Browse By Tags

Introduction You can expose key access control information to a PHP application to facilitate application-level access control, if desired. The Microsoft® .NET extensibility in Internet Information Services 7 (IIS 7) makes it very easy to add...

Introduction The recommendation for isolating Web sites in a shared hosting environment is consistent with all general security isolation recommendations for Internet Information Services 7 (IIS 7). In particular, it is recommended to: Use one...

Introduction There are several ways to set access control lists (ACLs), including command-line tools such as Icacls.exe. PHP hosters generally use the command line. It is also possible, however, to set ACLs in the Manifest.xml file; these are the...

Introduction The access control list (ACL) is a list of permissions associated with an object. Each of these permission entries is called an access control entry (ACE); an ACE contains permissions associated with a particular object for a...

Introduction If you use Microsoft® SQL Server® as your database, you must create and implement an effective security plan. There is a wealth of information about how to secure a SQL Server database; this article touches on a few areas of...

Introduction Security is always a consideration; it is critical to make careful security considerations when you implement and maintain your Web sites, infrastructure, and PHP applications. Internet Information Services 7 (IIS 7) offers many ways...

Introduction PHP code can be embedded in your Web pages along with HTML code. When your Web server receives a request for a page, the page is first given to the PHP handler. The PHP handler outputs HTML code without modification and executes any...

Security is always a consideration; it is critical to make careful security considerations when you implement and maintain your Web sites, infrastructure, and applications. Internet Information Services 7 (IIS 7) offers many ways to configure...

Introduction Apache Hypertext Transfer Protocol (HTTP) Server and Internet Information Services 7 (IIS 7) are two of the world’s most popular Web servers. This article provides technical information about IIS for users who are familiar with...

Introduction IIS introduces a new security feature in Service Pack 2 of Windows Server 2008 and Windows Vista. It's called Application Pool Identities. Application Pool Identities allows you to run Application Pools under an unique account without...

Introduction The access control list (ACL) is a list of permissions associated with an object. Each of these permission entries is called an access control entry (ACE); an ACE contains permissions associated with a particular object for a...

Introduction The Dynamic IP Restrictions for IIS 7.0 is a module that provides protection against denial of service and brute force attacks on web server and web sites. Such protection is provided by temporarily blocking IP addresses of the HTTP...

This article provides a list of common usage scenarios for enhanced Request Filtering features, which is shipped with Windows Server 2003 SP2 or can be downloaded from http://www.microsoft.com/downloads/ for Windows Server 2008 RTM. In the absence...

Background IIS 6 had a User Interface to configure and map one to one certificates for authentication. It allowed users to select the validation client certificate and assign the authorized user credentials. There isn't a similar UI in IIS 7. This...

Enabling powerful SSL security to protect your Web applications is simpler to setup with IIS Manager and easier to deploy with self-signed certificates in IIS 7.0. This tutorial covers adding self-signed certificates, creating certificates with a...

Abstract This document explains how to lock and unlock configuration on the server. You will learn what settings the application-level configuration files can override and how to use the <location> element to lock entire sections. You will...

Introduction The high-level steps for configuring SSL are the same in IIS 7.0 and IIS 6.0: Get an appropriate certificate Create an HTTPS binding on a site Test by making an request to the site Optionally configure SSL options, e.g. making SSL a...

Introduction UrlScan, a security tool, was provided as an add-on to earlier versions of Internet Information Services (IIS) so administrators could enforce tighter security policies on their Web servers. Within IIS 7, all the core features of...

Introduction Authorization was difficult in previous versions of IIS. Because IIS only worked with Windows identities, you had to go to the file system and set Access Control Lists on files and directories. This was tedious because the ACL UI is...

Introduction This document provides an overview of the steps required for setting both application pool and worker process isolation for IIS 7.0 servers. Application pool isolation entails protecting data that WAS (the IIS 7.0 local system...

Introduction In previous versions of IIS, we had a local account created at install time called IUSR_MachineName. The IUSR_MachineName account was the default identity used by IIS whenever anonymous authentication was enabled. This was used by...

Introduction This article contains the following: Reduced Surface Area Simplified Security Management New Security Enhancements Reduced Surface Area IIS 6.0 introduced the lockdown by default approach. This was a significant shift from previous...

Introduction IIS 7.0 introduces many new security improvements from IIS 6.0. This document overviews these improvements with respect to Authentication, Authorization, SSL, Web Service Extension Restriction List and IP restrictions. This article...