{"id":595,"date":"2012-09-11T13:27:15","date_gmt":"2012-09-11T03:27:15","guid":{"rendered":"http:\/\/www.desiderata.com.au\/blog\/?page_id=595"},"modified":"2012-09-11T17:43:05","modified_gmt":"2012-09-11T07:43:05","slug":"installing-isapi-dlls-on-microsoft-iis-web-servers","status":"publish","type":"page","link":"https:\/\/www.desiderata.com.au\/blog\/?page_id=595","title":{"rendered":"Installing ISAPI dll&#8217;s on Microsoft IIS web servers"},"content":{"rendered":"<p>Microsoft have tightened security on their IIS web servers and made it more difficult to configure permissions to run CGI and ISAPI dll&#8217;s.<\/p>\n<p>ISAPI Extension and ISAPI Filter are two completely different mechanisms to extend IIS functionality and are not interchangeable.<\/p>\n<p>When Delphi creates an ISAPI dll it adds GetExtensionVersion and HttpExtensionProc in the exports and thus <strong>the dll is an ISAPI Extension and NOT an ISAPI Filter<\/strong> (an ISAPI\u00a0Filter dll requires GetFilterVersion and HttpFilterProc function signatures instead).<\/p>\n<ul>\n<li>ISAPI Extensions are configured either as &#8220;Application Mappings&#8221; or &#8220;Wildcard Application Mappings&#8221;, or they are requested as-is on the URL request line (i.e. <a href=\"http:\/\/server\/cgi-bin\/myISAPI.dll?param=value\">http:\/\/server\/cgi-bin\/myISAPI.dll?param=value<\/a>) &#8211; see <a href=\"http:\/\/blogs.msdn.com\/b\/david.wang\/archive\/2005\/11\/28\/can-i-install-an-isapi-filter-as-an-isapi-extension-or-wildcard-application-mapping.aspx\" target=\"_blank\">here<\/a><\/li>\n<\/ul>\n<p>An additional consideration is running 32-bit dll&#8217;s on a 64bit IIS web server.<\/p>\n<p>Links to web pages which help to resolve this issues are:<\/p>\n<ul>\n<li><a href=\"http:\/\/chee-yang.blogspot.com.au\/2009\/10\/configure-windows-7-iis7-for-isapi-dll.html\" target=\"_blank\">Chau Chee Yang Technical Blog<\/a><\/li>\n<li><a href=\"http:\/\/www.timvasil.com\/blog14\/post\/2007\/11\/Run-a-32-bit-ISAPI-DLL-on-64-bit-IIS-7.aspx\" target=\"_blank\">Tim Vasil&#8217;s blog post<\/a><\/li>\n<\/ul>\n<h3>Essentially, in Windows 2008 Server&#8217;s IIS 7 the following steps are needed:<\/h3>\n<ul>\n<li>copy your ISAPI dll to a folder on the web server such as c:\\inetpub\\scripts<\/li>\n<li>ensure ISAPI module support is installed on the IIS web server<\/li>\n<ul>\n<li>Control Panel | Programs and Features | Turn on Windows features on or off<\/li>\n<li>go to Internet Information Services then World Wide Web Services<\/li>\n<li>then Application Development Features<\/li>\n<li>then tick ISAPI Extensions and ISAPI Filters (and CGI if you want that), then click OK<\/li>\n<\/ul>\n<li>configure IIS to permit access to the specific dll&#8217;s required<\/li>\n<ul>\n<li>open IIS manager, go to the web site, then open the Feature: ISAPI and CGI Restrictions and ADD each dll your app needs to use (this avoids using the much less secure, enabling &#8220;Allow unspecified ISAPI modules&#8221;)<\/li>\n<\/ul>\n<li>if using 64-bit IIS, you will need to create a 32-bit application pool then an application and configure it:<\/li>\n<ul>\n<li>in IIS manager, Application Pools, click ADD Application Pool<\/li>\n<li>type an alias such as AppPool32, select Classic pipeline and don&#8217;t use .NET<\/li>\n<li>in advanced settings set Enable 32bit to true<\/li>\n<li>Start the pool<\/li>\n<li>go back to the Default Web Site node and click ADD Application<\/li>\n<li>create an alias name for your application (this will become like a virtual folder off your root folder), select your AppPool32 as your Application Pool, set the physical path to your dll folder, but note there is a bug in ISS that will result in test button failing &#8211; there is much discussions online regarding this.<\/li>\n<li>now you have to allow your dll&#8217;s to execute within your new IIS &#8220;application&#8221;:<\/li>\n<ul>\n<li>select the application node<\/li>\n<li>open the feature Handler Mappings<\/li>\n<li>for each dll, Add Script Map, then type a request path *.dll, select the ISAPI dll and give it a descriptor\u00a0and click OK to enable it.