Microsoft® Windows® 2000 and IIS 5.0 Administrator's Pocket Consultant (Administrator's Companion Series) by William R. Stanek, Juliana Aldous (Editor), Karen Szall (Editor)

From the Publisher

Microsoft 2000 Server builds on the strengths and momentum of Windows NT Server 4.0 by addressing the most demanding needs of enterprise customers. Offering a complete suite of integrated and easy-to-use tools and services Windows NT Server 5.0 will dramatically reduce the cost of owning and managing enterprise computing resources and deliver the ultimate platform for developing and deploying distributed applications.

Booknews

Summarizes core web administration tasks for Microsoft's Internet Information Services (IIS) and Indexing Services. The reference guide reviews procedures for customizing IIS, working with web server security, managing file transfer protocol (FTP) and simple mail transport protocol (SMTP), administering the Indexing Service, and tracking user access and logging. Annotation c. Book News, Inc., Portland, OR (booknews.com)

Product Details

• Table of Contents
• Read an Excerpt
• Read a Sample Chapter

Table of Contents

Read an Excerpt

Chapter 3 Configuring Web Sites and Servers

Web site properties are a key part of Web site management and configuration. Web site properties identify the site, set its configuration values, and determine where and how documents are accessed. Web site properties can be set at several levels:

• As global defaults
• As site defaults
• As directory defaults

Global defaults are set through the master Web server properties and can be inherited by all Web sites created on the server. Individual defaults are set through the Web Site Properties dialog box and apply only to the selected Web site. Directory defaults are set through the Directory Properties dialog box and apply only to the selected directory.

Web Site Naming and Identification

Understanding IP Addresses and Name Resolution

While numeric addresses are easy for machines to remember, they aren't easy for people to remember. Because of this, computers are assigned text names that are easy to remember. Text names have two basic forms:

• Standard computer names, which are used on private networks
• Internet names, which are used on public networks

Private networks are networks that are either indirectly connected to the Internet or completely disconnected from the Internet. Private networks use IP addresses that are reserved for private use and aren't accessible to the public Internet. Private network addresses are:

• 10.0.0.1–10.255.255.254
• 172.16.0.1–172.31.255.254
• 192.168.0.1–192.168.255.254

Private networks that use Internet technologies are called intranets. Information is delivered on intranets by mapping a computer's IP address to its text name, which is the NetBIOS name assigned to the computer. While Windows components use the NetBIOS naming convention for name resolution, Transmission Control Protocol/Internet Protocol (TCP/IP) components use the Domain Name System (DNS). Under Microsoft Windows, the DNS host name defaults to the same name as the NetBIOS computer name. For example, if you install a server with a computer name of CorpServer, this name is assigned as the NetBIOS computer name and the default DNS host name.

In contrast, public networks are networks that are connected directly to the Internet. Public networks use IP addresses that are purchased or leased for public use. Typically, you'll obtain IP address assignments for your public servers from the provider of your organization's Internet services. Internet service providers obtain blocks of IP addresses from the American Registry for Internet Numbers. Other types of organizations can purchase blocks of IP addresses as well.

On the Internet, the DNS is used to resolve text names to IP addresses. A hypothetical DNS name is www.microsoft.com. Here, www identifies a server name and microsoft.com identifies a domain name. As with public IP addresses, domain names must be leased or purchased. You purchase domain names from name registrars, such as Internet Network Information Center (InterNIC). When a client computer requests a connection to a site using a domain name, the request is transmitted to a DNS server. The DNS server returns the IP address that corresponds to the requested host name, and then the client request is routed to the appropriate site.

Don't confuse the public DNS naming system used on the Internet with the private naming system used on intranets. DNS names are configured on DNS servers and resolved to IP addresses before contacting a server. This fact makes it possible for a server to have multiple IP addresses; each with a different DNS name. For example, a server with an internal computer name of Gandolf could be configured with IP addresses of 207.46.230.210, 207.46.230.211 and 207.46.230.212. If these IP addresses are configured as www.microsoft.com, services.microsoft.com, and products.microsoft.com, respectively, in DNS server, the server can respond to requests for each of these domain names.

Understanding Web Site Identifiers

• A computer or DNS name
• An IP address
• A port number
• An optional host header name

The way these identifiers are combined to identify a Web site depends on whether the host server is on a private or public network. On a private network, a computer called CorpIntranet could have an IP address of 10.0.0.52. If so, the Web site on the server could be accessed in the following ways:

• Using the Uniform Naming Convention (UNC) path name: \\CorpIntranet or \\10.0.0.52
• Using a Uniform Resource Locator (URL): http://CorpIntranet/ or http://10.0.0.52/
• Using a URL and port number: http://CorpIntranet:80/ or http://10.0.0.52:80/

On a public network, a computer called Dingo could be registered to use the DNS name www.microsoft.com and the IP address of 207.46.230.210. If so, the Web site on the server could be accessed:

• Using a URL: http://www.microsoft.com/ or http://207.46.230.210/
• Using a URL and port number: http://www.microsoft.com:80/ or http://207.46.230.210:80/

Hosting Multiple Sites on a Single Server

One of the most efficient ways to host multiple sites on the same server is to assign multiple IP addresses to the server. An example is shown as Figure 3-1. To use this technique, you must follow these steps:

1. Configure the TCP/IP settings on the server so that there is one IP address for each site that you want to host.
2. Configure the name resolution system so that the host names and corresponding IP addresses can be resolved.
3. Configure each Web site so that it uses a specific IP address.

With this technique, users can access the sites individually by typing the unique domain name or IP address in a browser. Following the example shown in Figure 3-1, you can access the Sales intranet by typing http://SalesIntranet/ or by typing http://10.0.0.102/.

Click to view graphic

Figure 3-1.  Using multiple IP addresses to host multiple Web sites on a single server.

Another technique you can use to host multiple sites on a single server is to assign each site a unique port number while keeping the same IP address, as shown in Figure 3-2. Users will then be able to

1. Access the main site by typing the text name or IP address in a browser, such as http://Intranet/ or http://10.0.0.52/.
2. Access other virtual servers by typing the domain name and port assignment or IP address and port assignment, such as http://Intranet:88/ or http://10.0.0.52:88/.

Click to view graphic

Figure 3-2.  Using multiple port numbers to host multiple Web sites on a single server.

The final method you can use to host multiple sites on a single server is to use host header names. Host headers allow you to host multiple sites on the same IP address and port number. The key to host headers is a DNS name assignment that is configured in the name resolution system and assigned to the site in its configuration.

An example of host header assignment is shown in Figure 3-3. Here, a single server hosts the sites CorpIntranet, EngIntranet, and SalesIntranet. The three sites use the same IP address and port number assignment but have different DNS names. To use host headers, you must do the following:

1. Configure the name resolution system so that the host header names and corresponding IP addresses can be resolved.
2. Configure the primary Web site so that it responds to requests on the IP address and port number you've assigned.
3. Configure additional Web sites so that they use the same IP address and port number, and also assign a host header name.

Host headers have specific drawbacks. Earlier versions of browsers that don't support HTTP 1.1 are unable to pass host header names back to Internet Information Services (IIS). Although Microsoft Internet Explorer 3.0, Netscape Navigator 2.0, and later versions of these browsers support the use of host header names, earlier versions of these browsers do not. Visitors using earlier browsers will reach the default Web site for the IP address.

Click to view graphic

Figure 3-3.  Using host headers to support multiple Web sites on a single server.

Another drawback to host headers is that you cannot use host headers with Secure Sockets Layer (SSL). With SSL, Hypertext Transfer Protocol (HTTP) requests are encrypted, and the host header name within the encrypted request cannot be used to determine the correct site to which the request must be routed.

Checking the Computer Name and IP Address of Servers

1. On the Windows Desktop, right-click My Computer, and then select Properties. This displays the System Properties dialog box.
2. Click the Network Identification tab. The tab displays the fully qualified domain name of the server and the domain membership. The fully qualified domain name is the DNS name of the computer.
3. The DNS name is the name that you normally use to access the IIS resources on the server. For example, if the DNS name of the computer is www.microsoft.com and you've configured a Web site on port 80, the URL you use to access the computer from the Internet is http://www.microsoft.com/.

You can view the IP address and other TCP/IP settings for the computer by completing the follow steps:

1. Access Network And Dial-Up Connections by clicking Start, then Settings, and then selecting Network And Dial-Up Connections.
2. Right-click Local Area Connection, and then select Properties. This opens the Local Area Connection dialog box.
3. Open the Internet Protocol (TCP/IP) Properties dialog box by double-clicking on Internet Protocol (TCP/IP). Or you could select Internet Protocol (TCP/IP) and then click Properties.
4. The IP Address and other TCP/IP settings for the computer are displayed, as shown in Figure 3-4.

Click to view graphic

Figure 3-4.  Use the Internet Protocol (TCP/IP) Properties dialog box to view and configure TCP/IP settings.

REAL WORLD:
IIS servers should use static IP addresses. If the computer is obtaining an IP address automatically, you'll need to reconfigure the TCP/IP settings. See Chapter 15, "Managing TCP/IP Networking," in Microsoft Windows 2000 Administrator’s Pocket Consultant for details.

Managing Master Web Service Properties

To change the master Web service properties for a server, follow these steps:

1. In the Internet Information Services snap-in, right-click the icon for the computer you want to work with and then select Properties. If the computer isn't shown, connect to it as discussed in the "Connecting To Other Servers" section of Chapter 2, "Core IIS Administration," and then perform these tasks.
2. In the Properties dialog box, on the Master Properties panel, make sure WWW Service is selected and click Edit. This opens the WWW Service Master Properties dialog box for the computer.
3. Use the tabs and fields of the WWW Service Master Properties dialog box to configure the default property values for new Web sites. When you are finished making changes, click OK.
4. Before applying changes for permissions and authentications, IIS checks the existing settings in use for all child nodes of the selected resource (if any). If a Web site or directory within a Web site uses a different value, an Inheritance Overrides dialog box is displayed. Use this dialog box to select the site and directory nodes that should use the new setting, and then click OK....

Read a Sample Chapter

• Web Site Naming and Identification
• Understanding IP Addresses and Name Resolution
• Understanding Web Site Identifiers
• Hosting Multiple Sites on a Single Server
• Checking the Computer Name and IP Address of Servers
• Managing Master Web Service Properties
• Creating Web Sites
• Managing Web Site Properties
• Configuring a Site’s Home Directory
• Configuring Ports, IP Addresses, and Host Names Used by Web Sites
• Configuring Multiple Identities for a Single Web Site
• Restricting Incoming Connections and Setting Time-Out Values
• Configuring HTTP Keep-Alives
• Managing Directories
• Understanding Physical and Virtual Directory Structures
• Creating Physical Directories
• Creating Virtual Directories
• Linking IISAdmin, IISHelp, and Other System Directories
• Modifying Directory Properties
• Renaming Directories
• Deleting Directories
• Managing Web Content
• Opening and Browsing Files
• Modifying the IIS Properties of Files
• Renaming Files
• Deleting Files
• Redirecting Browser Requests
• Redirecting Requests to Other Directories or Web Sites
• Redirecting All Requests to Another Web Site
• Retrieving Files from a Network Share
• Redirecting Requests to Applications
• Customizing Browser Redirection

In this chapter, you’ll learn to configure World Wide Web sites and servers. Tasks for configuring Web sites and servers are broken down into several categories. You’ll find sections on Web site naming and identification, managing master Web service properties, creating Web sites, and more.

Web site properties are a key part of Web site management and configuration. Web site properties identify the site, set its configuration values, and determine where and how documents are accessed. Web site properties can be set at several levels:

• As global defaults
• As site defaults
• As directory defaults

Global defaults are set through the master Web server properties and can be inherited by all Web sites created on the server. Individual defaults are set through the Web Site Properties dialog box and apply only to the selected Web site. Directory defaults are set through the Directory Properties dialog box and apply only to the selected directory.

Web Site Naming and Identification

This section discusses Web site naming and identification techniques. Each Web site deployed in the organization has unique characteristics. Different types of Web sites can have different characteristics. Intranet Web sites typically use computer names that resolve locally and have private Internet Protocol (IP) addresses. Internet Web sites typically use fully qualified domain names and public IP addresses. Intranet and Internet Web sites can also use host header names, allowing single IP address and port assignments to serve multiple Web sites.

Understanding IP Addresses and Name Resolution

Whether you are configuring an intranet or Internet site, your Web server must be assigned a unique IP address that identifies the computer on the network. An IP address is a numeric identifier for the computer. IP addressing schemes vary depending on how your network is configured, but they’re normally assigned from a range of addresses for a particular network segment. For example, if you’re working with a computer on the network segment 192.55.10.0, the address range you have available for computers is usually from 192.55.10.1 to 192.55.10.254.

While numeric addresses are easy for machines to remember, they aren’t easy for people to remember. Because of this, computers are assigned text names that are easy to remember. Text names have two basic forms:

• Standard computer names, which are used on private networks
• Internet names, which are used on public networks

Private networks are networks that are either indirectly connected to the Internet or completely disconnected from the Internet. Private networks use IP addresses that are reserved for private use and aren’t accessible to the public Internet. Private network addresses are:

• 10.0.0.1–10.255.255.254
• 172.16.0.1–172.31.255.254
• 192.168.0.1–192.168.255.254

Private networks that use Internet technologies are called intranets. Information is delivered on intranets by mapping a computer’s IP address to its text name, which is the NetBIOS name assigned to the computer. While Windows components use the NetBIOS naming convention for name resolution, Transmission Control Protocol/Internet Protocol (TCP/IP) components use the Domain Name System (DNS). Under Microsoft Windows, the DNS host name defaults to the same name as the NetBIOS computer name. For example, if you install a server with a computer name of CorpServer, this name is assigned as the NetBIOS computer name and the default DNS host name.

In contrast, public networks are networks that are connected directly to the Internet. Public networks use IP addresses that are purchased or leased for public use. Typically, you’ll obtain IP address assignments for your public servers from the provider of your organization’s Internet services. Internet service providers obtain blocks of IP addresses from the American Registry for Internet Numbers. Other types of organizations can purchase blocks of IP addresses as well.

On the Internet, the DNS is used to resolve text names to IP addresses. A hypothetical DNS name is www.microsoft.com. Here, www identifies a server name and microsoft.com identifies a domain name. As with public IP addresses, domain names must be leased or purchased. You purchase domain names from name registrars, such as Internet Network Information Center (InterNIC). When a client computer requests a connection to a site using a domain name, the request is transmitted to a DNS server. The DNS server returns the IP address that corresponds to the requested host name, and then the client request is routed to the appropriate site.

Don’t confuse the public DNS naming system used on the Internet with the private naming system used on intranets. DNS names are configured on DNS servers and resolved to IP addresses before contacting a server. This fact makes it possible for a server to have multiple IP addresses; each with a different DNS name. For example, a server with an internal computer name of Gandolf could be configured with IP addresses of 207.46.230.210, 207.46.230.211 and 207.46.230.212. If these IP addresses are configured as www.microsoft.com, services.microsoft.com, and products.microsoft.com, respectively, in DNS server, the server can respond to requests for each of these domain names.

Understanding Web Site Identifiers

Each Web site deployed in your organization has a unique identity it uses to receive and to respond to requests. The identity includes the following:

• A computer or DNS name
• An IP address
• A port number
• An optional host header name

The way these identifiers are combined to identify a Web site depends on whether the host server is on a private or public network. On a private network, a computer called CorpIntranet could have an IP address of 10.0.0.52. If so, the Web site on the server could be accessed in the following ways:

• Using the Uniform Naming Convention (UNC) path name: \\CorpIntranet or \\10.0.0.52
• Using a Uniform Resource Locator (URL): http://CorpIntranet/ or http://10.0.0.52/
• Using a URL and port number: http://CorpIntranet:80/ or http://10.0.0.52:80/

On a public network, a computer called Dingo could be registered to use the DNS name www.microsoft.com and the IP address of 207.46.230.210. If so, the Web site on the server could be accessed:

• Using a URL: http://www.microsoft.com/ or http://207.46.230.210/
• Using a URL and port number: http://www.microsoft.com:80/ or http://207.46.230.210:80/

Hosting Multiple Sites on a Single Server

Using different combinations of IP addresses, port numbers, and host header names, one can host multiple sites on a single computer. Hosting multiple sites on a single server has definite advantages. For example, rather than installing three different Web servers, one could host www.microsoft.com, support.microsoft.com, and service.microsoft.com on the same Web server.

One of the most efficient ways to host multiple sites on the same server is to assign multiple IP addresses to the server. An example is shown as Figure 3-1. To use this technique, you must follow these steps:

1. Configure the TCP/IP settings on the server so that there is one IP address for each site that you want to host.
2. Configure the name resolution system so that the host names and corresponding IP addresses can be resolved.
3. Configure each Web site so that it uses a specific IP address.

With this technique, users can access the sites individually by typing the unique domain name or IP address in a browser. Following the example shown in Figure 3-1, you can access the Sales intranet by typing http://SalesIntranet/ or by typing http://10.0.0.102/.

Figure 3-1.  Using multiple IP addresses to host multiple Web sites on a single server.  (Image unavailable)

Another technique you can use to host multiple sites on a single server is to assign each site a unique port number while keeping the same IP address, as shown in Figure 3-2. Users will then be able to

1. Access the main site by typing the text name or IP address in a browser, such as http://Intranet/ or http://10.0.0.52/.
2. Access other virtual servers by typing the domain name and port assignment or IP address and port assignment, such as http://Intranet:88/ or http://10.0.0.52:88/.

Figure 3-2.  Using multiple port numbers to host multiple Web sites on a single server.  (Image unavailable)

The final method you can use to host multiple sites on a single server is to use host header names. Host headers allow you to host multiple sites on the same IP address and port number. The key to host headers is a DNS name assignment that is configured in the name resolution system and assigned to the site in its configuration.

An example of host header assignment is shown in Figure 3-3. Here, a single server hosts the sites CorpIntranet, EngIntranet, and SalesIntranet. The three sites use the same IP address and port number assignment but have different DNS names. To use host headers, you must do the following:

1. Configure the name resolution system so that the host header names and corresponding IP addresses can be resolved.
2. Configure the primary Web site so that it responds to requests on the IP address and port number you’ve assigned.
3. Configure additional Web sites so that they use the same IP address and port number, and also assign a host header name.

Host headers have specific drawbacks. Earlier versions of browsers that don’t support HTTP 1.1 are unable to pass host header names back to Internet Information Services (IIS). Although Microsoft Internet Explorer 3.0, Netscape Navigator 2.0, and later versions of these browsers support the use of host header names, earlier versions of these browsers do not. Visitors using earlier browsers will reach the default Web site for the IP address.

Figure 3-3.  Using host headers to support multiple Web sites on a single server.  (Image unavailable)

Another drawback to host headers is that you cannot use host headers with Secure Sockets Layer (SSL). With SSL, Hypertext Transfer Protocol (HTTP) requests are encrypted, and the host header name within the encrypted request cannot be used to determine the correct site to which the request must be routed.

Checking the Computer Name and IP Address of Servers

Before you configure Web sites, you should check the computer name and IP address of the server. You can view the computer name by completing the following steps:

1. On the Windows Desktop, right-click My Computer, and then select Properties. This displays the System Properties dialog box.
2. Click the Network Identification tab. The tab displays the fully qualified domain name of the server and the domain membership. The fully qualified domain name is the DNS name of the computer.
3. The DNS name is the name that you normally use to access the IIS resources on the server. For example, if the DNS name of the computer is www.microsoft.com and you’ve configured a Web site on port 80, the URL you use to access the computer from the Internet is http://www.microsoft.com/.

You can view the IP address and other TCP/IP settings for the computer by completing the follow steps:

1. Access Network And Dial-Up Connections by clicking Start, then Settings, and then selecting Network And Dial-Up Connections.
2. Right-click Local Area Connection, and then select Properties. This opens the Local Area Connection dialog box.
3. Open the Internet Protocol (TCP/IP) Properties dialog box by double-clicking on Internet Protocol (TCP/IP). Or you could select Internet Protocol (TCP/IP) and then click Properties.
4. The IP Address and other TCP/IP settings for the computer are displayed, as shown in Figure 3-4.

Figure 3-4.  Use the Internet Protocol (TCP/IP) Properties dialog box to view and configure TCP/IP settings. (Image unavailable)

Managing Master Web Service Properties

The master Web service properties are used to set default property values for new Web sites created on a server. Anytime you change global properties, existing Web sites may inherit the changes as well. In some cases, you’ll have the opportunity to specify which sites and directories within sites inherit changes. In other cases, the changes are applied automatically to all existing Web sites and you aren’t prompted to either accept or decline.

To change the master Web service properties for a server, follow these steps:

1. In the Internet Information Services snap-in, right-click the icon for the computer you want to work with and then select Properties. If the computer isn’t shown, connect to it as discussed in the "Connecting To Other Servers" section of Chapter 2, "Core IIS Administration," and then perform these tasks.
2. In the Properties dialog box, on the Master Properties panel, make sure WWW Service is selected and click Edit. This opens the WWW Service Master Properties dialog box for the computer.
3. Use the tabs and fields of the WWW Service Master Properties dialog box to configure the default property values for new Web sites. When you are finished making changes, click OK.
4. Before applying changes for permissions and authentications, IIS checks the existing settings in use for all child nodes of the selected resource (if any). If a Web site or directory within a Web site uses a different value, an Inheritance Overrides dialog box is displayed. Use this dialog box to select the site and directory nodes that should use the new setting, and then click OK.

Creating Web Sites

When you install the World Wide Web Publishing Service for IIS, a default Web site is created. In most cases, you don’t need to change any network options to allow users access to the default Web site. You simply tell users the URL path that they need to type into their browser’s Address field. For example, if the DNS name for the computer is www.microsoft.com and the site is configured for access on port 80, a user can access the Web site by typing http://www.microsoft.com/ in the browser’s Address field.

The default Web site is designed for beginning administrators and has many subdirectories containing documentation and helpful applications. The key directories are:

• IISHelp Contains online help documentation and is located in %SystemRoot%\Help\IisHelp by default. This directory is set up as a pooled Internet Server Application Programming Interface (ISAPI) application called IIS Help Application.
• IISAdmin  Contains operator administration pages for the Web site. This directory must be configured for any Web site that you want operators to be able to control remotely. By default, the directory is located in %SystemRoot%\System32\Inetsrv\Iisadmin and is configured as a pooled ISAPI application called Administration Application.
• IISSamples  Contains sample documents that can be helpful for administrators and developers. By default, the directory is located in the \Iissamples directory within the IIS installation and is configured as a pooled ISAPI application called Sample Application.

While the default Web site is helpful for novices, it can be the source of many problems for administrators:

• The preconfigured ISAPI applications use system resources that are better used elsewhere.
• The application files are easy targets for mischievous users who want to exploit the server.
• The \IISAdmin directory makes remote operator administration possible (when this may not be what is wanted).

For these and other reasons not stated, I recommend that you delete the default Web site and create a new Web site in its place. You can then configure any specific default directories that are needed on an individual basis. For example, if you want to make it possible to remotely administer the site, create a virtual directory called \IISAdmin that points to %SystemRoot%\System32\Inetsrv\Iisadmin as described in the "Linking IISAdmin, IISHelp, and other System Directories" section of this chapter.

You can create additional Web sites by completing the following steps:

1. If you are installing the Web site on a new server, ensure that the World Wide Web Publishing Service has been installed on the server.
2. If you want the Web site to use a new IP address, you must configure the IP address before installing the site. For details, refer to the "Assigning a Static IP Address" section of Chapter 15, "Managing TCP/IP Networking," of Microsoft Windows 2000 Administrator’s Pocket Consultant.
3. In the Internet Information Services snap-in, right-click the icon for the computer you want to work with, point to New, and then select Web Site. If the computer isn’t shown, connect to it as discussed in the "Connecting To Other Servers" section of Chapter 2, "Core IIS Administration," and then perform this task.
4. The Web Site Creation Wizard is started. Click Next. In the Name field, type a descriptive name for the Web site, such as Corporate WWW Server. Click Next.
5. As shown in Figure 3-5, use the IP address selection list to select an available IP address. Choose (All Unassigned) to allow HTTP to respond on all unassigned IP addresses that are configured on the server. Multiple Web sites can use the same IP address provided that the sites are configured to use different port numbers or host header names.

Figure 3-5.  Set the IP address and port values for the new site in the Web Site Creation Wizard.  (Image unavailable)

6. The TCP port for the Web site is assigned automatically as port 80. If necessary, type a new port number in the TCP Port field. Multiple sites can use the same port, provided that the sites are configured to use different IP addresses or host header names.
7. If you plan to use host headers for the site, type the host header name in the field provided. On a private network, the host header can be a computer name, such as EngIntranet. On a public network, the host header must be a DNS name, such as services.microsoft.com. The host header name must be unique.
8. By default, Web servers use port 443 for SSL. If you’ve installed an SSL certificate on the server, as discussed in Chapter 6, "Managing Microsoft Certificate Services and SSL," SSL is enabled for use and you can change the SSL port by typing a new value in the SSL Port field. Multiple sites can use the same SSL port, provided the sites are configured to use different IP addresses.
9. The next dialog box lets you set the home directory for the Web site. Click Browse to search for a folder. This folder must be created before you can select it. If necessary, use Microsoft Windows Explorer to create the directory before you browse for a folder.

---

REAL WORLD:
I recommend that you create a top-level directory for storing the home directories and then create subdirectories for each site. The default top-level directory is C:\Inetpub. If you use this directory, you could create subdirectories called CorpWWW, CorpServices, and CorpProducts to store the files for www.microsoft.com, services.microsoft.com, and products.microsoft.com, respectively.

---

10. If you want to create a secure or private Web site, clear Allow Anonymous Access To This Web Site. By default, new Web sites are configured for anonymous access. This means users can access the Web site without needing to authenticate themselves.
11. Next, as shown in Figure 3-6, you can set access permissions for the Web site. Normally, you will want to set Read and Run Script permissions only. The standard permissions are:
• Read  Allows users to read documents, such as HTML files.
• Run Scripts  Allows users to run scripts, such as Activer Server Page (ASP) files or Perl scripts.
• Execute  Allows users to execute programs, such as ISAPI applications or executable files.
• Write  Allows users to upload files to the site, such as with Microsoft FrontPage.

Figure 3-6.  Set access permissions for the Web site.  (Image unavailable)

• Browse  Allows users to view a list of files if they enter the name of a valid directory that does not have a default file.
12. Click Next and then click Finish. The Web site is created but is not started. You should finish setting the site’s properties before you start the site and make it accessible to users.

