Ask the Community
Groups
Using URL Rewrite To Control IIS Access on a VSA Server - Connect IT Community | Kaseya
<main> <article class="userContent"> <p><span data-contrast="auto">There are two ways to configure rules in IIS to further restrict access to the <strong>VSA</strong></span>.</p> <p><span data-contrast="auto">Option 1 - Automated Script</span></p> <p><span data-contrast="auto">Download the <a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fapp.box.com%2Fs%2F1yel8q8nw4sxpujbhtudaqapk5yd84qk">zip</a> file from here with the script and instructions. </span></p> <p><span data-contrast="auto">Option 2 - Manual Configuration</span></p> <p><span data-contrast="auto">1. Download </span><strong>URL Rewrite Tool</strong><span data-contrast="auto"> from Microsoft</span> <br><span data-contrast="auto"> Visit this <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.iis.net%2Fdownloads%2Fmicrosoft%2Furl-rewrite" rel="undefined nofollow">site </a></span><span data-contrast="auto">and follow the link to download the IIS addon.</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-ccp-props="{"201341983":0,"335551550":2,"335551620":2,"335559685":720,"335559738":100,"335559739":200,"335559740":276}"> <img src="https://us.v-cdn.net/6032361/uploads/migrated/FSW5NWZMMHY5/blobid0.png" alt="blobid0.png" class="embedImage-img importedEmbed-img"></img></span></p> <p><span data-contrast="auto">2. </span><span data-contrast="auto">Install </span><strong>URL Rewrite</strong> <br><span data-contrast="auto">Once downloaded, run the downloaded file (urlrewrite2.exe) on your Kaseya VSA server web front end (the IIS server).</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="auto">3. Load </span><strong>Computer Management</strong><span data-contrast="auto"> on the </span><strong>VSA Server</strong> <br><span data-contrast="auto"></span></p> <p><span data-contrast="auto"> Click Start and search for </span><strong><em>Computer Management</em></strong><span data-contrast="auto">. </span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="auto">4. Access the </span><strong>URL Rewrite</strong><span data-contrast="auto"> add-on</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <ul><li> <span data-contrast="auto">In Computer Management, expand </span><strong>Services and Applications</strong><span data-contrast="auto">.</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> <li> <span data-contrast="auto">Select </span><strong>Internet Information Services (IIS) Manager</strong><span data-contrast="auto">.</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> <li> <span data-contrast="auto">In the </span><strong>Connections</strong><span data-contrast="auto"> pane, Expand </span><strong><em><span data-contrast="auto"><Computer Name</span>></em></strong><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> <li> <span data-contrast="auto">Expand </span><strong><em>Sites</em></strong> </li> <li> <span data-contrast="auto">Click on </span><strong>Default Web Site</strong> </li> <li> <span data-contrast="auto">Double-click the </span><strong>URL Rewrite</strong><span data-contrast="auto"> icon</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"></span> </li> </ul><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/0T7EZH5G43Q4/blobid20.png" alt="blobid20.png" class="embedImage-img importedEmbed-img"></img></p> <p><span data-contrast="auto">5. Add a new </span><strong>Request Blocking</strong><span data-contrast="auto"> rule</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <ul><li> <span data-contrast="auto">Click the </span><strong><em>Add Rule(s)...</em></strong><span data-contrast="auto"> link</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> <li> <span data-contrast="auto">Double-click on </span><strong><em>Request blocking</em></strong><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> </ul><p><span data-ccp-props="{"134233279":true,"201341983":0,"335551550":2,"335551620":2,"335559685":720,"335559738":100,"335559739":200,"335559740":276}"><img src="https://us.v-cdn.net/6032361/uploads/migrated/LKLF7REHK0BK/blobid21.png" alt="blobid21.png" class="embedImage-img importedEmbed-img"></img> </span></p> <ul><li> <span data-contrast="auto">Enter </span><strong><em><span data-contrast="auto">*</span></em></strong><span data-contrast="auto"> in the </span><strong><em>Pattern (URL Path)</em></strong><span data-contrast="auto"> field</span><br></li> <li> <span data-contrast="auto">Change the </span><strong><em>How to block</em></strong><span data-contrast="auto"> to </span><strong><em>Abort Request</em></strong><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> </ul><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/TLG1EK08AHU6/blobid22.png" alt="blobid22.png" class="embedImage-img importedEmbed-img"></img></p> <ul><li> <span data-contrast="auto">Click </span><strong><em>OK</em></strong> <span data-contrast="auto"></span> </li> </ul><p><span data-contrast="auto">Select the new rule created and double-click on it to edit it.