iis_config_property

[barracksbuilder]

Cookbook version

7.2.0

Chef-client version

14.12.9

Platform Details

Windows Server 2016 Standard

Scenario:

Set IP Restrictions for a Site in IIS

Steps to Reproduce:

iis_config_property 'Home' do
    ps_path 'MACHINE/WEBROOT/APPHOST'
    location 'cfadmin'
    filter "system.webServer/security/ipSecurity"
    property '.'
    value "@{ipAddress='127.0.0.1';subnetMask='255.255.255.255';allowed='True'}"
    action :add
end

Expected Result:

IP restriction to be set to allow 127.0.0.1

Actual Result:

Nothing gets set error output in chef-run

    * powershell_script[Set MACHINE/WEBROOT/APPHOSTcfadmin/system.webServer/security/ipSecurity/] action run[2019-05-20T
15:36:52-05:00] INFO: Processing powershell_script[Set MACHINE/WEBROOT/APPHOSTcfadmin/system.webServer/security/ipSecuri
ty/] action run (c:/chef/cache/cookbooks/iis/resources/config_property.rb line 63)
[2019-05-20T15:36:52-05:00] INFO: Processing powershell_script[Guard resource] action run (dynamically defined)
C:\Users\CH\AppData\Local\Temp\chef-script20190520-7684-1mkofaj.ps1 : Unexpected token
Input: get-config("MACHINE/WEBROOT/APPHOST/cfadmin")/system.webServer/security/ipSecurity/*[@='@{ipAddress='127.0.0.1';s
ubnetMask='255.255.255.255';allowed='True'}']
Position: 86
Length: 1
Fragment: =
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,chef-script20190520-7684-1mkofaj.ps1

 (skipped due to only_if)
     (up to date)
  * iis_config_property[Block All] action set[2019-05-20T15:36:52-05:00] INFO: Processing iis_config_property[Block All]
 action set (rsna_iis::cfadmin line 66)

I took the code from the IIS config generator:

Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location 'cfadmin' -filter "system.webServer/security/ipSecurity" -name "." -value @{ipAddress='127.0.0.1';subnetMask='255.255.255.0';allowed='True'}

note: cfadmin site is setup correctly and working other than the IP restriction.

[barracksbuilder]

Also fails when I try to do request filtering in IIS

rsna_iis::requestFiltering.rb

iis_config_property 'administrator' do
    ps_path 'MACHINE/WEBROOT/APPHOST'
    filter "system.webServer/security/requestFiltering/denyUrlSequences"
    property '.'
    value "@{sequence='/CFIDE/administrator'}"
    action :add
end

Recipe: rsna_iis::requestFiltering
  * iis_config_property[administrator] action add[2019-05-21T11:31:26-05:00] INFO: Processing iis_config_property[admini
strator] action add (rsna_iis::requestFiltering line 2)

    * powershell_script[Set MACHINE/WEBROOT/APPHOST/system.webServer/security/requestFiltering/denyUrlSequences/.] actio
n run[2019-05-21T11:31:26-05:00] INFO: Processing powershell_script[Set MACHINE/WEBROOT/APPHOST/system.webServer/securit
y/requestFiltering/denyUrlSequences/.] action run (c:/chef/cache/cookbooks/iis/resources/config_property.rb line 63)
[2019-05-21T11:31:26-05:00] INFO: Processing powershell_script[Guard resource] action run (dynamically defined)
C:\Users\CH\AppData\Local\Temp\chef-script20190521-9508-1k3tuax.ps1 : Unexpected token
Input: get-config("MACHINE/WEBROOT/APPHOST")/system.webServer/security/requestFiltering/denyUrlSequences/*[@.='@{sequen
ce='/CFIDE/administrator'}']
Position: 101
Length: 1
Fragment: .
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,chef-script20190521-9508-1k3tuax.ps1

 (skipped due to only_if)
     (up to date)

Again code generated by IIS for powershell:

Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST'  -filter "system.webServer/security/requestFiltering/denyUrlSequences" -name "." -value @{sequence='/CFIDE/administrator'}

[barracksbuilder]

Looks like this relates to #433

[barracksbuilder]

I ended up doing something like this instead:

powershell_script 'Home' do
    code <<-EOH
    Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location 'cfadmin' -filter "system.webServer/security/ipSecurity" -name "." -value @{ipAddress='127.0.0.1';allowed='True'}
    EOH
    guard_interpreter :powershell_script
    only_if '(Get-WebConfigurationProperty -pspath \'MACHINE/WEBROOT/APPHOST\' -location \'cfadmin\'  -filter "system.webServer/security/ipSecurity/*[@ipAddress=\'127.0.0.1\']" -name ".") -eq $null'
end

[github-actions]

Marking stale due to inactivity. Remove stale label or comment or this will be closed in 7 days. Alternatively drop by the #sous-chefs channel on the Chef Community Slack and we'll be happy to help! Thanks, Sous-Chefs.

[github-actions]

Closing due to inactivity. If this is still an issue please reopen or open another issue. Alternatively drop by the #sous-chefs channel on the Chef Community Slack and we'll be happy to help! Thanks, Sous-Chefs.