IIS (Internet Information Services) is always facing the Internet. So it is important to follow some rules to minimize the risk of hacking or any other security issues.
- The first rule is to update the system regularly
- The second principle is to create different Application Pools (containing one or more applications and allowing multiple levels of configuration between web applications). This can be done by following the steps shown below.
Step 1: You must access Server Manager > Internet Information Services (IIS) Manager > Application Pools.

Step 2: Click Sites, right-click Default Website, and then select Manage Website > Advanced Settings.

Step 3: Select Default Pools.
Step 4: Disable the OPTIONS method; this can be done by going to Server Manager > Internet Information Services (IIS) Manager > Request Filtering.

Step 5: In the Actions panel, select Deny Verb, type OPTIONS in Verb, and then press OK.
Step 6: Enable Dynamic IP Restrictions blocks by going to IIS Manager, double-clicking on IP Address and Domain Restrictions, and then selecting the Actions panel.

Step 7: Then select Edit Dynamic Restriction Settings, modify and set dynamic IP restriction settings as needed, and then click OK.
Step 8: Enable and configure Request Filtering rules. To do this, go to IIS Manager, double-click on Request Filtering, switch to the Rules tab, and then go to the Actions panel.

Step 9: Then select Add Filtering Rule, set the required rule, and then click OK.

Step 10: Allows logging. To do this, go to IIS Manager, select the specific site you want to configure, and then select Logging.
