Category Archives: IIS

Linux Apache to Windows IIS migration with Helicon APE


So I need to migrate a static website from a Linux server to Windows IIS 7. Everything works fine thanks to the static nature of the site, except for one thing – the htaccess security that works under the Apache web server. While its a very simple implementation, making it work the same under IIS has been a little tricky.

Helicon APE (Apache Emulator)

First of all, the company Helicon make 2 products useful for this that we checked out – ISAPI Rewrite 3 and APE. It turns out that APE is what is needed for the security, so keep this in mind when trying things more than just URL re-writing.

Directory Paths

Next trick – if your htaccess files are using directory paths, in my case there are paths to htpasswd & htgroup files, you need to change them from unix style to windows style. Example:





Make sure to include the mapped drive letter at the start of the path if doing absolute references. Hopefully your server’s drive mappings never change letter for any reason :-s haha windows.

Also – dont try to do this manually (opening the file, editing, saving, opening the next one…) if you have more than a couple of files with paths, I use a nifty app called TextCrawler to search and replace text within files and it will find text nested in directories no problem.

Referencing from a secured directory

Apparently when a user hits the index page of this site, they were never asked for a login. There is no htaccess file in the site root directory where the index file is either, so thats what I would expect. But moving all the files just the way they are into IIS, changing the file paths from unix to windows, and nothing else, the user is asked to log in as soon as they hit the index page. If you click cancel, its all good and the user can enter. So why the difference?

Well, the index page is referencing a CSS file which is in a directory that is password protected by an htaccess file. Seems Apache may know the difference but IIS does not (which is fair enough) because this index file is actually referencing resources from a secured directory.

For now I have copied the CSS file into the unprotected root directory and changed the path in the index file to reference this instead. I thought of moving the whole directory, but there are 74 other files with static, relative paths (like …/…/dir/file.css) so that would be a regular expression nightmare at this point to replace all these accurately. For now, once a user gives their user/passwd it appears that they dont need to do it again. So to fix this for the index page I think will be enough for now.

I will keep updating this post as I get closer to winning this migration!

More about the htaccess files: