Discussion on IIS security configuration
- 2020-05-13 04:04:25
- OfStack
1.VPS or server partition if the reason for NTFS is not mentioned, it is useless to talk too much
2. NETBIOS of TCP/IP is prohibited
Abolish the binding between NetBIOS and TCP/IP via the network properties binding option
3. Right click on the website permission user (it is better to set up one user in one website and avoid the same as much as possible)
I've been through this once
4.iis permission configuration (key analysis)
There are several permission Settings in the site-property-home directory
Script resource access
write
browse
Record access
The index resources
These I recommend 1 open browsing and script access to some system requirements, corresponding to the directory open permissions
An instance where we open the script and write well, let me tell you that the Trojan is easy to write
5. Port setting
For IIS service, whether it is WWW site, FTP site, NNTP, SMTP service, all have their own TCP port number (Post) to listen to and receive browser requests. The commonly used port number is: WWW is 80, FTP is 21, SMTP is 25. You can improve the security of IIS server by modifying the port number. If you change the port Settings, only users who know the port number can access it, but users need to specify a new port number when they access it.
6. Program pool this best 1 site 1 program pool
7. Better to change the 404 page
8. You can recycle your work process once every morning in the wee hours of the morning.
I think so much now ~~ on the simple host administrator name had better change
In fact, the key configuration is also the application configuration such as php mysql
Don't talk nonsense about pure experience