If you need to share large files over an internet connection, one easy way to do that is to spin up an Amazon AWS EC2 virtual server running Windows and the IIS Role and use the virtual directory feature in Microsoft IIS. The real key to ensuring that the files in the shared folder linked to the virtual directory default to "file -> download" when clicked on is to edit the MIME Types function. For each type of file in the virtual directory shared folder (e.g.: .ISO, .EXE, .MSI, .DOC, .PDF, .ZIP, .TGZ, etc.) change the MIME Type flag to file/download. Once you do this, when the user clicks on the file in the browser it will open the file download window. If you don't edit the MIME Type for each file extension that will be in your shared folder, when you click on the file you will get a 404 Error.
One note here is that if using Chrome or Edge and you do NOT install an SSL certificate on the IIS server, it will flag the download as unsecure. If the "Keep" option isn't working properly, you can click on the download icon in the browser toolbar to close the download window and then click it again to re-open the download option window, click on the > to expand the download item prompt, which should give you the option to "Download Insecure File".
One way to restrict access to this publicly-facing IIS file hosting server is to use the AWS EC2 Security Groups - Inbound Rules to only allow HTTP access to the EC2 VM from specific public IP addresses. Once in place, only those public IPs on the Inbound - Allow rules list will have HTTP (port 80) access to the EC2 VM. **NOTE: Be sure to give YOUR public IP address HTTP Allow access for testing. The default rule allows RDP access, which should be edited to restrict access from only YOUR public IP address.**
**EDIT**: I took this "easy" file sharing up a notch by creating a self-signed SSL certificate using Git Bash, importing the certificate into IIS and also into my personal certificates store on my local PC, and binding SSL in IIS using the new self-signed certificate. Now I can access the site using HTTPS and the browser doesn't prompt the download as "insecure".
Launch Git Bash for Windows
$ winpty openssl genrsa -out awsserver.key 4096
$ winpty openssl req -key awsserver.key -out awsserver.csr
*answer prompts*
$ winpty openssl x509 -req -days 3650 -in awsserver.csr -signkey awsserver.key -out awsserver.crt
$ winpty openssl x509 -in awsserver.crt -text -noout (*this verifies certificate)
$ winpty openssl pkcs12 -export -out awsserver.pfx -inkey awsserver.key -in awsserver.crt
*this creates PFX file to import into IIS
** Don't forget to add a DNS entry, either into your local DNS server or your PC's hosts file (Windows/system32/drivers/etc)
One note here is that if using Chrome or Edge and you do NOT install an SSL certificate on the IIS server, it will flag the download as unsecure. If the "Keep" option isn't working properly, you can click on the download icon in the browser toolbar to close the download window and then click it again to re-open the download option window, click on the > to expand the download item prompt, which should give you the option to "Download Insecure File".
One way to restrict access to this publicly-facing IIS file hosting server is to use the AWS EC2 Security Groups - Inbound Rules to only allow HTTP access to the EC2 VM from specific public IP addresses. Once in place, only those public IPs on the Inbound - Allow rules list will have HTTP (port 80) access to the EC2 VM. **NOTE: Be sure to give YOUR public IP address HTTP Allow access for testing. The default rule allows RDP access, which should be edited to restrict access from only YOUR public IP address.**
**EDIT**: I took this "easy" file sharing up a notch by creating a self-signed SSL certificate using Git Bash, importing the certificate into IIS and also into my personal certificates store on my local PC, and binding SSL in IIS using the new self-signed certificate. Now I can access the site using HTTPS and the browser doesn't prompt the download as "insecure".
Launch Git Bash for Windows
$ winpty openssl genrsa -out awsserver.key 4096
$ winpty openssl req -key awsserver.key -out awsserver.csr
*answer prompts*
$ winpty openssl x509 -req -days 3650 -in awsserver.csr -signkey awsserver.key -out awsserver.crt
$ winpty openssl x509 -in awsserver.crt -text -noout (*this verifies certificate)
$ winpty openssl pkcs12 -export -out awsserver.pfx -inkey awsserver.key -in awsserver.crt
*this creates PFX file to import into IIS
** Don't forget to add a DNS entry, either into your local DNS server or your PC's hosts file (Windows/system32/drivers/etc)
RSS Feed