Accessing IIS Externally – Step-by-Step Guide

iis

What do I need to do to allow external access to my win seven IIS webpage? My internal webpage is hiding behind a router and a firewall (Windows firewall) I need to be able to address certain aspects on my hard disk in order to build the webpage externally. Graphics sitting on my hard disk are not accessible? I used localhost and inetpub. The graphic is sitting inetpub/wwwwroot/fred.jpg.

Best Answer

First, make sure your ISP does not block port 80.

Second, ensure your computer is up-to-date on Windows updates.

Third, if your website uses an SQL server make sure that all requests are parameterised. Do not expose the SQL server directly to the Internet.

Fourth, you need to set the firewall to allow appropriate incoming connections to the web server. There is a pre-defined rule which you need to enable:

  • Go to "Control Panel" -> "Administrative Tools" -> "Windows Firewall with Advanced Security".
  • Choose "Inbound Rules" in the left pane.
  • Scroll down to "World Wide Web Services (HTTP Traffic-In)" where the Profile is "Domain". (Not the HTTPS one, further down.) Double-click it.
  • Choose the "Scope" tab. Under "Remote IP addresses" select "These IP addresses" and add the appropriate addresses or ranges which you wish to allow access from [1].
  • Possibly necessary for you: under the "Advanced" tab, choose "Enable edge traversal".
  • Under the "General" tab, select "Enabled" and "Allow the connection".

[1] This is to limit the number of hacking attempts your computer will be subjected to. It does not have to be an exact list - just a few /8 ranges (Wikipedia: Classless Inter-Domain Routing) would cut down vastly on the hacking attempts.

Fifth, In IIS Manager, select the web site you are going to be using and in the "Bindings" check that you have something set up for http. If this is the only web site on the computer, "All unassigned" should suffice. Once it is working, have a look in the IIS logs for the website to check what IP address requests come in on and refine the binding/add another one.

Finally, enable the pass-through on your router.

You should now be able to access the web site on your computer from outside.

For troubleshooting, the IIS logs are, by default, in C:\inetpub\logs\LogFiles.

There are services such as No-IP which allow you to have a domain name for the web site so that it does not matter if your external IP address changes - you can simply give clients a domain name instead of an IP address.

I may well have missed something out of all that, please let me know and I'll see about corrections.

Related Question