</span></p> <p><span data-contrast="auto"><img src="https://us.v-cdn.net/6032361/uploads/migrated/GG5W2VGZCFRA/screen-shot-2021-07-11-at-11-02-19-am.png" alt="Screen_Shot_2021-07-11_at_11.02.19_AM.png" class="embedImage-img importedEmbed-img"></img></span></p> <p><span data-contrast="auto">Click on ADD - To define the next rule as below:</span></p> <p><span data-contrast="auto"><img src="https://us.v-cdn.net/6032361/uploads/migrated/GBB3BUMOFAGS/screen-shot-2021-07-11-at-11-02-42-am.png" alt="Screen_Shot_2021-07-11_at_11.02.42_AM.png" class="embedImage-img importedEmbed-img"></img></span></p> <p><span data-contrast="auto">Once, complete the first set of rules will look like this:</span></p> <p><span data-contrast="auto"><img src="https://us.v-cdn.net/6032361/uploads/migrated/YACMFAEQE2FI/screen-shot-2021-07-11-at-11-03-04-am.png" alt="Screen_Shot_2021-07-11_at_11.03.04_AM.png" class="embedImage-img importedEmbed-img"></img></span></p> <p><span data-contrast="auto">When complete press the </span><strong><em>Apply</em></strong><span data-contrast="auto"> link in the </span><strong><em>Actions</em></strong><span data-contrast="auto"> menu on the top right. </span><span data-ccp-props="{"134233279":true,"201341983":0,"335559685":720,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/BZKMXMUCANPF/blobid26.png" alt="blobid26.png" class="embedImage-img importedEmbed-img"></img></p> <p><span data-contrast="auto">Click on </span><strong>Default Web Site</strong><span data-contrast="auto"> then double click on </span><strong>URL Rewrite</strong><span data-contrast="auto"> again.</span></p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/IV7SGER6C26J/blobid27.png" alt="blobid27.png" class="embedImage-img importedEmbed-img"></img></p> <p>Add a rule to allow API calls<span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <ul><li> <span data-contrast="auto">Click the </span><strong><em>Add Rule…</em></strong><span data-contrast="auto"> link in the </span><strong><em>Actions</em></strong><span data-contrast="auto"> menu on the right-hand side.</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> <li> <span data-contrast="auto">Select </span><strong><em>Blank Rule</em></strong><span data-contrast="auto"> and click </span><strong><em>OK</em></strong><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> </ul><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/JA0HFOJ6ML4X/blobid28.png" alt="blobid28.png" class="embedImage-img importedEmbed-img"></img></p> <ul><li> <span data-contrast="auto">In the </span><strong><em>Name</em></strong><span data-contrast="auto"> field, enter </span><strong>Allow API Access</strong><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> <li> <span data-contrast="auto">Select </span><strong><em>Wildcards</em></strong><span data-contrast="auto"> from the </span><strong><em>Using</em></strong><span data-contrast="auto"> dropdown</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> </ul><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/D17MBJG8PWH3/blobid29.png" alt="blobid29.png" class="embedImage-img importedEmbed-img"></img></p> <ul><li> <span data-contrast="auto">Enter</span><strong><em><span data-contrast="auto"> *</span></em></strong><span data-contrast="auto"> in the </span><strong><em>Pattern</em></strong><span data-contrast="auto"> field</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> <li> <span data-contrast="auto">Expand the </span><strong>Conditions</strong><span data-contrast="auto"> section</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> </ul><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/ED9935KIE2RT/blobid30.png" alt="blobid30.png" class="embedImage-img importedEmbed-img"></img></p> <ul><li> <span data-contrast="auto">Click </span><strong>Add</strong><span data-contrast="auto"> to add a new condition</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> </ul><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/L83WMMP9YORP/blobid31.png" alt="blobid31.png" class="embedImage-img importedEmbed-img"></img></p> <ul><li> <span data-contrast="auto">In the </span><strong><em>Add Condition</em></strong><span data-contrast="auto"> dialog enter the following in the appropriate fields.