Managing Web Site Properties

The sections that follow examine key tasks for managing Web site properties. Most Web site properties are configured through the Web Site Properties dialog box.

Configuring a Site’s Home Directory

Each Web site on a server has a home directory. The home directory is the base directory for all documents that the site publishes. It contains a home page that links to other pages in your site. The home directory is mapped to your site’s domain name or to the server name. For example, if the site’s DNS name is www.microsoft.com and the home directory is C:\Inetpub\Wwwroot, then browsers use the URL http://www.microsoft.com/ to access files in the home directory. On an intranet, the server name can be used to access documents in the home directory. For example, if the server name is CorpIntranet, then browsers use the URL http://CorpIntranet/ to access files in the home directory.

You can view or change a site’s home directory by completing the following steps:

1. Start the Internet Information Services snap-in and then, in the left pane (Console Root), click the plus sign (+) next to the computer you want to work with. If the computer isn’t shown, connect to it as discussed in the "Connecting To Other Servers" section of Chapter 2, "Core IIS Administration."
2. Right-click the Web site you want to manage and then choose Properties.
3. Click the Home Directory tab, as shown in Figure 3-7.
4. If the directory you want to use is on the local computer, select A Directory Located On This Computer, and then type the directory path in the Local Path field, such as C:\Inetpub\Wwwroot. To browse for the folder, click Browse.
5. If the directory you want to use is on another computer and is accessible as a shared folder, select A Share Located On Another Computer, and then type the UNC path to the share in the Network Directory field. The path should be in the form \\ServerName\SharedFolder, such as \\Gandolf\CorpWWW. Then click Connect As and enter the username and password that should be used to connect to the shared folder.

---

NOTE:
If you do not specify a user name and password, the user Everyone must have access to the shared folder. Otherwise, the network connection to the folder will fail.

---

Figure 3-7.  You can change a site’s home directory at any time. (Image unavailable)

6. If you want to redirect users to another URL, select A Redirection To A URL, and then follow the techniques outlined in the "Redirecting Browser Requests" section of this chapter.
7. Click OK.

Configuring Ports, IP Addresses, and Host Names Used by Web Sites

Each Web site has a unique identity. The identity includes TCP port, SSL port, IP address, and host name settings. The default TCP port is 80. The default SSL port is 443. The default IP address setting is to use any available IP address.

To change the identity of a Web site, complete the following steps:

1. If you want the Web site to respond to a specific IP address, you must configure the IP address before updating the site. For details, refer to the "Configuring Static IP Addresses" section of Chapter 15, "Managing TCP/IP Networking," of Microsoft Windows 2000 Administrator’s Pocket Consultant.
2. Start the Internet Information Services snap-in and then, in the left pane (Console Root), click the plus sign (+) next to the computer you want to work with. If the computer isn’t shown, connect to it as discussed in the "Connecting To Other Servers" section of Chapter 2, "Core IIS Administration."
3. Right-click the Web site you want to manage and then choose Properties. The dialog box shown in Figure 3-8 is displayed.

Figure 3-8.  You modify a site’s identity through the Web Site tab in the Properties dialog box. (Image unavailable)

4. The Description field shows the descriptive name for the Web site. The descriptive name is displayed in the Internet Information Services snap-in and isn’t used for other purposes. You can change the current value by typing a new name in the Description field.
5. The IP address selection list shows the current IP address for the Web site. If you want to change the current setting, use the selection list to select an available IP address or choose (All Unassigned) to allow HTTP to respond on all unassigned IP addresses. Multiple Web sites can use the same IP address, provided that the sites are configured to use different port numbers or host header names.
6. The TCP port for the Web site is assigned to port 80 automatically. If necessary, type a new port number in the TCP Port field. Multiple Web sites can use the same TCP port, provided that the sites are configured to use different IP addresses or host header names.
7. If you plan to use host headers for the site, type the host header name in the field provided. On a private network, the host header can be a computer name, such as EngIntranet. On a public network, the host header must be a DNS name, such as services.microsoft.com. The host header name must be unique.
8. By default, Web servers use port 443 for SSL. If you’ve installed an SSL certificate on the server as discussed in Chapter 6, "Managing Microsoft Certificate Services and SSL," SSL is enabled for use, and you can change the SSL port by typing a new value in the SSL Port field. Multiple sites can use the same SSL port, provided that the sites are configured to use different IP addresses.
9. Click OK.

Configuring Multiple Identities for a Single Web Site

Throughout this chapter, I’ve discussed techniques you can use to configure multiple Web sites on a single server. The focus of the discussion has been on configuring unique identities for each site. In some instances, you may want a single Web site to have multiple domain names associated with it. A Web site with multiple domain names publishes the same content for different sets of users. For example, your company may have registered domain.com, domain.org, and domain.net with InterNIC to protect your company or domain name. Rather than publishing the same content to each of these sites separately, you can publish the content to a single site that accepts requests for each of these identities.

The rules regarding unique combinations of ports, IP addresses, and host names still apply to sites with multiple identities. This means each identity for a site must be unique. You accomplish this by assigning each identity unique IP address, port, or host header name combinations.

To assign multiple identities to a Web site, complete the following steps:

1. If you want the Web site to use multiple IP addresses, you must configure the additional IP addresses before modifying the site properties. For details, refer to the "Configuring Static IP Addresses" section of Chapter 15, "Managing TCP/IP Networking," of Microsoft Windows 2000 Administrator’s Pocket Consultant.
2. Start the Internet Information Services snap-in and then, in the left pane (Console Root), click the plus sign (+) next to the computer you want to work with. If the computer isn’t shown, connect to it as discussed in the "Connecting To Other Servers" section of Chapter 2, "Core IIS Administration."
3. Right-click the Web site you want to manage and then choose Properties. The dialog box shown in Figure 3-8 is displayed.
4. On the Web Site tab, click Advanced. As Figure 3-9 shows, you can now use the Advanced Multiple Web Site Configuration dialog box to configure multiple identities for the site.
5. Use the Multiple Identities For This Web Site panel to manage the following TCP port settings:
• Add  Adds a new identity. Click Add, select the IP address you want to use, and then type a TCP port and optional host header name. Click OK when you are finished.
• Edit  Allows you to edit the currently selected entry in the identities list box.

Figure 3-9.  Web sites can have multiple identities.  (Image unavailable)

• Remove  Allows you to remove the currently selected entry from the identities list box.
6. Use the Multiple SSL Identities For This Web Site panel to manage SSL port settings. Click Add to create new entries. Use Edit or Remove to modify or delete existing entries.
7. Click OK twice to return to the Internet Information Services snap-in.

