Login/Register
Yii2/PHP/IIS7 - URL Rewrite and File Permissions (Pretty URL issue)
Asked Answered
phpyii2iis-7url-rewrite-modulepretty-urls
U

1

10

I have a web.config file with the following text, although not relevant to my problem...

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="Pretty URL">
                    <match url="." ignoreCase="false" />
                    <conditions logicalGrouping="MatchAll">
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
                    </conditions>
                    <action type="Rewrite" url="index.php" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

Normally when I develop on my Windows machine the folder with my PHP source has permissions for all authenticated users and pretty URLs in my Yii2 website works without any issues.

Now, my next project requires me to deploy on a Windows machine where non-admin users will also use and I tested deploying a Yii2 website to a folder that gives IUSR user the ability to List, Read, & Execute files.

The website works, but the pretty url does not.

If I copy the folder contents to another location with regular authenticated user and SYSTEM permissions, it works as expected.

I think I am missing some permissions that will enable pretty URL to work properly with IIS7 URL Rewrite module, but not sure what.

Unpin answered 8/8, 2018 at 7:17 Comment(2)
have you looked into this postMealworm
@MuhammadOmerAslam As mentioned above, the problem is not with the web.config syntax, and besides my syntax matches the one in the post.Unpin
S
1

In Linux it's quite common that servers run as special user.
I apply this habit even in Windows and it's easy to configure access then for the server. User accounts shouldn't matter then related to the server.
Ownership of all files in the web-directory has to be then the user of the web-server, i.e. "IUSR".
The user as which the server is running has to be adjusted in IIS configuration if it differs from "IUSR" which is the default IIS-user.

Only for file-access related to editing some adjustments might be required for all files but if the server is running as a user it's also clearer that file-access for editing and for server-access are two different purposes. So you even can adjust edit-access to limited files for users, while the server has full access to all files. Giving different access-rights to different users or usergroups is also no problem.

For more details about the default IIS-user you can read Understanding Built-In User and Group Accounts in IIS 7

Seismograph answered 6/9, 2018 at 2:7 Comment(2)
the IUSR user has full rights on the website folder.Unpin
If you copied some files into the website folder you might have to apply the rights to the new files too, or just to the website folder again recursive.Seismograph

© 2022 - 2024 — McMap. All rights reserved.