</span> <ul><li> <span data-contrast="auto">Condition input = {URL}</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> <li>Pattern = */api/*<span data-ccp-props="{"134233279":true,"201341983":0,"335559685":1440,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> </ul></li> </ul><p><span data-ccp-props="{"134233279":true,"201341983":0,"335559685":1440,"335559738":100,"335559739":200,"335559740":276}"> </span><span data-contrast="auto">Your condition should look like this:</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559685":1440,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/59UJNRMNJMJS/blobid32.png" alt="blobid32.png" class="embedImage-img importedEmbed-img"></img></p> <p><span data-ccp-props="{"134233279":true,"201341983":0,"335559685":1440,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <ul><li> <span data-contrast="auto">Click </span><strong><em>OK</em></strong><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> <li> <span data-contrast="auto">In the </span><strong><em>Edit Inbound Rule</em></strong><span data-contrast="auto"> window, scroll down to find the </span><strong><em>Action</em></strong><span data-contrast="auto"> options</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> </ul><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/1B0VCTBSMEA2/blobid33.png" alt="blobid33.png" class="embedImage-img importedEmbed-img"></img></p> <ul><li> <span data-contrast="auto">Select </span><strong><em>None</em></strong><span data-contrast="auto"> for the </span><strong><em>Action</em></strong><span data-contrast="auto"> (we want to allow these requests)</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> <li> <strong><em>Check</em></strong><span data-contrast="auto"> the </span><strong><em>Stop processing of subsequent rules</em></strong><span data-contrast="auto"> checkbox</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> <li> <span data-contrast="auto">Click </span><strong><em>Apply</em></strong><span data-ccp-props="{"134233279":true,"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span> </li> </ul><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/HAOWVHBYZYYG/blobid34.png" alt="blobid34.png" class="embedImage-img importedEmbed-img"></img></p> <p><span data-contrast="auto">Click on </span><strong>Default Web Site</strong><span data-contrast="auto"> then double-click on </span><strong>URL Rewrite</strong><span data-contrast="auto"> again.</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/7Q1AT3442E0H/blobid35.png" alt="blobid35.png" class="embedImage-img importedEmbed-img"></img></p> <p><span data-contrast="auto">Check that the </span><strong><em>Allow API Access</em></strong><span data-contrast="auto"> rule is first on the list</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}">Now we need to create the rule for Software Management. Follow the same steps as above to create the API rule, except the pattern will not be */api/* but */SM/*</span></p> <p><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"><img src="https://us.v-cdn.net/6032361/uploads/migrated/DHYO1UUS0DK5/screen-shot-2021-07-11-at-11-12-37-am.png" alt="Screen_Shot_2021-07-11_at_11.12.37_AM.png" class="embedImage-img importedEmbed-img"></img></span></p> <p><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}">6. Then make sure to reorder as below:</span></p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/Z9ILT0U7EMZJ/microsoftteams-image-6.png" alt="MicrosoftTeams-image__6_.png" class="embedImage-img importedEmbed-img"></img></p> <p><strong><em>NOTE</em></strong><span data-contrast="auto">: You <strong>MUST</strong> select the API and SM rules and use the </span><strong><em>Move Up</em></strong><span data-contrast="auto"> link to move the rule to the top of the list to match the picture above. <strong>The block rule must be the last one</strong></span>.</p> <p> </p> <p>7. Test the configuration <br><span data-contrast="auto">You should now find that accessing </span><strong><em><a href="/home/leaving?allowTrusted=1&target=HTTPS%3A%2F%2F%3Cyour.server.address%26gt">HTTPS://<your.server.address&gt</a>;</em></strong><span data-contrast="auto"> from your allowed IP addresses works as before. When trying to reach the web interface from any other address, it will result in a browser error message.</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p> <img src="https://us.v-cdn.net/6032361/uploads/migrated/PI6GKSQE14IT/blobid18.png" alt="blobid18.png" class="embedImage-img importedEmbed-img"></img><span data-ccp-props="{"201341983":0,"335551550":2,"335551620":2,"335559685":720,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </article> </main>