Restricting Incoming Connections and Setting Time-Out Values

You control incoming connections to a Web site in two key ways. You can set a limit on the number of simultaneous connections, and you can set a connection time-out value.

Normally, Web sites accept an unlimited number of connections and this is an optimal setting in most environments. However, a large number of connections will cause the Web site to slow down—sometimes so severely that nobody can access the site. To avoid this situation, you may want to limit the number of simultaneous connections. Once the limit is reached, no other clients are permitted to access the server. New clients must wait until the connection load on the server decreases. Currently connected users are allowed to continue browsing the site, however.

The connection time-out value determines when idle user sessions are disconnected. With the default Web site, sessions time out after they’ve been idle for 900 seconds (15 minutes). This prevents connections from remaining open indefinitely if browsers do not close them correctly.

You can modify connection limits and time-outs by completing the following steps:

1. Start the Internet Information Services snap-in and then, in the left pane (Console Root), click the plus sign (+) next to the computer you want to work with. If the computer isn’t shown, connect to it as discussed in the "Connecting To Other Servers" section of Chapter 2, "Core IIS Administration."
2. Right-click the Web site you want to manage and then choose Properties.
3. To remove connection limits, select Unlimited on the Connections panel. To set a connection limit, select Limit To Number Of Connections, and then type a limit.
4. The Connection Timeout field controls the connection time-out. Type a new value to change the current time-out.
5. Click OK.

Configuring HTTP Keep-Alives

HTTP’s original design opened a new connection for every file retrieved from a Web server. Because a connection is not maintained, no system resources are used after the transaction is completed. The drawback to this design is that when the same client requests additional data, the connection must be re-established, and this means additional traffic and delays.

Consider a standard Web page that contains a main Hypertext Markup Language (HTML) document and 10 images. With standard HTTP, a Web client requests each file through a separate connection. The client connects to the server, requests the document file, gets a response, and then disconnects. The client repeats this process for each image file in the document.

Web servers compliant with HTTP 1.1 support a feature called HTTP Keep-Alives. With this feature enabled, clients maintain an open connection with the Web server rather than re-opening a connection with each request. HTTP Keep-Alives are enabled by default for new Web sites. In most situations, clients will see greatly improved performance with HTTP Keep-Alives enabled. Keep in mind, however, that maintaining connections requires system resources. The more open connections there are, the more system resources that are used. To prevent a busy server from getting bogged down by a large number of open connections, you may want to limit the number of connections, reduce the connection time-out for client sessions, or both. For more information on managing connections, see the "Restricting Incoming Connections and Setting Time-Out Values" section of this chapter.

To enable or disable HTTP Keep-Alives, follow these steps:

1. Start the Internet Information Services snap-in and then, in the left pane (Console Root), click the plus sign (+) next to the computer you want to work with. If the computer isn’t shown, connect to it as discussed in the "Connecting To Other Servers" section of Chapter 2, "Core IIS Administration."
2. Right-click the Web site you want to manage and then choose Properties.
3. Select HTTP Keep-Alives Enabled to enable HTTP Keep-Alives. Clear this check box to disable HTTP Keep-Alives.
4. Click OK.

Managing Directories

IIS’s directory structure is based primarly on the Windows 2000 file system, but it also provides additional functionality and flexibility. Understanding these complexities is critical to successfully managing IIS Web sites.

Understanding Physical and Virtual Directory Structures

Earlier in the chapter, I talked about home directories and how they were used. Beyond home directories, Microsoft Web sites also use the following:

• Physical directories
• Virtual directories

The difference between physical and virtual directories is important. A physical directory is part of the file system and must exist as a subdirectory within the home directory to be available through IIS. A virtual directory is a directory that is not necessarily contained in the home directory but is available to clients through an alias. Physical directories and virtual directories are configured and managed with the Internet Information Services snap-in, but they are displayed differently. Physical directories are indicated with a standard folder icon. Virtual directories are indicated using a folder icon with a globe in the corner.

Both physical and virtual directories have permissions and properties that can be set at the operating system level and the IIS level. You set operating system permissions and properties in Windows Explorer. You set IIS permissions and properties in the Internet Information Services snap-in.

You create physical directories by creating subdirectories within the home directory. These subdirectories are accessed by appending the directory name to the DNS name for the Web site. For example, you create a Web site with the DNS name products.microsoft.com. Users are able to access the Web site using the URL http://www.microsoft.com/. You then create a subdirectory within the home directory called "search." Users are able to access the subdirectory using the URL path http://www.microsoft.com/search/.

Even though locating your content files and directories within the home directory makes it easier to manage a Web site, you can also use virtual directories. Virtual directories act as pointers to directories that are not located in the home directory. Virtual directories are accessed by appending the directory alias to the DNS name for the site. If, for example, your home directory is D:\Inetpub\Wwwroot, and you store Microsoft Word documents in E:\Worddocs, you would need to create a virtual directory that points to the actual directory location. If the alias is docs for the E:\Worddocs directory, visitors to the www.microsoft.com Web site could access the directory using the URL path http://www.microsoft.com/docs/.

Creating Physical Directories

Within the home directory, you can create subdirectories to help organize your site’s documents. You can create subdirectories within the home directory by completing the following steps:

1. Start Windows Explorer. Click Start, point to Programs, point to Accessories, and then select Windows Explorer.
2. In the Folders pane, select the home directory for the Web site.
3. In the Contents pane, right-click and then select Folder from the New menu. A new folder is added to the Contents pane. The directory name is initialized to New Folder and selected for editing.
4. Edit the name of the directory and press Enter. The best directory names are short but descriptive, such as Images, WordDocs, or Downloads.

---

TIP:
If possible, avoid using spaces as part of IIS directory names. Officially, spaces are illegal characters in URLs and must be replaced with an escape code. The escape code for a space is %20. While most current browsers are smart enough to replace spaces with %20 for you, earlier versions of browsers may not be and won’t be able to access the page.

---

5. The new folder inherits the default file permissions of the home directory and the default IIS permissions of the Web site. For details on viewing or changing permissions, see Chapter 5, "Managing Web Server Security."

Creating Virtual Directories

Virtual directories are created in two stages. First, create a physical directory (which is typically not located within the home directory). Then create a virtual directory that maps to the physical directory by completing the following steps:

1. Start the Internet Information Services snap-in and then, in the left pane (Console Root), click the plus sign (+) next to the computer you want to work with. If the computer isn’t shown, connect to it as discussed in the "Connecting To Other Servers" section of Chapter 2, "Core IIS Administration."
2. Right-click the Web site on which you want to create the virtual directory, point to New, and then select Virtual Directory. This starts the Virtual Directory Creation Wizard. Click Next.
3. In the Alias field, type the name you want to use to access the virtual directory. As with directory names, the best alias names are short but descriptive.
4. The next dialog box lets you set the path to the physical directory where your content is stored. Type the directory path or click Browse to search for a directory. The directory must be created before you can select it. If necessary, use Windows Explorer to create the directory before you browse for the directory.
5. Next, set access permissions for the virtual directory. Normally, you will want to set Read and Run Script permissions only. The standard permissions are these:
• Read  Allows users to read documents, such as HTML files.
• Run Scripts  Allows users to run scripts, such as Activer Server Page (ASP) files or Perl scripts.
• Execute  Allows users to execute programs, such as ISAPI applications or executable files.
• Write  Allows users to upload files to the site, such as with Microsoft FrontPage.
• Browse  Allows users to view a list of files if they enter the name of a valid directory that does not have a default document.

6. Click Next and then click Finish. The virtual directory is created.

Linking IISAdmin, IISHelp, and Other System Directories

IISAdmin, IISHelp, and other system directories are used to perform specific tasks. IISAdmin allows Web operators to control a site. IISHelp displays help documentation. By default, these directories are not configured for use with new sites that you create. To make these directories available, you must create a virtual directory that maps an alias to their physical location. You do this by completing the following steps:

1. Start the Internet Information Services snap-in and then, in the left pane (Console Root), click the plus sign (+) next to the computer you want to work with. If the computer isn’t shown, connect to it as discussed in the "Connecting To Other Servers" section of Chapter 2, "Core IIS Administration."
2. Right-click the Web site on which you want to link the system directory, point to New, and then select Virtual Directory. This starts the Virtual Directory Creation Wizard. Click Next.
3. In the Alias field, type the name you want to use to access the system directory, such as IISAdmin.
4. The next dialog box lets you set the path to the physical directory where your content is stored. Click Browse to search for the system directory you want to use. IISHelp is located in %SystemRoot%\Help\Iishelp by default. IISAdmin is located in %SystemRoot%\System32\Inetsrv\Iisadmin by default.
5. Click Next and then set access permissions. For IISAdmin, IISHelp, and IISSamples, select Read And Run Scripts. For MSADC, select Read, Run Scripts, and Execute.
6. Click Next and then click Finish. The virtual directory is created and mapped to the system directory you referenced.

Modifying Directory Properties

You can modify the settings for a physical or virtual directory at any time. Directory permissions and general directory properties are set in Windows Explorer. IIS permissions and properties are set in the directory properties dialog box. In this Internet Information Services snap-in, right-click the directory and then select Properties.

Renaming Directories

You can rename physical and virtual directories in the Internet Information Services snap-in. When you rename a physical directory, the actual folder name of the directory is changed. When you rename a virtual directory, only the alias to the directory is changed. The name of the related physical directory is not changed.

To rename a physical or virtual directory, follow these steps:

1. In the Internet Information Services snap-in, click the plus sign (+) next to the Web site you want to work with.
2. Right-click the directory you want to rename and then select Rename. The directory name is selected for editing.
3. Edit the name of the folder and then press Enter.

Deleting Directories

You can delete physical and virtual directories in the Internet Information Services snap-in. When you delete a physical directory, the directory and its contents are removed and placed in the Recycle Bin. When you delete a virtual directory, only the alias to the directory is removed. The actual contents of the related physical directory are not changed.

To delete a physical or virtual directory in the Internet Information Services snap-in, follow these steps:

1. In the Internet Information Services snap-in, click the plus sign (+) next to the Web site you want to work with.
2. Right-click the directory you want to delete and then select Delete. When asked to confirm the action, click Yes.

Managing Web Content

Copying files into the home, sub, and virtual directories is in fact how you publish documents on a Web site. Documents inherit the default properties of the site and the default permissions of the Windows folder in which they are placed. These properties and permissions can be changed for each document or for all documents within a directory.

Opening and Browsing Files

You can open files in a browser from within the Internet Information Services snap-in. To do this, right-click the file and then, from the shortcut menu, select Open. This opens the file using a directory path, such as D:\Inetpub\Wwwroot\DEFAULT.HTM.

Most types of files can be displayed in the default browser by opening them. However, if the file is an .asp document or other type of dynamic content and the Web site is running, the file will not be displayed. You must be browsing the file to view it in Internet Explorer. To browse a file, right-click the file and then, from the shortcut menu, select Browse.

Modifying the IIS Properties of Files

You can modify the settings for a Web file at any time. File permissions and general file properties are set in Windows Explorer. IIS permissions and properties are set in the file’s properties dialog box. In this Internet Information Services snap-in, right-click the file, and then select Properties.

Renaming Files

You can rename Web files in the Internet Information Services snap-in. Follow these steps:

1. Start the Internet Information Services snap-in and then click the plus sign (+) next to the Web site you want to work with.
2. Right-click the file you want to rename and then select Rename. The filename is selected for editing.
3. Edit the name of the file and then press Enter.

Deleting Files

You can delete physical and virtual directories in the Internet Information Services snap-in. When you delete a physical directory, the directory and its contents are removed and placed in the Recycle Bin. When you delete a virtual directory, only the alias to the directory is removed. The actual contents of the related physical directory are not changed.

To delete a physical or virtual directory in the Internet Information Services snap-in, follow these steps:

1. In the Internet Information Services snap-in, click the plus sign (+) next to the Web site you want to work with.
2. Right-click the directory you want to delete and then select Delete. When asked to confirm the action, click OK.

Redirecting Browser Requests

Browser redirection is a useful technique to prevent errors when you rename or delete content within a Web site. When you redirect requests, you tell a browser to take the following actions:

• Look for files in another directory.
• Look for files on a different Web site.
• Look for files on another computer.
• Look for a specific file instead of a set of files.
• Run an ISAPI application instead of accessing the requested files.

Each of these redirection techniques is examined in the sections that follow. Tips for creating customized redirection routines are examined in the "Customizing Browser Redirection" section of this chapter.

Redirecting Requests to Other Directories or Web Sites

If you rename or delete a directory, you can redirect requests for files in the directory to another directory or Web site. When a browser requests the file at the original location, the Web server instructs the browser to request the page using the new location. You redirect requests to other directories or Web sites as follows:

1. In the Internet Information Services snap-in, click the plus sign (+) next to the Web site you want to work with.
2. Right-click the directory you want to redirect and then select Properties.
3. Click the Virtual Directory or Directory tab as appropriate, and then select A Redirection To A URL, as shown in Figure 3-10.

Figure 3-10.  You can redirect requests for files in one directory to another directory.  (Image unavailable)

4. In the Redirect To field, type the URL of the destination directory or Web site. For example, to redirect all requests for files in the /Docs directory to the /CorpDocs directory, type /CorpDocs. To redirect all requests for files located at www.microsoft.com/Docs to the techsupport.microsoft.com/CorpDocs, type http://techsupport.microsoft.com/CorpDocs.
5. Click OK. Now all requests for files in the old directory are mapped to files in the new directory. For example, if the browser requested http://www.microsoft.com/Docs/adminguide.doc and you redirected requests to http://techsupport.microsoft.com/CorpDocs/, the browser would request http://techsupport.microsoft.com/CorpDocs/adminguide.doc.

