As part of a security audit, we're trying to locate all the web servers that are using a "default" web page instead of our custom, more secure ones. We have a very large environment and a number of servers got set up with IIS or Apache running even tho no actual website was running. We can identify web servers using SAM and finding the IIS admin service, but we need to be able to identify which ones are using an incorrect home page.
Is there a way to set up a monitor to look for the default "Welcome to IIS 7" on a webpage? How would this be set up?
Any help is appreciated. Thanks.
Platforms System Admin
My suggestion would be:
1) Create a SAM template, using the HTTP Monitor component type.
2) Enter "Welcome to IIS 7" or whatever string you want to look for in the "Search String:" field of the component configuration
3) Set "Fail If Found:" to Yes.
4) Apply this template to all your web servers.
The ones that return the string you specify will show as down applications and you can triage them as needed.
I was able to do that, but it shows failed for websites even if they have different web page set up. I set "fail if found" to no, and we get the following results:
What I'm seeing is:
Web page exists and shows "welcome to IIS": Green
Web Page exists and does not show "welcome to IIS: Red
Web Page does not exist: Red.
Is there way to basically reverse this? Or set it so the default page shows red, non-default pages show green, and no web pages just show no data/gray?
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.