Re: IIS 6.0 CGI pipe broken...
From: Hoch (Hoch_at_fightspammers.com)
Date: 11/20/03
- Next message: MarcT: "Re: Logon Failure for IUSR_servername account"
- Previous message: Hoch: "Re: IIS 6.0 CGI pipe broken..."
- In reply to: David Wang [Msft]: "Re: IIS 6.0 CGI pipe broken..."
- Next in thread: David Wang [Msft]: "Re: IIS 6.0 CGI pipe broken..."
- Reply: David Wang [Msft]: "Re: IIS 6.0 CGI pipe broken..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Nov 2003 18:58:12 +0100
David,
> - Are you running in IIS5 Compatibility or IIS6 Native Mode?
I have been running on both modes and I get the same CGI error.
> If IIS5 Compatibility Mode, is it Low Isolation (LocalSystem) or not
> (IWAM or any other user)?
I'm using a IUSR with guest permissions. I tried in the three application
protection modes (Low, Medium, high). I even gave this user administrator
rights and it does not work.
> - If IIS6 Native Mode, what is the AppPoolIdentity for the Application
> Pool?
In IIS Native Mode I created an application pool for the CGI and then
tried several
identities: Network service, local service, local sistem and IWAM
but we still get the error.
> - If the identity is a custom user, what permissions does this user have
> (use secpol.msc to determine)?
The identity is not a custom user. We have it set to local sistem.
> - Does this CGI "shell out" to call CMD.EXE in any way, like execute a
> batch script or execute another EXE.
Yes. It communicates with a database client (a windows executable connected
to a database server). The CGI acts as a link between IIS and this
database client.
The CGI uses named pipes to communicate with the database client (and IIS).
We have already set for IUSR execute permissions on this .exe and all
related files.
Even giving administrator permission to IUSR we get the error.
The CGI works like this:
We type something like this in a browser:
http://www.ourdomain.com/nlcgi/nls_cgi.exe/admin?lang=4
'nls_cgi.exe' is the CGI, 'nlcgi' is the virtual directory and
'/admin?lang=4' are
the parameters that the CGI sends to the database client.
The CGI connects to the database client passing those parameters, the
database
processes the parameters, builds an HTML page and returns it to IIS. The
database client does all the hard work. The CGI is only a link between
IIS and the database client.
The CGI executes to make the connection, returns the HTML code (built by
the database client) and then quits.
What has changed in IIS 6.0 related to CGI execution since IIS 4.0? I know
there are lot of changes to enforce security, but I'm not so sure that
this is the problem in our case. It seems something related with the way
IIS 6.0 treats CGIs or communication of CGIs with external apps like our
database client.
Thank you in advance!
Hoch.
- Next message: MarcT: "Re: Logon Failure for IUSR_servername account"
- Previous message: Hoch: "Re: IIS 6.0 CGI pipe broken..."
- In reply to: David Wang [Msft]: "Re: IIS 6.0 CGI pipe broken..."
- Next in thread: David Wang [Msft]: "Re: IIS 6.0 CGI pipe broken..."
- Reply: David Wang [Msft]: "Re: IIS 6.0 CGI pipe broken..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
