Protect http interface using Username/Password, Client IP and certificates
|ActiveX/VBSScript registry editor
ActiveX NT User account manager
Export MDB/DBF from ASP
Url replacer, IIS url rewrite Active LogFile Email export ActiveX/ASP Scripting Dictionary object
|<< HTTP configuration interface|
| New version of IISTracer (from 2.60) has also a new method to protect IISTracer http interface. The protection is based on standard IIS authentication. There are several steps to protect IISTracer http interface.
1. Set right instance for http interfaceGo to HTTP configuration interface or Configuration application - basic setup and install filter to IIS and select IIS instance you want to run HTTP configuration interface.
2. Create physical http configuration script under the instanceGo to web folder in selected IIS instance and create folder with name of 'Http interface URI' (/iistracer by default). Create also additional files named 'config', 'about' and 'kill' in the folder. The files can be zero length - contents of these files is unsignificant.
3. Set http interface folder authentication typeGo to IIS MMC and select properties for the /iistracer folder.
* Directory tab - set 'Directory browsing allowed' for the folder
* Directory security - select authentication method for http interface.
- select annonymous/basic/digest/integrated windows authentication
- grant or deny ip address access to the http interface
- select required certificates for the http interface
4. Set NT user rights for http interfaceGo to /iistracer physical folder, select it's windows properties->security tab. Add read right for users you want to access http interface.
Go inside the folder and set read user right for 'config', 'about' and 'kill' files.
For example, set read to /iistracer for 'domain users' and set 'domain admins' for /iistracer/config, /iistracer/about and /iistracer/kill.
How it works?IISTTracer handles HTTP configuration interface requests in SEND_RAW_DATA. It checks outgoing http state - IISTracer will respond to the request if the state is '200 OK' or '304 not modified', the request is unmodified otherwise. So you can also use /iistracer.asp (/iistracer.aspx) uri to handle security of http interface using asp/aspnet.