<\/li>\n<li>then for each dll, enable EXECUTE by selecting the dll and edit permissions to set\u00a0&#8220;Read\/Script\/Execute&#8221; permissions<\/li>\n<\/ul>\n<\/ul>\n<li>you may then need to give permissions to the dll folder for IIS_IUSRS so they can Read and Execute<\/li>\n<li>then test it<\/li>\n<\/ul>\n<h3>Errors on testing:<\/h3>\n<p>400.x:<\/p>\n<ul>\n<li>bad request<\/li>\n<\/ul>\n<p>401.x:<\/p>\n<ul>\n<li>access denied<\/li>\n<li>401.4 = authorization failed by filter<\/li>\n<li>401.5 = authorization failed by ISAPI\/CGI application<\/li>\n<\/ul>\n<p>403.x:<\/p>\n<ul>\n<li>forbidden<\/li>\n<\/ul>\n<p>404.0:<\/p>\n<ul>\n<li>not found<\/li>\n<li>may mean that the ISAPI extension you&#8217;re using is referencing (ie, including) another DLL as well.<\/li>\n<\/ul>\n<p>404.1:<\/p>\n<ul>\n<li>site not found<\/li>\n<\/ul>\n<p>404.2:<\/p>\n<ul>\n<li>denied by policy &#8211; ISAPI or CGI restriction<\/li>\n<li>may mean you have forgotten to &#8220;allow&#8221; a specific ISAPI DLL<\/li>\n<\/ul>\n<p>404.3:<\/p>\n<ul>\n<li>denied by MIME map<\/li>\n<\/ul>\n<p>404.4:<\/p>\n<ul>\n<li>no handler<\/li>\n<\/ul>\n<p>404.5:<\/p>\n<ul>\n<li>IIS rejecting based on URL Sequencing &#8211; see <a href=\"http:\/\/www.iis.net\/learn\/manage\/configuring-security\/use-request-filtering\" target=\"_blank\">Use Request Filtering<\/a><\/li>\n<\/ul>\n<p>404.6:<\/p>\n<ul>\n<li>IIS rejecting based on disabled verbs &#8211; see <a href=\"http:\/\/www.iis.net\/learn\/manage\/configuring-security\/use-request-filtering\" target=\"_blank\">Use Request Filtering<\/a><\/li>\n<\/ul>\n<p>404.7:<\/p>\n<ul>\n<li>IIS rejects a request based on file extensions &#8211; see <a href=\"http:\/\/www.iis.net\/learn\/manage\/configuring-security\/use-request-filtering\" target=\"_blank\">Use Request Filtering<\/a><\/li>\n<\/ul>\n<p>404.8:<\/p>\n<ul>\n<li>IIS rejects based on Hidden Segments &#8211; see <a href=\"http:\/\/www.iis.net\/learn\/manage\/configuring-security\/use-request-filtering\" target=\"_blank\">Use Request Filtering\u00a0<\/a><\/li>\n<\/ul>\n<p>404.9:<\/p>\n<ul>\n<li>denied as hidden file attribute has been set<\/li>\n<\/ul>\n<p>404.10:<\/p>\n<ul>\n<li>denied as request header too long &#8211; see <a href=\"http:\/\/www.iis.net\/learn\/manage\/configuring-security\/use-request-filtering\" target=\"_blank\">Use Request Filtering<\/a><\/li>\n<\/ul>\n<p>404.11:<\/p>\n<ul>\n<li>IIS&#8217;s URLScan not configured correctly\u00a0&#8211; see <a href=\"http:\/\/www.iis.net\/learn\/manage\/configuring-security\/use-request-filtering\" target=\"_blank\">Use Request Filtering<\/a><\/li>\n<\/ul>\n<p>500 &#8211; Internal server error. There is a problem with the resource you are looking for, and it cannot be displayed.<\/p>\n<ul>\n<li>500.0 = Module or ISAPI error occurred.<\/li>\n<li>500.11 = Application is shutting down on the Web server<\/li>\n<li>500.12 = Application is busy restarting on the Web server<\/li>\n<li>500.13 = Web server is too busy<\/li>\n<li>500.19 &#8211; see <a href=\"http:\/\/forums.iis.net\/t\/1149768.aspx\" target=\"_blank\">here<\/a><\/li>\n<li>etc.<\/li>\n<li>see <a href=\"http:\/\/support.microsoft.com\/kb\/942031\" target=\"_blank\">here<\/a><\/li>\n<\/ul>\n<p>More <a href=\"http:\/\/support.microsoft.com\/kb\/943891\" target=\"_blank\">HTTP status codes here<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft have tightened security on their IIS web servers and made it more difficult to configure permissions to run CGI and ISAPI dll&#8217;s. ISAPI Extension and ISAPI Filter are two completely different mechanisms to extend IIS functionality and are not &hellip; <a href=\"https:\/\/www.desiderata.com.au\/blog\/?page_id=595\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-595","page","type-page","status-publish","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.desiderata.com.au\/blog\/index.php?rest_route=\/wp\/v2\/pages\/595","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.desiderata.com.au\/blog\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.desiderata.com.au\/blog\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.desiderata.com.au\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.desiderata.com.au\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=595"}],"version-history":[{"count":8,"href":"https:\/\/www.desiderata.com.au\/blog\/index.php?rest_route=\/wp\/v2\/pages\/595\/revisions"}],"predecessor-version":[{"id":598,"href":"https:\/\/www.desiderata.com.au\/blog\/index.php?rest_route=\/wp\/v2\/pages\/595\/revisions\/598"}],"wp:attachment":[{"href":"https:\/\/www.desiderata.com.au\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=595"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}