Community
Showing results for 
Search instead for 
Do you mean 
Reply

APFW: Allowing All IPs

New Member
Posts: 3
Country: Canada

APFW: Allowing All IPs

One of my clients had a problem when they realized they couldn't access their APFW. We don't know how long it was broken, but they say the last time they know it had worked was last week before they had to restart their ACT! server to apply some Microsoft patches.

 

The problem is when they tried to access http://<server>/apfw, they would get a 403 access is denied. The site did work if I access it from the server, but nowhere else. Their main site was working.

 

I found the problem was within the IIS settings for APFW, under the directory security it was set to deny all except 127.0.0.1 and the intranet IP of the server itself. Changing it to "allow all" fixed the problem.

 

Two question from this... First is there something that could have changed this? Second, is allow all acceptable, or should I narrow the focus?

Platinum Elite Contributor
Posts: 14,384
Country: Australia

Re: APFW: Allowing All IPs

ACT! has no control over those IIS settings.

 

Limiting the focus is one way to reduce the possibility of a hacker... providing you know the IPs of the clients who should connect.

 

You might find this useful: http://blog.glcomputing.com.au/2009/01/iis-installation-and-lockdown-with.html

It was written for ACT! 6.0 for Web on Windows 2000 ... but most of the security info is still relevant

New Member
Posts: 3
Country: Canada

Re: APFW: Allowing All IPs

That's a very handy document, but unfortunately it ends on the feature right before the one I needed to know about.

 

Maybe a couple of other community members could just check the IP security settings on their own server and let me know if its set for anything besides allow all?

Platinum Elite Contributor
Posts: 14,384
Country: Australia

Re: APFW: Allowing All IPs

I think it's mentioned at the end of Chapter 4

 

Unless you change it for security needs, the default is to Allow All

New Member
Posts: 3
Country: Canada

Re: APFW: Allowing All IPs

Actually, what I need is the "IP address and domain name restrictions" which are showing on page 25 of that document, but are disabled for some reason in the example.

 

Having said that, if its supposed to be set to allow all, that's fine with me. It makes sense too, I just wanted to make sure I didn't open any risks.

 

Thanks for your help!

Platinum Elite Contributor
Posts: 14,384
Country: Australia

Re: APFW: Allowing All IPs

Limiting access by IP, requiring Windows Authentication, using another port (SSL or other) or tunnelling through VPN are all ways to add security to the web server ... but none really matter to ACT! as long as the settings allow your users access