[thelist] quick and dirty IIS security
Ken Schaefer
ken at adOpenStatic.com
Thu Mar 13 19:46:30 CST 2003
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "Marc Seyon" <seyon at delime.com>
Subject: [thelist] quick and dirty IIS security
: I'm looking for the simplest (hopefully) method of securing a Win2k box
: running IIS so that the web server is not accessible from any other
: computer (other than the local machine).
:
: Sorry, "don't put it online" is not a valid solution. :-)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[Option 1]
Open IIS MMC Snapin
Rightclick on website in question and choose "Properties"
Goto "Directory Security" tab, and hit the button labelled "Edit" under the
"IP Address and Domain Name restrictions" heading. Switch to "deny all
except for", and enter "127.0.0.1"
[Option 2]
With WindowsXP you can enable the firewall the comes with Windows. That will
deny port 80 by default
[Option 3]
If you have an internal network adaptor, and an external network adapter (or
modem etc), then bind a non-routable IP address to the internal network
adaptor. Then goto the IIS MMC Snapin and edit the Host-Header information
for the website so that it will only answer requests on this IP address (not
"all unassigned"). If you do not have 2 physical adaptors, you can add the
virtual "MS Loopback Adaptor" using the Add New Hardware Wizard.
There are other options as well, but that might be enough for starters...
Cheers
Ken
More information about the thelist
mailing list