Windows Server 2012 - IIS Security

The IIS (Internet Information Services) is facing internet all the time. So, it is important to follow some rules in order to minimize the risk of being hacked or having any other security issues. The first rule is to take all the updates of the system regularly. The second one is to create different application polls to this, which can be done by following the steps shown below.

Step 1 − You have to go to: Server Manager → Internet Information Services (IIS) Manager → Application Pulls.

Step 2 − Click “Sites” → Right Click “Default Website” → Manage Website → Advance Settings.

Step 3 − Select the Default Pools.

Step 4 − Disable the OPTIONS method, this can be done by following the path – Server Manager → Internet Information Services (IIS) Manager → Request Filtering.

Step 5 − In the action pane, select "Deny Verb" → Insert ‘OPTIONS’ in the Verb → OK.

Step 6 − Enable Dynamic IP Restrictions blocks by going to – IIS Manager → Double click on "IP Address and Domain Restrictions" → Actions pane.

Step 7 − Then select "Edit Dynamic Restriction Settings" → Modify and set the dynamic IP restriction settings according to your needs → press OK.

Step 8 − Enable and Configure Request Filtering Rules, to do this – IIS Manager → Double click on "Request Filtering" → Change to the Rules tab → Actions Pane.

Step 9 − Then select "Add Filtering Rule" → Set the required rules → Click OK.

Step 10 − Enable logging, to do this we need to follow this path – IIS Manager → select the specific site you want to configure → Logging.