4. Server security settings--IIS user settings method
Examples of IIS secure access
IIS Basic Settings
Here are four examples of virtual hosts with different types of scripts. Permission setting examples
Host header
Host script
Hard disk directory
IIS username
Hard disk permissions
Application Pool
Home Directory
Application Configuration
HTM
D:\\
IUSR_1.com
Administrators (full control)
IUSR_1.com (read)
Can be used together
Read/pure script
Enable parent path
ASP
D:\\
IUSR_1.com
Administrators (full control)
IUSR_2.com (read/write)
Can be used together
Read/pure script
Enable parent path
NET
D:\\
IUSR_1.com
Administrators (full control)
IWAM_3.com (read/write)
IUSR_3.com (read/write)
Independent Pool
Read/pure script
Enable parent path
PHP
D:\\
IUSR_1.com
Administrators (full control)
IWAM_4.com (read/write)
IUSR_4.com (read/write)
Independent Pool
Read/pure script
Enable parent path
Among them, IWAM_3.com and IWAM_4.com are the startup accounts in their respective independent application pool identifiers.
Host script type
The application extension (that is, the file suffix name) corresponds to the host script, and only the following application extensions need to be loaded.
HTM
STM | SHTM | SHTML | MDB
ASP
ASP | ASA | MDB
NET
ASPX | ASAX | ASCX| ASHX | ASMX | AXD | VSDISCO | REM | SOAP | CONFIG |
CS |CSPROJ | VB | VBPROJ | WEBINFO | LICX | RESX | RESOURCES | MDB
PHP
PHP | PHP3 | PHP4
MDB is a shared map, and is represented by red below
Application Extensions
Mapping files Execution actions
STM=.stm
C:\WINDOWS\system32\inetsrv\ GET,POST
SHTM=.shtm
C:\WINDOWS\system32\inetsrv\ GET,POST
SHTML=.shtml
C:\WINDOWS\system32\inetsrv\ GET,POST
ASP=.asp
C:\WINDOWS\system32\inetsrv\ GET,HEAD,POST,TRACE
ASA=.asa
C:\WINDOWS\system32\inetsrv\ GET,HEAD,POST,TRACE
ASPX=.aspx
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
ASAX=.asax
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
ASCX=.ascx
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
ASHX=.ashx
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
ASMX=.asmx
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
AXD=.axd
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
VSDISCO=.vsdisco
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
REM=.rem
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
SOAP=.soap
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
CONFIG=.config
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
CS=.cs
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
CSPROJ=.csproj
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
VB=.vb
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
VBPROJ=.vbproj
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
WEBINFO=.webinfo
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
LICX=.licx
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
RESX=.resx
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
RESOURCES=.resources
C:\WINDOWS\\Framework\v1.1.4322\aspnet_isapi.dll GET,HEAD,POST,DEBUG
PHP=.php
C:\php5\ GET,HEAD,POST
PHP3=.php3
C:\php5\ GET,HEAD,POST
PHP4=.php4
C:\php5\ GET,HEAD,POST
MDB=.mdb
C:\WINDOWS\system32\inetsrv\ GET,POST
NTFS permissions required for process accounts
Directory Required Permissions
Temporary Files%windir%\\Framework\{version}Temporary Files
Process account and simulation identifier:
Complete control
Temporary directory (%temp%)
Process Account
Complete control
.NET Framework Directory %windir%\\Framework\{version}
Process account and simulation identifier:
Read and execute
List folder content
Read
.NET Framework Configuration directory %windir%\\Framework\{version}\CONFIG
Process account and simulation identifier:
Read and execute
List folder content
Read
Website root directory
C:\inetpub\wwwroot
Or the path to the default website
Process Account:
Read
System root directory
%windir%\system32
Process Account:
Read
Global assembly cache
%windir%\assembly
Previous page123456789Next pageRead the full text