An `iis_site` resource block declares details about the named site:
describe iis_site('site_name') do
it { should exist }
it { should be_running }
it { should have_app_pool('app_pool_name') }
it { should have_binding('binding_details') }
it { should have_path('path_to_site') }
end
where
* `'site_name'` is the name of the site, such as `'Default Web Site'`
* `('app_pool_name')` is the name of the application pool in which the site's root application is run, such as `'DefaultAppPool'`
* `('binding_details')` is a binding for the site, such as `'net.pipe *'`. A site may have multiple bindings; therefore, use a `have_binding` matcher for each site binding to be tested
* `('path_to_site')` is the path to the site, such as `'C:\\inetpub\\wwwroot'`
For example:
describe iis_site('Default Web Site') do
it { should exist }
it { should be_running }
it { should have_app_pool('DefaultAppPool') }
it { should have_binding('https :443:www.contoso.com sslFlags=0') }
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
The `have_binding` matcher can also test attributes that are defined for a site binding. For example, the `sslFlags` attribute defines if SSL is enabled, and (when enabled) what level of SSL is applied to the site.
Testing a site with SSL disabled:
it { should have_binding('https :443:www.contoso.com sslFlags=0') }
Testing a site with SSL enabled:
it { should have_binding('https :443:www.contoso.com sslFlags=Ssl') }
Testing a site with certificate mapping authentication enabled:
it { should have_binding('https :443:www.contoso.com sslFlags=SslMapCert') }
Testing a site with 128-bit SSL enabled:
it { should have_binding('https :443:www.contoso.com sslFlags=Ssl128') }