Ask the Expert

Why can't outside browsers access my Web site on the server?

I cannot access the Internet from my Web server nor can outside browsers access my Web site on the Web server. Outside browsers get a login screen. The dedicated Web page server is in a dmz and there's nothing between it and the router. The router also handles internal LAN and Exchange Server. The Web server has routable IP address with correct DNS records at Internet provider. I installed IIS 5.0 and configured the server to point to the default Web page. The only area that I am extremely unsure about is: do I need to set up permissions for the Web to access my Web site on the server somewhere? I have not done this. I've started IIS 5.0 Lockdown and hardening procedure but am not totally through it yet.

    Requires Free Membership to View

What exactly do you mean when you say the browsers get a login screen? If you're talking about the dialog box that Internet Explorer opens to prompt you for a username and password, then your problem should be very straight-forward to fix. If you're seeing an actual Web page (not a separate dialog box), then your Web application is prompting the user for a password and I can't offer more help without investigating the specific application.

 

So, I'll assume that the Web browser is prompting the user for a password. This happens because IIS returned an "access denied" message to the Web browser. IIS will return this message when 1) anonymous access has not been selected, or 2) the anonymous Web user does not have file permissions to the page you are attempting to view.

Let's start by checking whether anonymous access is allowed. Launch the Internet Services Manager. Right-click your Web site (probably Default Web Site), and then click Properties. Click the Directory Security tab. In the Anonymous Access And Authentication Control box, click the Edit button.

The Authentication Methods dialog appears. Make sure the Anonymous Access checkbox is selected, and then click the Edit button. The Username field probably shows IUSR_Computername, and the Allow IIS To Control Password checkbox should normally be checked. Click OK 3 times and close Internet Services Manager.

The IUSR account is the account IIS is going to use to access files on behalf of anonymous users, and it must have access to the files and folders you're using for Web content. Let's check those file permissions next. Launch Windows Explorer, and navigate to the folder you're using for Web content (C:inetpubwwwroot by default). Right-click the folder, and then click Properties. Click the Security tab. Make sure the Internet Guest Account, Web Anonymous Users, and/or Web Applications groups have at least Read access to the Web content.

This was first published in November 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: