Disable default script ing for IIS to improve server security

Source: Internet
Author: User

Disabling IIS to execute file types not in our plan can significantly improve the security environment of the server. The following describes how to disable the script ing we do not need.

Start IIS manager, right-click the website, and select properties:

The Property setting window is displayed as follows. Select "configuration" under "main directory:

In the new configuration window, we can see various extension names, which are all file names that can be executed by IIS. This type of file is described in the column after the name, it will be parsed and executed by that component.

Select the. CEX project and click Delete.

In the new dialog box, select YES. This type of script ing is deleted, and IIS will not use the asp. dll component to parse files with the. cdx suffix.
Generally, servers that use a mobile system can only be retained if other services are not provided. ASP is enough. If you select to generate a page with the shtml suffix, you should also retain the corresponding script ing.
After the above work is done, the server will not execute the upload Trojan with any suffix other than ASP. If you need higher security, we only need to set the execution permission of the directory for uploading files to none. In this way, even if someone breaks through the security filter of the upload component, the trojan is forcibly uploaded to the server, the trojan cannot be started to cause damage. The following describes how to set directory execution permissions.
First, open IIS, find the directory of the uploaded file, right-click it, and select the attribute bar.
Note: I am using the uploadfiles directory of the article channel as an example.
In the new Properties window, select "NONE" as the execution permission, and click "OK" to specify that the directory does not perform any script ing or file execution.

Finally, we recommend that you set all the uploaded file directories, JS file storage directories, and image storage directory attributes to none for maximum security.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.