Many times, customers open support cases requesting new web.config files for a variety of reasons:
- Enable/disable SSL or Windows SSO
- Corrupt web.config file
- Made mistakes attempting to modify file manually
- Curious if someone has a file for a particular version already made to support SSO/SSL configurations
- Planning ahead for an upcoming change or upgrade
- Conflicting documentation
- Not comfortable with modifying file manually
Why should you edit vs. replace?
- IIS settings (like Machine Keys, httpRuntime, executionTimeout, maxRequestLength) may have been customized and could be lost
- Some IIS settings are read only due to inherited settings
- X.509 certificate name may be different than the default RSA Archer Configuration
- SSL certificate name
- Server Hardening
- Various customizations per company policies could be lost
- Typos may occur or settings missed
History and future
In very old versions of Archer, a web.config editor tool was provided with installer, but that was discontinued in an early 5.x version. Then, the 5.x Archer Web.config Editor tool was provided, but development stopped when 6.0 was introduced.
Back by popular demand and after a two year vacation, introducing two new tools to help edit web.config files.
- Web.config Editor 3.0 - developed by Taylor Kruh...it's "Taylor Made"
- Web.config Editor using PowerShell v1.0 - developed by Jeff Letterman
Advantages of tools vs. manual edit
- Quickly verify and edit existing settings
- Point-n-click interface or PowerShell script
- Keeps customized settings
- Lowers risk of misconfiguration
- Prevents typos
- Replace corrupt/bad web.config files
Why two different tools?
- Both tools can edit existing API and Website web.config files
- Web.config Editor 3.0 can create API and Website web.config files
- Web.config Editor using PowerShell v1.0 has a couple extra functions to check Archer services and various IIS settings
What do the tools check?
|Diagnostic Check||Notes||XML Path|
|Is API file||Checks xpath to determine if the web.config file is from the /api IIS application or not|
|X.509 Certificate||Gets the certificate name. This is helpful in case an SSL certificate is selected instead of the X.509 certificate.|
|Configuration Service URL||Gets the config service URL. In almost all environments, this should be http://localhost:13201/ConfigService|
Gets custom error settings for informational purposes.
Default: mode=On defaultRedirect=error.aspx
What is HSTS?
HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header, that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers. Applies to Strict-Transport-Security, X-Content-Security-Policy, and X-XSS-Protection.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.