|
Starting with H-Sphere 2.4 and higher, H-Sphere is compatible with IIS 6.0 native mode.
H-Sphere automatically switches IIS 6.0 to native mode during the installation or update
procedure. After this, you need to restart IIS to apply changes.
In addition, H-Sphere switches the identity of all existing application pools to "Local System"
account instead of the default "Network service" account. It doesn't manage application pools at
this time, so if a new application pool is created, its identity should be manually set to "Local System" account.
There are several ISAPI filters and IIS log plugins
that are part of H-Sphere which are implemented in the modules described below.
ISAPI Filters
Since IIS 6.0 in native mode has quite different architecture regarding the ISAPI
filters and log plugins, these modules were rewritten to accomplish compatibility
with IIS 6.0 native mode simultaneously with IIS 5.0 support.
- HsAuth.dll - ISAPI filter intended to realize several of web authentication
schemes such as web authentication for virtual accounts (for Serv-U users),
web authentication for FrontPage and cookie authentication.
H-Sphere uses a user account as an anonymous account for the user domain instead of the
standard built-in IUSR account to avoid unapproved content changes. For SERV-U FTP,
FrontPage reads the anonymous account settings for the virtual host and treats this account
as an account which has the anonymous access to FrontPage. Therefore H-Sphere sets
the Basic authentication to the FrontPage virtual directories and installs the HSauth filter
to authenticate the user when he connects via FrontPage client.
- HtAccess.dll - ISAPI filter intended to realize folder protect feature for WebShell 4.0.
H-Sphere does not support 'ISAPI_Rewrite' filter because it processes the URL and then changes it.
But in the current security model of HTProtect work such operation is not allowed .
So 'ISAPI_Rewrite' and 'HTAccess' filters conflict with each other when both are running in IIS.
- SharedSSL.dll - ISAPI filter intended to realize Shared SSL functionality.
To process https requests, we created service virtual hosts for each IP where shared SSL service
is used, including dedicated IPs. A service virtual host home dir contains virtual directories for websites
that have shared SSL enabled. Such a virtual directory bears the name of the third level domain alias
and points to the document root of the corresponding website. ISAPI shared SSL filter, which is
installed on every service virtual host, redirects https requests to the appropriate virtual directory.
( Read more about Winbox Shared SSL )
IIS Log Plugin
Now due to changes in H-Sphere log plugins, even currently modified HTTP log files can be opened for writing or removed.
HsLogPlugin.dll - module which contains several IIS log plugin intended to realize stats collecting
on the fly, different schemes of web and ftp logging such as simple web logging, transfer log, etc.
|
