Firewall blocks my IIS application [Resolved]

I am running the free Comodo firewall on XP professional with IIS 5.1. I am developing in Visual Web Developer 2005 Express.

You don’t need IIS to develop in this IDE and I have no trouble launching and testing my app as I build.

Also, I have no trouble when I launch the site using IIS (outside of the IDE) in IE 7: http://localhost/demo/.

But I cannot launch my web site in IIS when I use my IP address: http://XXX.XXX.X.X/demo. (I can if I turn off the firewall, which, of course, I don’t want to do.)

How do I give permission to my web site so I can access it using my IP address? I don’t know which to use: Application, Component or Network Monitor dialogs? How do I specify the Application name in the Application Monitor? The “application” is just a set of aspx files, no exe or dlls. Same with the Component monitor dialog. Do I give permission to an aspx file? And as for the Network Monitor dialog, why would I have to give permission to my own computer?

Thank you.

Hello Jackson, and welcome to the forums.

It’s strange that CPF would be preventing that… doesn’t quite sound right. We’re talking about trying to access the site from the same PC running IIS, right?

I’m grasping, but I would try running the trusted zone wizard and let it add the 2 new network rules.

Did you “bind” your webs to the PC IP? How are your headers configured?

In summary, if you can access it from within the IDE and by referencing it as localhost, the internal comms are OK, but if you reference it by your outward facing IP you can’t.

If these are correct, I would assume that CPF is blocking the inbound request because there is no network monitor rule to allow an unsolicited request TO port 80 on your PC.

To manually add this rule, go to SECURITY - NETWORK MONITOR and use the following parameters in a new rule (assuming your web server is configured to use port 80);

Action : ALLOW
Protocol : TCP
Direction : IN
Source IP : ANY
Source Port : ANY
Destination Port : 80 (or whatever port your sever is set to listen on)

If you’re behind a router, you’ll need to ensure that the appropriate port is forwarded to your internal IP correctly.

You shouldn’t need to do anything else to get it to work, as the APSXs will load inside the browser. As the FW is configured to allow ingress to your server, actions based upon that approved request are likewise approved, so the app loaded by the index.htm page should, all things being equal, execute without requiring any further permissions.

Hope this helps,
Ewen :slight_smile:

Thank you both m0ng0d and panic for your responses.

Yes, I’m trying to access the site from the same pc running iis. But also, I have another computer here at home running off the same router. Trying to access the site using the IP address seems to give the same results no matter which computer I’m using.

I tried the instructions to set up a SECURITY - NETWORK MONITOR rule that panic gave, and it worked.

I messed around quite some time after that to see if I could reconfigure the web site’s properties and do without the rule, but suffice it to say that I ran out of patience before I really learned anything.

I think this rule is necessary, but I’m not really sure. Anyway, it works. Thanks lots.

Ummm… if it doesn’t work without it and does work with it, then yeah, I’d say it’s pretty necessary. :wink:

If you are only trying to access it from PCs on the SAME SIDE OF YOUR ROUTER AS THE SERVER, then you could always define a zone and set it as trusted. This will allow almost total communications on this side of your router to/from any device on the subnet described in the zone setup.

Always remember, if you are referencing a computer by the OUTWARDS facing IP address, any request for that publicly accessible address will go out onto the internet and then back in to the external IP, even if they’re side by side and on the same subnet. If you post a letter to your wife it still goes out to the post office before coming back home. :wink:

Mind you, defining a trusted zone will automatically create two rules anyway.

In the words of Thomas Edison, “■■■■ the theory if the machinery works!”

Glad its resolved. I’ll mark this topic as resolved and lock it.

Ewen :slight_smile: