Using Virtual Directories With Microsoft® Internet Information Server, administrators can distribute the files that make up their Web site across volumes of the server and even to other computers in the organization because IIS makes it possible to generate a "virtual tree" of Web aliases built from local or network directories. When HTTP, FTP, or Gopher requests are submitted to the server, it fetches files from local or network locations based on the virtual tree configuration. This mechanism makes it easy to "stage" new Web content for testing over the server without having to copy files back and forth. When a new version of content is ready, the administrator need only change an internal path name, and all future requests for content with a particular name will be satisfied against the new files. An additional benefit of using virtual directories is that it allows servers with WWW, FTP, and Gopher content to be isolated from the Internet--the Internet Information Server fetches and serves documents securely using Windows NT file-sharing while exposing other computers in the local area network to low risk of compromise by outside intruders. Virtual directories are configured from the Microsoft Internet Service Manager, on the "directories" pages of the FTP, WWW, and Gopher property sheets. The page lists all configured virtual directories and gives their status. If a server is configured to use multiple IP addresses and domain names, multiple separate virtual directories (for instance, one for www.volcano.com and one for www.crater.com) can be maintained. An Example Problem: Both the catalog sales and wholesale departments at Volcano Coffee publish data on the World Wide Web. Because the catalog database is quite large and because the catalog server application runs on another machine, that department wants to maintain their Web pages on their own computer. Wholesale, on the other hand, has a small amount of data to publish and wants their data to reside on the Internet server. At the same time, Volcano's IS department wants to maintain a single Internet-accessible IP address and domain name (www.volcano.com) for all web access and keep only one computer connected to the Internet. Solution: With the Microsoft Internet Information Server virtual directory feature, this is easy to set up. By setting up a virtual tree with branches on both the Internet server and the catalog database server, all HTTP file requests can be securely redirected (and cached) through the www.volcano.com server. Here's how it's done: Start Microsoft Internet Service Manager. Connect to the www.volcano.com server by using Properties.Connect to Server. Bring up the property sheet for the WWW service by double-clicking it in the viewer. Click the Directories tab. Click the Add button to add a new root. Enter the UNC (\\servername\sharename) path to the the catalog department's pages. Enter the WWW alias by which this part of the site will be known. Enter the credentials that the WWW server should use to connect to the department's pages. (Note that these credentials can override the access rights under which the request is being serviced. For more information on setting up and assigning permissions to anonymous Internet users, click here). Click OK. Now whenever a World Wide Web client requests "http://www.volcano.com/catalog/default.htm" or any other page from the "catalog" virtual directory, that page will be fetched and cached by the Internet Information Server from the catalog department's computer. Technical Note: Execute Permissions One checkbox on the dialog above, the "execute" checkbox, deserves more explanation on this page. Because like almost all World Wide Web servers, Microsoft Internet Information Server supports dynamic content through extensions like ISAPI and CGI, World Wide Web client commands can cause programs to be executed on the Internet server. To make sure only those extension applications that have been configured by the administrator are able to run, the WWW service by default does not grant execute permission for any files except those in the "Scripts" virtual directory. This keeps an intruder who locates or places a program on the server from causing it to be executed by the server. For your site's protection, make sure this attribute is disabled in directories that shouldn't contain programs to be executed by the server in response to HTTP requests, and make sure that this attribute is enabled in directories that do.