IIS6, IIS7, IIS7.5 Methods for canceling execution permissions on server host space directory scripts _win server

Web site security, the implementation of the directory is very sensitive to the permissions, in general, can be written to the directory is not able to have the execution permissions of the script, like the DEDECMS system, can be written to two directory data, Uploads,data directory is mainly basic configuration files and cached data, Uploads is the attachment upload saved directory, this article will be for different server environment to explain how to cancel the execution of these two directories, of course, we also recommend some other users to generate pure static HTML directory, with writable permission to remove all the execution permissions, so the system will be more secure.

IISIIS6.0 in Windows suppresses server host space directory script execution permissions

Open the site in IIS, right-click on the site uploads directory, data directory, and static HTML build directory, select "Properties" in the menu, and choose "None" in the Directory Properties panel. (Figure 1)

IIS7 to cancel server host space directory script execution permissions

Web site security, the implementation of the directory is very sensitive to the permissions, in general, can be written to the directory is not able to have the execution permissions of the script, like the DEDECMS system, can be written to two directory data, Uploads,data directory is mainly basic configuration files and cached data, Uploads is the attachment upload saved directory, this article will be for different server environment to explain how to cancel the execution of these two directories, of course, we also recommend some other users to generate pure static HTML directory, with writable permission to remove all the execution permissions, so the system will be more secure.

Steps in the IIS7

For the first step, we select the directory on the left side of IIS and switch to the functional view

The second step is to open the handler mapping feature

The third step, turn on the right side of the "Edit feature Permissions", the "script" this item can be canceled

IIS7 is similar to IIS6.0, select the corresponding directory of the site, data, uploads and static HTML file directory, double-click the function to try the panel "handler mapping" (Figure 2)

(Figure 2)

In the Edit feature permission ..., we directly remove the script execution permissions. (Figure 3)

Sum up:

If you want the specified directory to have only read permission, simply place a name "Web.config" in the directory that contains the

<?xml version= "1.0" encoding= "UTF-8"?> 
<configuration> 
<system.webServer> 
< Handlers accesspolicy= "Read"/> 
</system.webServer> 
</configuration> 

(configuration) file.

Thus, when accessing the ASP, PHP, and other executable files in the directory, IIS7 will output the following error message:

HTTP Error 401.3-unauthorized

You do not have permission to view this directory or page because of Access control List (ACL) configuration or encryption settings for this resource on the WEB server.

iis7.5 a method for bulk deletion of handler mappings

Because the server currently only needs to support PHP, then you can remove the asp,asp.net. iis7.5 is a good point is all through the root directory of Web.config control, the following provides the file, you can refer to the

<?xml version= "1.0" encoding= "UTF-8"?> <configuration> <system.webServer>  

The

is actually deleted by <remove name= ""/>, and if you want to restore a specific mapping, you can delete the corresponding name.