Manually Configuring the Proxy Module

This section describes how to manually configure IIS for use of the Thunderstone Proxy Module. The will be described in more detail in the next section. This is not necessary for normal operations - these actions are normally performed automatically by InstallShield upon installation. These steps are only necessary if IIS's configuration gets wiped out and needs to be redone.

The Thunderstone Proxy Module is an ISAPI Extension, two if using the authProxy. They are assigned as Global Application Maps to Virtual Directories in IIS. All requests to the directories are not be served from the file system that the application points to, but instead go through the Proxy Module dlls.

One application is required per extension: texis, which gets assigned proxyModule.dll, and authProxy, which gets assigned authProxy.dll.

If using the authProxy, texis must have anonymous access disabled and Integrated Authentication enabled, while authProxy must have anonymous access allowed (which is allowed by default).

These are the steps that must be done if you are manually setting up IIS for using the Proxy Module. Note that these are done automatically by the installer and do not need to be manually done under normal circumstances.

  • Add the ThunderstonePool application pool

    • Open the Internet Information Services (IIS) Manager

    • Select Application Pools on the left

    • Right-click in the blank space and choose Add Application Pool...

    • Name it ThunderstonePool, and click OK

    • Right-click on the new ThunderstonePool and choose Advanced Settings...

    • In the Process Model section, change Identity to LocalSystem.

    • Click OK to close the Identity dialog, and then OK to close the Advanced Settings dialog.

  • Add the texis application

    • Open the Internet Information Services (IIS) Manager

    • Right click on the web site you want to use and select Add Application...

    • In the Alias box, enter texis.

    • In the Application pool box, select ThunderstonePool.

    • In the Physical Path box, browse to the INSTALLDIR/etc/ISAPI-virtualdir folder.

    • Click OK to complete the wizard and return to the IIS Manager window.

  • Apply proxyModule.dll as a Wildcard Application Map

    • In IIS Manager, click the newly created texis application, and double-click Handler Mappings in the center list.

    • Choose Add Wildcard Script Map on the right.

    • For the name, enter Thunderstone Proxy Module.

    • Set the executable to INSTALLDIR/etc/proxyModule.dll.

    • When you hit OK to close that window, you'll be prompted with Do you want to allow this ISAPI Extension? Choose Yes.

    • In IIS8, an additional step is required:

      • Right click on the new handler mapping, choose Edit...

      • Click the Request Restrictions button that wasn't present before.

      • Uncheck Invoke handler only if request is mapped to: box and click OK, and accept allowing the extension again.

  • Allow Double Escaping

    • For IIS 7:

      • Click Start, type Notepad in the Start Search box, right-click Notepad in the Programs list, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type your password, or click Continue.

      • On the File menu, click Open, type %windir%\System32\inetsrv\config\applicationHost.config in the File name box, and then click Open.

      • In the ApplicationHost.config file, locate the requestFiltering XML element.

      • Change the value of the allowDoubleEscaping property to true. To do this, use code that resembles the following example code. 
        <requestFiltering allowDoubleEscaping="true">

      • On the File menu, click Save.

      • Exit Notepad.

    • For IIS 8:

      • In IIS Manager, click the machine name, then double-click Request Filtering in the center list

      • Click Edit Feature Settings... on the right

      • Check Allow Double Escaping on

      • Click OK

  • Configure texis for authentication

    Only necessary if using the authProxy.

    • Select the texis application on the left

    • Double click on Authentication

    • Right click on Anonymous Access and choose Disable

    • Right click on Windows Authentication and choose Enable

      • If Windows Authentication isn't listed, you'll need to install the Windows Authentication role service for the IIS role.

  • Add the common application

    • Right click on the web site and select Add Application...

    • In the Alias box, enter common.

    • In the Application pool box, select ThunderstonePool.

    • In the Physical Path box, browse to the INSTALLDIR/etc/ISAPI-common folder.

    • Click OK to complete the wizard and return to the IIS Manager window.

  • Apply proxyModule.dll as a Wildcard Application Map

    • In IIS Manager, click the newly created common application, and double-click Handler Mappings in the center list.

    • Choose Add Wildcard Script Map on the right.

    • For the name, enter Thunderstone common Proxy Module.

    • Set the executable to INSTALLDIR/etc/proxyModule.dll, in whatever location you chose for proxyModule.dll during the install.

    • Hit OK to close that window

    • In IIS8, an additional step is required:

      • Right click on the new handler mapping, choose Edit...

      • Click the Request Restrictions button that wasn't present before.

      • Uncheck Invoke handler only if request is mapped to: box and click OK, and accept allowing the extension again.

  • Add the authProxy application

    Only necessary if using the authProxy.

    • Right click on the web site and select Add Application...

    • In the Alias box, enter authProxy.

    • In the Application pool box, select ThunderstonePool.

    • In the Physical Path box, browse to the INSTALLDIR/etc/ISAPI-authproxy folder.

    • Click OK to complete the wizard and return to the IIS Manager window.

  • Apply authProxy.dll as a Wildcard Application Map

    Only necessary if using the authProxy.

    • In IIS Manager, click the newly created authProxy application, and double-click Handler Mappings in the center list.

    • Choose Add Wildcard Script Map on the right.

    • For the name, enter Thunderstone Auth Proxy Module.

    • Set the executable to INSTALLDIR/etc/authProxy.dll, in whatever location you chose for the Proxy Module during the install.

    • When you hit OK to close that window, you'll be prompted with Do you want to allow this ISAPI Extension? Choose Yes.

    • In IIS8, an additional step is required:

      • Right click on the new handler mapping, choose Edit...

      • Click the Request Restrictions button that wasn't present before.

      • Uncheck Invoke handler only if request is mapped to: box and click OK, and accept allowing the extension again.
IIS is now set up properly to use the Proxy Module. Note that if using the authProxy, changes still need to be made to the network and the Search Appliance, as detailed in the Post-Install Setup and Configuring the Search Appliance sections, on pages here and here, respectively.

Copyright © Thunderstone Software     Last updated: Nov 8 2024

 

Copyright © 2024 Thunderstone Software LLC. All rights reserved.