Settings for Web servers

A. This is about some of the IIS settings, because the younger brother used Win2K server version, the other I will not, and I manage the server is only two months, before this, never contacted IIS, and so on, even in the debugging of the machine did not. This time because a lot of friends asked about the installation of IIS, I will be the two months I have accumulated experience to write out, I hope we do not laugh. There is a shortage of places to point out. OK, crap is not much, let's start right now!
　　
Two. First let's set up a Web site, admin tools--internet Service Manager--Create a new Web site, or use the default Web site. Well, built a site, we will be the next to the site bundle state a domain name, usually we will be their own international top-level domain resolution to their own server, you just in the domain Name Service provider There will be the domain name to this server IP on it, we open our own built Web site properties, Hey, That host head to fill in your top-level domain is OK, you have a few to fill out a few. It's very simple. Next, configure the appropriate script mappings. In the execution license configuration of the home directory.
First we're going to remove some script mappings that are useless and could cause the server to be hacked!
1 *.htr This is a more powerful document, delete the good. Otherwise, anyone can use your web to do illegal operations, or even format your hard drive.
2 *.hta Delete it.
3 *.IDC so erase him.
4 *.printer This is the printer file. Get rid of him, okay?
5 *.htw, *.ida *.idq These are index files that can be removed.
Executable files you are free to configure Ah, if you do not allow ASP to support the script map to delete the line, want to support cgi,php (have installed the interpreter), on the configuration of these files to execute the program on it. For example, to execute PHP, your PHP installed in c:\php, then you are in the home directory configuration of the application configuration, add executable c:\php\php.exe, extension of. php can be, then this site can run PHP, if you want him to run the PhP3, Repeat the above work, just change the extension to. php3 on the line. Oh. Same with CGI. Add a CGI executable file with the. cgi extension.
What we are going to do is to delete some of the default virtual directories for the default site (you can choose to stop and not run), like IISAdmin these, or you may die miserably!! Oh very simple ah. Similarly, you create a virtual directory is also very simple Ah, click on the Web site's right button, create a new virtual directory, such as to build a fictitious deified lake, a new jxqy virtual directory name, and then point to the location of your program can be used www.*****.com/jxqyCome and ask for your imaginary apotheosis.
Also, if you build this web site is to send friends or sell to customers, you want to do his site to make some restrictions?? (Not too cruel ah, too many restrictions yo), open the Web site belongs to, there is a link, see? One is unlimited, one is limited, we choose the following restrictions, how many people to limit it? Come on, 150 people, then fill out 150 links, link timeout? General 150 is enough AH!! Here are some restrictions on the performance of the site. That's the properties of the Web site here's the performance here set it, hehe. How much do you want the site to click per day?? How much do you think? Choose your own, the following choose to start the broadband limit ah ... The general 20kb/s can be ... Maximum CPU utilization?? 2% is OK. Oh, I also want to serve on the server for the sake of the service station:
In the properties of the Web site see that document? That is to set the site's default home page, your station want to use what file as the first page right here tune it. Oh. There is also the Web site properties inside the directory security, the use of the place can be big, hehe. First of all, set up here to visit your website anonymously ... Administration Tools--internet Service Manager--Open the properties of the Web site you want to set--Directory security--anonymous access and validation control--edit--Anonymous access tick--edit--Select your account for anonymous access--OK--OK, you can visit!! Hehe, want to not let some egg-loving guy can't come to visit your website??? Then limit their IP to the right place, also in the directory security here. Don't say you can't do this.
　　
Three: Let's talk about the FTP settings. This is very simple ah, in the Internet Information Services point right, new FTP site, press the next step, fill in the description of the FTP site. Fill in the IP address, write your server IP bar, port?? If you think of a ah, the best people can not guess, so even if it is to know the user name and password, a bad on the ftp yo, hehe. The next step is this FTP chain, pointing to which directory on your server Ah, this you set it, you build which directory is used to put the site on the point to which directory, OK, an FTP built. Then you should go to the management tool inside the Computer Management, a new user, is used as a link just created this FTP account. Account has been built, then go to open just the new FTP properties, also have the option of linking, oh, at the same time using this FTP people? Three or four is OK. Below we look at the security account here, will be anonymous FTP this hook to remove, or else anonymous on this ftp, oh, I like this on the other people's server copy information, hehe. Add another operator, which is the account you just created. There is also a message next to the function, used to link FTP, the server's prompt information, which is filled here, and directory security? You don't want an IP segment or an IP to be allowed to use this FTP? Come here to limit it. Oh. Well, some of the settings are basically only so much, let's talk about the size of the user Configuration space bar.
　　
Four: Disk partition quotas
Disk quotas are enabled
As we all know, we sometimes need to limit the amount of disk capacity that some customers can use, and we can do it, and we don't need any other software, Win2K itself has this function. However, you must require that you format the hard drive by using NTFS 5.0 for partitioning. In the partition of NTFS 5.0, after you open the Properties dialog box, if the current user is a system administrator or a member of the System Administrators group, you will see the "quota" item in the Properties dialog box, and if you are not using the NTFS 5.0 partition, you do not have this feature.
By default, the touch disk quota is disabled, and if you want to enable hit quotas, simply select the Enable quota Management check box and click OK or apply to turn on disk quotas. The touch disk quota is managed and controlled by the touch disk quota program in Windowns 2000, and the disk quota program is started when disk quotas are enabled.
Allocation and setting of disk quotas
Touch disk quotas are a disk allocation mechanism based on user and file owners. With the disk quota mechanism, the system administrator can set the upper limit of disk space for each user using the NTFS5.0 partition. Open a quota entry with two options:
1: Unlimited disk use: No restrictions on the use of new users, any new users can fully use disk space, until the maximum disk capacity.
2 Limit disk space to: After you select this option, you can set the size of the quota limit (Puota limit) and: the size of the quota warning level (quota warning levels). Quota limit Specifies the maximum amount of disk space a new user can use in the current partition. For example, I set the warning level to 200MB, warning level 198MB, if you have used something that is 198M, the system will be warned, if you reach 200M, then the user can no longer upload things.
The following settings are also available in the Quota dialog box
1: Deny disk space to users exceeding the quota limit: After you select this option, users cannot add any additional data to the partition after they have reached a quota limit for the disk space they are using. If you do not select this option, the disk space used by the user exceeds the quota limit, and the system may only record this event.
2: Log events when users exceed disk quotas: When this option is selected, the system logs the event in the system log when the user uses more disk space than the disk quota.
3: Log event when user exceeds warning level: When this option is selected, the system logs this in the system log when the user uses more disk space than the warning level.
And the security of the server, as long as there are patches on the dozen, see more log I think there is no problem. Don't forget, Microsoft is the patch king.