Recently I was working with one of my customers where he using IIS IP Security module for a Cloud Service. When the service was deployed, he noticed that IP restriction was not working. It is supposed to block certain IPs based on the some rules defined in configuration but this was not happening. So we end up logging into the VM for troubleshooting.
After some troubleshooting we found out that that the IP Security module was not installed. We manually installed the module and tested the Cloud Service. It worked as expected. But when we reboot the instance, the installation was rolled back. So the installation was not persistent and it seems that IIS doesn’t install all the modules by default. And if you need a specific module, you would need to plan for a way to install it.
In order to resolve the issue, we need to install the IP Security Module in WebRole startup script. Here is a link to know more about how to run startup task in Windows Azure:
Run Startup Tasks in Windows Azurehttp://msdn.microsoft.com/en-us/library/windowsazure/hh180155.aspx
For Windows Server 2008
We would need to use ServerManagerCmd to install the Module. Here is the command to install the module:
ServerManagerCmd -install Web-IP-Security
For windows Server 2012
So we you are using Windows Server 2012 for your Cloud service, ServerManagerCmd wont work. It's deprecated. So you would need a PowerShell script to do the installation at startup. Here is the powershall script:
import-module ServerManagerAdd-WindowsFeature Web-Ip-Security
Use a PowerShell Script as a Startup Taskhttp://msdn.microsoft.com/en-us/library/windowsazure/jj130675.aspx
You could use the same commands to install any other IIS Module.
Nice post! I tried the script post here; I go to the link, msdn.microsoft.com/.../hh180155.aspx; and copy the script for powershell startup task. However I have a problem when publishing, the web role cannot be started and keep recycling. I fixed by removing "-version 2.0" from "Powershell command" in startup.cmd.
Thanks for the tip Philip. Glad you are able to fix it by changing the startup.cmd.