I just had a fun night making some changes to one of our Windows Servers, the update was to add some great new functionality to our control panel (DotNetPanel) and also to make sure the server was fully up to date.

The update started great, install software and the obligatory reboot that MS makes you do (Always a heart-stopping moment). The machine came back and all looked good initially. Went to test some of the sites on the server and all seemed okay until I tried my own blog and realised that for some reason the permalinks were not functioning properly! a quick check of some other blogs and the same deal, the PATHINFO based permalinks (links that include a /index.php/ path in) were FUBARed just returning a 404 error. :(

The first check was file permissions as this can be a common cause of PHP errors, nothing I tried made a difference, next was checking the PHP.ini config, nope not helping, next was IIS, nothing wrong there, then it was my browser, maybe something wrong with cookies or cache…. nope.  I was stumped….. lots of checking and rechecking later and I still couldn’t understand why the permalinks weren’t working…. A number of hours later and I’ve almost given up, a report of a Magento site having problems accessing there admin (Yes you heard correct Magento works on our Windows server :0), or at least had been up until a few hours ago).

Went off to check why and noticed a similarity to the WordPress problem, the Magento admin also uses URLs with /index.php/ in and although they were being redirected back to the homepage rather than showing a 404 it was still a coincidence...

Now, these sites were in completely separate IIS processes and paths so permissions and IIS seemed like a dead end so I was still none the wiser other than knowing it was a server-wide issue not localised to a specific path.

After more hours of head-scratching I decided to check out the new features I had installed to see if something there might have caused such a strange problem, with the upgrade we gained some new security tools one of them being the new URLSCAN tool from Microsoft which has a number security benefits, it dawned on me that maybe this had something to do with the issue, typically you would expect these things to install disabled until you are ready to enable them.

Well, to cut a long tiring experience short URLSCAN was enabled and has a nice setting enabled (or rather set to disable) by default called “AllowDotInPath”…. The name says it all really and it is meant to block any URL that has a dot in the path of the URL, I set this to 1 “AllowDotInPath=1” and saved the INI and suddenly all the WordPress and Magento sites sprang back to life. Thanks for that MS….

So after all that it was such a simple if less than obvious fix.

Anyway, I’m writing this to help other admins as I’m sure this is going to affect lots of other people using these sort of PHP PATHINFO based URL rewriting techniques on IIS.

Wednesday, July 7, 2010

« Back