitions
Allow system.webServer/urlCompression
Allow system.webServer/validation
Deny system.webServer/webdav/authoring
Deny system.webServer/webdav/authoringRules
Deny system.webServer/webdav/globalSettings
Deny webFarms
See you next time.
Wei from APGC DSI Team