04-23-2010 06:43 AM
One of my clients had a problem when they realized they couldn't access their APFW. We don't know how long it was broken, but they say the last time they know it had worked was last week before they had to restart their ACT! server to apply some Microsoft patches.
The problem is when they tried to access http://<server>/apfw, they would get a 403 access is denied. The site did work if I access it from the server, but nowhere else. Their main site was working.
I found the problem was within the IIS settings for APFW, under the directory security it was set to deny all except 127.0.0.1 and the intranet IP of the server itself. Changing it to "allow all" fixed the problem.
Two question from this... First is there something that could have changed this? Second, is allow all acceptable, or should I narrow the focus?
04-23-2010 07:12 AM
ACT! has no control over those IIS settings.
Limiting the focus is one way to reduce the possibility of a hacker... providing you know the IPs of the clients who should connect.
You might find this useful: http://blog.glcomputing.com.au/2009/01/iis-installation-and-lockdown-with.html
It was written for ACT! 6.0 for Web on Windows 2000 ... but most of the security info is still relevant
04-23-2010 07:24 AM
That's a very handy document, but unfortunately it ends on the feature right before the one I needed to know about.
Maybe a couple of other community members could just check the IP security settings on their own server and let me know if its set for anything besides allow all?
04-23-2010 07:56 AM
I think it's mentioned at the end of Chapter 4
Unless you change it for security needs, the default is to Allow All
04-23-2010 08:33 AM
Actually, what I need is the "IP address and domain name restrictions" which are showing on page 25 of that document, but are disabled for some reason in the example.
Having said that, if its supposed to be set to allow all, that's fine with me. It makes sense too, I just wanted to make sure I didn't open any risks.
Thanks for your help!
04-23-2010 09:10 AM