Disable the default script ing of IIS in the detailed illustration to improve Server Security Settings

Start IIS manager, right-click the website, and select properties:

The Property setting window is displayed as follows. Select "configuration" under "main directory:

In the new configuration window, we can see all kinds of extensions, which areIISThe suffix of the executable file name. This type of file is described in the column after the name and will be parsed and executed by that component.

We choose. CexClick Delete for this project.

If yes is selected in the new dialog box, the ing of this type of script is deleted,IISWill not be reusedASP. dllComponent to parse. CDX.

Generally, servers that use a mobile system can only be retained if other services are not provided.. AspIt is enough. If you select generateShtmlThe corresponding script ing should also be retained.

After the above work is done, the server will not perform divisionASPIn addition, if you need higher security, you only need to set the execution permission for the Directory of the uploaded file to none. In this way, even if someone breaks through the security filtering of the Upload Component and forcibly uploads the Trojan to the server, the trojan cannot be started to cause damage. The following describes how to set directory execution permissions.

First, openIISFind the directory of the uploaded file, right-click the file, and select the attribute column.

note, here I use the Article channel uploadfiles directory example

In the new Properties window, select the execution permission"None"Click "OK" to specify that the directory does not perform any script ing or file execution.

Finally, we recommend that you upload all the files on the website to the directory,JSThe file storage directory and image storage directory attributes are set to none, in order to achieve maximum security.