Redirecting All Requests to Another Web Site

If you stop publishing a Web site but don’t want users to reach a dead end if they visit, you should redirect requests for the old Web site to a specific page at the new site. You redirect requests to a specific page at another site by completing the following steps:

1. In the Internet Information Services snap-in, right-click the Web site you want to work with, and then select Properties.
2. Click the Home Directory tab and then select A Redirection To A URL, as shown in Figure 3-11.

Figure 3-11.  Another redirection technique is to redirect all requests for files to a specific location at another Web site. (Image unavailable)

3. In the Redirect To field, type the complete URL path to the page at the new site, such as http://www.microsoft.com/oldsite.html.
4. Select The Exact URL Entered Above and then click OK. Now all requests for files at the old site are mapped to a specific page at the new site.

Retrieving Files from a Network Share

IIS can retrieve files from a network share instead of the local hard drive. To configure this, complete the following steps:

1. In the Internet Information Services snap-in, right-click the Web site you want to work with, and then select Properties.
2. Click the Home Directory tab and then select A Share Located On Another Computer, as shown in Figure 3-12.
3. Type the UNC path to the network share in the Network Directory field. The path should be in the form \\ServerName\SharedFolder, such as \\Gandolf\CorpWWW. Afterward, click Connect As and then enter the username and password that should be used to connect to the shared folder.
4. Click OK. Now all requests for files on the Web site are mapped to files on the specified network share.

Figure 3-12.  Network shares can be used as source directories for content. To map to a share, you must use redirection. (Image unavailable)

Redirecting Requests to Applications

If your organization’s development team has created a custom application for the Web site, you can redirect all requests for files in a particular directory (or for the entire site, for that matter) to an application. Parameters passed in the URL can also be passed to the application; the technique you use to do this is as follows:

1. In the Internet Information Services snap-in, click the plus sign (+) next to the Web site you want to work with.
2. Right-click the directory you want to redirect and then select Properties. If you want to redirect all requests for the site, right-click the Web site entry and then select Properties.
3. Click the Home Directory, Virtual Directory, or Directory tab as appropriate, and then select A Redirection To A URL.
4. In the Redirection To field, type the URL of the application including any variables needed to pass parameters to the program, such as /CorpApps/Login.exe?URL=$V+PARAMS=$P, where $V and $P are redirection variables. A complete list of redirect variables is provided in Table 3-1.
5. Select The Exact URL Entered Above and click OK. Now all requests for files in the directory or site are mapped to the application.

Customizing Browser Redirection

The previous sections looked at basic redirection techniques. Now it’s time to break out the power tools and customize the redirection process. You can customize redirection anytime you select the A Redirection To A URL option.

In all of the previous discussions, when you selected A Redirection To A URL, additional options were displayed under The Client Will Be Sent To. Without selecting additional options, all requests for files in the old location were mapped automatically to files in the new location. You can change this behavior by selecting any of the following options under The Client Will Be Sent To:

• The Exact URL Entered Above  Redirects requests to the destination URL without adding any other portions of the original URL. You can use this option to redirect an entire site or directory to one file. For example, to redirect all requests for the /Downloads directory to the file DOWNLOAD.HTM in the home directory, select this option and then type /DOWNLOAD.HTM in the Redirect To text box.
• A Directory Below This One  Redirects a parent directory to a child directory. For example, to redirect your home directory (designated by /) to a subdirectory named /Current, select this option and then type /Current in the Redirect To text box.
• A Permanent Redirection For This Resource  Sends a "301—Permanent Redirect" message to the client. Without using this option, redirections are considered temporary, and the client browser receives the "302—Temporary Redirect" message. Some browsers can use the "301—Permanent Redirect" message as the signal to permanently change a URL stored in cache or in a bookmark.

You can customize redirection using redirect variables as well. As Table 3-1 shows, you can use redirect variables to pass portions of the original URL to a destination path or to prevent redirection of a specific file or subdirectory.

Table 3-1.  Redirect Variables for IIS

Variable	Description	Example
$S	Passes the matched suffix of the requested URL. The server automatically performs this suffix substitution; you use the $S variable only in combination with other variables.	If /Corpapps is redirected to /Apps and the original request is for /Corpapps/LOGIN.EXE, then /LOGIN.EXE is the suffix.
$P	Passes the parameters in the original URL omitting the question mark used to specify the beginning of a query string.	If the original URL is /Scripts /COUNT.ASP?valA=1&valB=2, then the string "valA=1&valB=2" is mapped into the destination URL.
$Q	Passes the full query string to the destination.	If the original URL is /Scripts/COUNT.ASP?valA=1&valB=2, then the string "?valA=1&valB=2" is mapped into the destination URL.
$V	Passes the requested path without the server name.	If the original URL is //Gandolf/Apps/COUNT.ASP, then the string "/Apps/COUNT.ASP" is mapped into the destination URL.
$0 through $9	Passes the portion of the requested URL that matches the indicated wildcard.
!	Use this variable to prevent redirecting a subdirectory or an individual file.

The final way you can customize redirection is to use redirect wildcards. Use redirect wildcards to redirect particular types of files to a specific file at the destination. For example, you can use redirect wildcards to redirect all .htm files to DEFAULT.HTM and all .asp files to DEFAULT.ASP. The syntax for wildcard redirection is:

*;*.EXT;FILENAME.EXT[;*.EXT;FILENAME.EXT…]

where .ext is the file extension you want to redirect and FILENAME.EXT is the name of the file to use at the destination. As shown, begin the destination URL with an asterisk and a semicolon, and separate pairs of wildcards and destination UR Ls with a semicolon. Be sure to account for all document types that users may requests directly, such as .htm, .html, and .asp documents.

You can use wildcard redirection by completing the following steps:

1. In the Internet Information Services snap-in, click the plus sign (+) next to the Web site you want to work with.
2. Right-click the directory you want to redirect and then select Properties. If you want to redirect all requests for the site, right-click the Web site entry, and then select Properties.
3. Click the Home Directory, Virtual Directory, or Directory tab as appropriate, and then select A Redirection To A URL.
4. In the Redirection To field, type the wildcard redirection values. For example, if you want to redirect wildcards to redirect all .htm files to DEFAULT.HTM and all .asp files to DEFAULT.ASP, you would enter:

*;*.HTM;DEFAULT.HTM;*.ASP;DEFAULT.ASP

5. Select The Exact URL Entered Above and then click OK. Now all requests for files in the directory or site are mapped using wildcards, if possible.