6.2 C
New York
Monday, February 6, 2023
spot_img

How to secure IIS on Windows Server 2012

IIS (Internet Information Services) is always facing the Internet. So it is important to follow some rules to minimize the risk of hacking or any other security issues.

  • The first rule is to update the system regularly
  • The second principle is to create different Application Pools (containing one or more applications and allowing multiple levels of configuration between web applications). This can be done by following the steps shown below.

Step 1: You must access Server Manager > Internet Information Services (IIS) Manager > Application Pools.

Access Server Manager > Internet Information Services (IIS) Manager > Application Pools
Access Server Manager > Internet Information Services (IIS) Manager > Application Pools

Step 2: Click Sites, right-click Default Website, and then select Manage Website > Advanced Settings.

Select Manage Website > Advanced Settings
Select Manage Website > Advanced Settings

Step 3: Select Default Pools.

Step 4: Disable the OPTIONS method; this can be done by going to Server Manager > Internet Information Services (IIS) Manager > Request Filtering.

Go to Server Manager > Internet Information Services (IIS) Manager > Request Filtering
Go to Server Manager > Internet Information Services (IIS) Manager > Request Filtering

Step 5: In the Actions panel, select Deny Verb, type OPTIONS in Verb, and then press OK.

Step 6: Enable Dynamic IP Restrictions blocks by going to IIS Manager, double-clicking on IP Address and Domain Restrictions, and then selecting the Actions panel.

Double-clicking on IP Address and Domain Restrictions
Double-clicking on IP Address and Domain Restrictions

Step 7: Then select Edit Dynamic Restriction Settings, modify and set dynamic IP restriction settings as needed, and then click OK.

Step 8: Enable and configure Request Filtering rules. To do this, go to IIS Manager, double-click on Request Filtering, switch to the Rules tab, and then go to the Actions panel.

Enable and configure Request Filtering rules
Enable and configure Request Filtering rules

Step 9: Then select Add Filtering Rule, set the required rule, and then click OK.

Select Add Filtering Rule
Select Add Filtering Rule

Step 10: Allows logging. To do this, go to IIS Manager, select the specific site you want to configure, and then select Logging.

Allows logging
Allows logging

Related Articles

Stay Connected

99FansLike
89FollowersFollow
200SubscribersSubscribe
- Advertisement -spot_img

Latest Articles