我如何在 powershell 中验证 IIS web.config [英] how do i validate an IIS web.config in powershell
问题描述
不幸的是,在 IIS 中,如果您在 wwwroot\web.config 和 wwwroot\myapp\web.config 中定义相同的设置,某些类型的设置将相互冲突,从而导致 500.19 错误.
Unfortunately in IIS if you define the same setting in wwwroot\web.config and wwwroot\myapp\web.config, certain types of settings will collide with each other resulting in a 500.19 error.
例如允许的动词:
<security>
<requestFiltering>
<verbs allowUnlisted="false">
<add verb="HEAD" allowed="true" />
<add verb="POST" allowed="true" />
<add verb="GET" allowed="true" />
</verbs>
</requestFiltering>
</security>
同样不幸的是,PowerShell Set-WebConfiguration 在进行更改之前不会对此进行验证,一旦损坏,您将无法删除错误的配置.
Also unfortunately the PowerShell Set-WebConfiguration does not validate this before making the change and once corrupted you cannot remove the bad configuration.
我需要一种方法来在更改之前/之后验证配置,以便我可以回滚它或采取行动.
I need a way to validate the configuration before/after a change so i can either roll it back or take action.
我找到了这个解决方案:https://serverfault.com/questions/708079/is-there-a-cmd-tool-to-check-a-web-config-file-for-validity 但是它只验证语法失败或只有非常重要的配置问题.
I found this solution: https://serverfault.com/questions/708079/is-there-a-cmd-tool-to-check-a-web-config-file-for-validity however it only validates SYNTAX failures or only very major configuration issues.
它不会检测其他过滤器路径上的冲突:例如无法添加类型为add"且唯一键属性verb"设置为HEAD"的重复集合条目
It does not detect collisions at other filter paths: e.g. Cannot add duplicate collection entry of type 'add' with unique key attribute 'verb' set to 'HEAD'
推荐答案
我发现解决方案是创建一个函数,该函数读取 web.config,通过解析 xml 来编译过滤器列表,然后执行 get-每个过滤器的webconfiguration,过滤器将返回一些东西,什么都没有(如果没有要读取的设置)或异常(我们关心的)
I found the solution to this is to create a function which reads in the web.config, compiles the list of filters by parsing the xml and then perform a get-webconfiguration for each filter, either the filter will return something, nothing (if no settings to read) or an exception (what we care about)
代码:
function Test-IISWebAppConfigIsValid
{
param (
[Parameter(Mandatory=$true,ValueFromPipeline=$true,ValueFromPipelineBYPropertyName=$true)]
[string]$AppName,
[string]$SiteName='Default Web Site'
)
process
{
$Result = @{
IsValid=$false;
SiteName=$SiteName
AppName=$AppName
}
try
{
$result.Add("FileInfo",(Get-WebConfigFile -PSPath "IIS:\Sites\$SiteName\$AppName"))
$Result.Add("FileExists",$result.FileInfo.Exists)
$result.Add("IsXML",$False)
#load the web.config
[xml]$ConfigXML = $result.FileInfo | Get-Content
$result.IsXML = $true
#find all the elements in the config file
$Elements = $ConfigXML.SelectNodes("//node()[name() != 'add' and name() != 'remove' and name() != 'clear']")
#extract the filters from the xpath by finding all the configured elements
$FilterList = @()
foreach ($el in $Elements)
{
$FilterStack = @()
$tempel = $el
while ($tempel.ParentNode -and $tempel -ne $ConfigXML.DocumentElement -and $tempel -ne $ConfigXML)
{
$name = $tempel.get_name()
if ($tempel.NodeType -eq 'Element')
{
$FilterSTack += $name
}
$tempel = $tempel.ParentNode
}
if ($FilterStack.Count -gt 0) {
[array]::Reverse($FilterStack)
$FilterList += "/"+[string]::Join("/",$FilterStack)
}
}
$Result.Add("FilterList", ($FilterList | Sort-Object -Unique))
#load the configuration for each xpath
if (($result.FilterList | Measure-Object).Count -gt 0) {
Get-WebConfiguration -PSPath "IIS:\Sites\$SiteName\$AppName" -Filter $result.FilterList | Out-Null
}
$result.IsValid=$true
}
catch [System.Exception]
{
$result.Add("Exception",$_.Exception)
}
finally
{
write-output ([PSCustomObject]$result)
}
}#process
}#function Test-IISWebAppConfigIsValid
'myapp1','myapp2' | Test-IISWebAppConfigIsValid |ft -Property AppName,FileExists,IsValid,Exception -AutoSize
输出:
AppName FileExists IsValid Exception
------- ---------- ------- ---------
myapp1 True False System.Runtime.InteropServices.COMException (0x800700B7): Filename: \\?\C:\inetpub\wwwroot\myapp1\web.config...
myapp2 True True
这篇关于我如何在 powershell 中验证 IIS web.config的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
