0

Curious if someone could point me in the direction to how I could automate IIS Request Filtering File Extensions? I have used the following per Microsoft manuals, but when the extension is already set to false I get an error. Even though the manual states that changing the value from false to true will enable. Am I missing something very simple?

https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/fileextensions/

Start-IISCommitDelay

$fileExtensions = Get-IISConfigSection -CommitPath 'Default Web Site' -SectionPath 'system.webServer/security/requestFiltering' | Get-IISConfigCollection -CollectionName 'fileExtensions'

New-IISConfigCollectionElement -ConfigCollection $fileExtensions -ConfigAttribute @{ 'fileExtension' = '.asax'; 'allowed' = $true } -AddAt 0

Set-IISConfigAttributeValue -ConfigElement $fileExtensions -AttributeName 'applyToWebDAV' -AttributeValue $true

Stop-IISCommitDelay

New-IISConfigCollectionElement : Filename: 
Error: Cannot add duplicate collection entry of type 'add' with unique key 
attribute 'fileExtension' set to '.asax'
At line:5 char:1
+ New-IISConfigCollectionElement -ConfigCollection $fileExtensions -Con ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-IISConfigCollectionElemen 
   t], COMException
    + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Micr 
   osoft.IIS.Powershell.Commands.NewIISConfigCollectionElementCommand
 
Set-IISConfigAttributeValue : Object reference not set to an instance of an 
object.
At line:7 char:1
+ Set-IISConfigAttributeValue -ConfigElement $fileExtensions -Attribute ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Set-IISConfigAttributeValue], 
    NullReferenceException
    + FullyQualifiedErrorId : System.NullReferenceException,Microsoft.IIS.Powe 
   rshell.Commands.SetIISConfigAttributeValueCommand
 
WARNING: No active transaction.
MB9
  • 73
  • 1
  • 6
  • 1
    You'd probably first need to test with `Get-IISConfigCollectionElement -ConfigCollection $fileExtensions -ConfigAttribute @{"name"="'fileExtension'"}` if the element already exists. Then if it does use `Set-IISConfigAttributeValue` to change the value and if it doesn't use `New-IISConfigCollectionElement` to create new. – Theo Mar 12 '22 at 13:07
  • Thank you @Theo, I will do some testing on this shortly. Very much appreciate the thoughts! – MB9 Mar 12 '22 at 15:09
  • @Theo - Tested and confirmed the same results as above. – MB9 Mar 12 '22 at 17:46
  • So, you're saying that a test with `if(Get-IISConfigCollectionElement ...)` returns $false, even though an attribute 'fileExtension' already exists? – Theo Mar 15 '22 at 11:24
  • @Theo - According to the Microsoft site (https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/fileextensions/) under the 'Note' right above the Powershell example, running the script I posted above and simply changing the ```$true``` to ```$false``` should allow or disallow the extension. But if the extension already exists simply changing t/f throws the error posted. – MB9 Mar 15 '22 at 18:06
  • Have been able to make this ```.bat``` file run successfully using this link https://stackoverflow.com/questions/24945542/the-term-appcmd-is-not-recognized-as-the-name-of-a-cmdlet But would much rather use Powershell if possible. – MB9 Mar 15 '22 at 19:37

1 Answers1

0

Never able to figure out why this process doesn't work as it should per the man docs from Microsoft, but found the configuration files for IIS and made an edited version and wrote a Powershell to move the original and place the edited version in the needed directories. Problem solved.

MB9
  • 73
  • 1
  • 6