This article gives basic information on some settings that can be applied to IIS to improve the security on the Discovery Center Website.
This is not a full list of possible security settings, but instead are some features you may consider taking advantage of.
Configuring Request Filtering
- Open IIS Manager
- In the navigation pane on the left, expand your server
- Expand “Sites”
- Select the Discovery Center site
- In the center pane, under IIS, double-click the “Request Filtering” icon
- This should take you to the “File Name Extensions” tab of Request Filtering
- On the far right, click the “Allow File Name Extensions”
- Repeat for each of the following extensions (be sure to start every one with a period):
- .
- .ashx
- .aspx
- .axd
- .css
- .dll
- .gif
- .hhc
- .htm
- .html
- .hxk
- .hxt
- .ico
- .jpg
- .js
- .png
- .svc
on the far right, click the link for “Edit Feature Settings” and uncheck the box for “Allow unlisted file name extensions”
Configuring Handler Mappings
- Open IIS Manager
- In the navigation pane on the left, expand your server
- Expand “Sites”
- Select the Discovery Center site
- In the center pane, under IIS, double-click the “Handler Mappings” icon
- Right-click and remove all items except for the following:
- AXD-ISAPI-4.0_64-bit
- ExtensionlessUrlHandler-ISAPI-4.0_64bit
- ISAPI-dll (may not be required depending on system configuration)
- OPTIONSVerbHandler
- PageHandlerFactory-ISAPI-4.0_64bit
- SimpleHandlerFactory-ISAPI-4.0_64bit
- Svc-ISAPI-4.0_64bit
- TRACEVerbHandler
- WebServiceHandlerFactory-ISAPI-4.0_64bit
- StaticFile