Easy unavailability page in IIS

  
Hello all

A lot of you have probably had problems setting up complete unavailability of your public web site running the Agile Platform on IIS; for example, to run Maintenance tasks.

Sure, if you want to put one individual application offline you can use the Put Offline option in Service Center, but what if you want to bring everything down?
Or what if you are using a older version of the Agile Platform (6.0-) with out the Put Offline option?

At IIS level there are multiple ways to cut access to an application. My prefered way is to use a trick based on the 403.6 error - that means creating a list of IP that are allowed to access and leave the others out.
In this scenario I will only allow 127.0.0.1 to pass through - this will give me the option to access the apps and Service Center when logged on the server to confirm that things are working after the maintenance is complete.

This is how it is done.


Prepare the server

This is something you do only once in each server to prepare it.

--

1. Create an HTML maintenance page, and save it somewhere. The simplest HTML content you may use is something like:

         <html><body><p>This server is under maintenance</p></body></html>

Save it in a file in the server - I suggest C:\Inetpub\wwwroot\maintenance.html

                


--

2. Now create the custom error page for the 403.6 error to point to this page:

                


                

--

3. Add a default "allow entry" for 127.0.0.1. For this, go to IP Address and Domain Restrictions.
If you do not find this option, you need to install it in Server Manager.

                


                

--

4. Finally fix a setting in ApplicationHost.Config that prevents you from using absolute paths in error pages. For this, open a Notepad (right-click, Run As Administrator), open file C:\Windows\System32\InetSRV\Config\ApplicationHost.config, locate the tag <httpErrors and add attribute allowAbsolutePathsWhenDelegated="true".
For this step, make sure to make a backup copy of the file before any editing.

                



Put the server offline

When you want to put your server offline you need to go back to IP Address and Domain Restrictions.
Here, choose Edit Feature Settings and switch the default to Deny:

               

When you do this, immediately all accesses to your IIS from outside the server will produce this result:

               

But you will still be able to access from inside the machine (and timers continue to run, and etc).

                


Bring the server back online

For this, simply revert the  IP Address and Domain Restrictions - from Deny to Allow.

               



If you have any questions or suggestions for improvements please let me know.

Cheers,

Acácio Porta Nova
Great post Acácio..
I never done this before but it saves a lot of time..
And I have to say that is very well explained..

Kind Regards,
Gonçalo M.
I have just done this and it works great!

I was hoping to utilize the IIS app_offline.htm feature, but I can't figure it out. This works and is very easy to do especially after the initial setup.

Thanks!
Owain
Owain Jones wrote:
I have just done this and it works great!

I was hoping to utilize the IIS app_offline.htm feature, but I can't figure it out. This works and is very easy to do especially after the initial setup.

Thanks!
Owain
 
 
Hi Owain

I considered using the app_offline.htm feature for this tutorial, but dropped it since it has at least 3 problems:
  • It depends on .NET, so it is affected by limitations if SEO feature is used (e.g. if a request needs to be moved between worker processes);
  • Given the architecture of the Agile Platform (with multiple virtual directories / applications in IIS - one for each eSpace) you would have to place one app_offline.html for each eSpace AND for the root level - a lot more work than the suggested approach;
  • It does not allow you to keep access to the apps for testing purposes.
Cheers,
Acácio Porta Nova
Great post Acácio!
Hello,

Recently I had to do this same configuration using Windows Server 2012 R2 and I've found some minor differences from the original post, which was built for Windows Server 2008. I decided to share  with you the configurations in case you're already using Windows Server 2012 R2.
 
While Windows Server 2008 R2 comes with IIS 7.5 Windows Server 2012 R2 comes with IIS 8.5. For the last the trick based on 403.6 error won't work, instead you have to configure IIS maintenance page to be shown when the HTTP error code 403.503 is sent.

This is how you can do it for Windows Server 2012 R2:

Prepare the server

1. For this scenario you're required to install IIS IP Address and Domain Restrictions feature. If you've this feature already installed skip to #2.

1.1 Open Server Manager->Manage->Add Roles and Features


--

1.2 Install IP Address and Domain Restrictions feature


--

2. Create you maintenance page and upload it to the server. For this example I'm going to save the maintenance page at C:\ineput\wwwroot\maintenance.html



--

3. Create a custom error page for the 403.503 error to point to your maintenance page

3.1. IIS Manager->Default Web Site


3.2. Add a new error page


3.3. Configure the status code and the file path for your maintenance page


--

4. Add a default "allow entry" for 127.0.0.1 using IP Address and Domain Restrictions

4.1.
IIS Manager->Default Web Site->IP Address and Domain Restrictions


4.2. Add Allow Entry

4.3. Add the authorized IP Address



5. By default IIS won't allow you to use absolute paths for error pages and you must change this setting in order to use your maintenance page

5.1. IIS Manager-> Server Name (IIS ROOT)->Configuration Editor


5.2. Select system.webServer/httpErrors and change "allowAbsolutePathsWhenDelegated" value from false to true



Put the server offline

1. Deny the access for unauthorized IP Addresses

1.1 IIS Manager -> Default Web Site -> IP Address and Domain Restrictions


1.2. Edit Feature Settings


2. Test the access

2.1. Maintenance Page


2.2. Access inside the machine


Bring the server back online

1. Revert IP Address and Domain Restrictions

1.1. IIS Manager -> Default Web Site -> IP Address and Domain Restrictions


1.2. Edit Feature Settings


1.3. Server available again



Kind regards,
Ivo Gonçalves