How to set up IIS server and security guarantee in windows2003

Everyone knows that IIS (Internet Information Server) is a Web (Web) service component. With it, it is very easy for us to post information on the Internet (including the Internet and LAN). It mainly includes web server, FTP server, NNTP server and SMTP server for web browsing, file transfer, news service and mail sending. In this article, Xiaobian will explain how to set up IIS server in windows2003.

Adding and Running IIS

I. Adding IIS

Go to “Control Panel>, select “Add/Remove Programs & Rarr; Add/Remove Windows Component & rdquo;, remove the small hook in front of the "Internet Information Service (IIS)", re-tick, follow the prompts to complete the addition of IIS components. The IIS components added in this way will include all four services such as Web, FTP, NNTP, and SMTP.

Second, IIS running

After successfully adding IIS, enter “ start → program & rarr; management tools & rarr; Internet service manager rdquo; to open IIS Manager, will have all “ The service has been stopped, right click on it, select “ start & rdquo; to open.

IIS Web Server

First, establish the first Web site

For example, the IP address of this machine is 192.168.0.1, and the webpage is placed in the D:Wy directory. The home page file name is Index.htm, and now I want to build my own web server based on these.

For this Web site, we can modify the existing "Default Web Site" by right-clicking on the "Default Web Site" and selecting "Properties". To enter the interface named "Default Web Site Properties".

1. Modify the bound IP address: Go to the “Web Site” window, and then select the local IP address you want to use in the drop-down menu after “IP Address”. 192.168.0.1”.

2. Modify the main directory: Go to the “Home Directory” window, and then type in the “Local Path” (or use the “Browse & rdquo; button to select” the page where your web page is located. Wy” directory.

3. Add the home page file name: Go to the "Documents" window, and then press the "Add" button, and enter the home page file name of your page after the default file name & rdquo; ;Index.htm”.

4.Add a virtual directory: In the "D:Wy" directory, enter the format of "192.168.0.1/test", and bring up the web file in "E:All". “test” is the virtual directory.

Right-click on the "Default Web Site" and select "New & Rarr; Virtual Directory", and then type ""test" in the "alias", in "Directory" Enter “E: All” and then follow the prompts to add success.

5. Test of effect: Open IE browser, enter "ld.192.168.0.1" in the address bar and press Enter to call up the homepage of your webpage, indicating that the setup is successful! Br>

Second, add more Web sites

1. Multiple IPs correspond to multiple Web sites

If the machine is bound to multiple IP addresses, you want to use different The IP address of the different web pages, just right click on the "Default Web Site", select "New → Site", and then enter any for instructions at the "Description" section. Its content, in the "Enter the IP address used by the Web site" drop-down menu, select the IP address to be bound to it; when the Web site is established, then follow the previous steps to set accordingly.

2. One IP address corresponds to multiple Web sites

After setting up all the Web sites according to the previous method, you can set different Web sites for each virtual site. The port number is implemented. For example, if a Web site is set to 80, one is set to 81, and one is set to 82……, for a Web site with a port number of 80, the access format is still directly an IP address, and To bind to a Web site with a different port number, you must add the corresponding port number after the IP address, that is, use the format such as “http://192.168.0.1:81”.

After changing the port number, it is more troublesome to use. If you have mapped all the domain names you need in the DNS server to this unique IP address, use the different "host header name" The method allows you to use domain names directly to access different Web sites.

Example: This machine only has one IP address of 192.168.0.1, and two web sites have been created (or set up), one is "default web site", one is "my second" Web sites”, enter “www.enanshan.com” can directly access the former, enter “ www.popunet.com” can directly access the latter. The steps are as follows:

(1) Please make sure that both of your domain names have been mapped to that IP address in the DNS server; and ensure that the port numbers of all Web sites remain at 80. This default value.

(2) Then select "Default Web Site & Rarr; Right & Rarr; Attribute & Rarr; Web Site", click "“IP Address" on the right side of the "Advanced" button at &ldquo ; this site has multiple logos under & rdquo; double-click the existing IP address (or click to select it and then press the "Edit" button), then enter "ldhost name" under the "host name" " www.enanshan .com”Click the "OK" button to save and exit

Three minutes to ensure the security of IIS itself

IIS security installation

Consider building a security from the installation IIS Server

1. Do not install IIS on the system partition.

2. Modify the default path for IIS installation.

3. Put the latest patches for Windows and IIS.

IIS Security Configuration

1. Delete unnecessary virtual directories

After IIS installation is completed, some directories are generated by default under wwwroot, including IISHelp, IISAdmin, IISamples, MSADC, etc., these directories have no practical effect and can be deleted directly.

2. Removing dangerous IIS components

Some IIS components after default installation may pose security threats such as Internet Service Manager (HTML), SMTP Service and NNTP Service, sample pages and The script can be deleted according to your needs.

3. Set permissions for file classification in IIS

In addition to setting the necessary permissions for IIS files in the operating system, you also need to set permissions for them in IIS Manager. A good setup strategy is to create directories for different types of files on your Web site and then assign them the appropriate permissions. For example, the static file folder allows reading and rejecting writes, the ASP script folder allows execution, denial of writing and reading, and executable programs such as EXE allow execution and denial of reading and writing.

4. Remove unnecessary application mappings

There are many application mappings in ISS by default. Other files are rarely used on websites, except ASP.

In the "Internet Service Manager", right click on the website directory and select "Properties". In the "Home Directory" page of the Website Directory Properties dialog box, click the [Configure] button. , pop-up "Application Configuration" dialog box, in the "Application Mapping" page, delete useless program mapping. If you need this type of file, you must install the latest system patch, and select the corresponding program map, then click the [Edit] button, in the "Add /Edit Application Extension Mapping" dialog box, check “ Check if the file exists with the ” option. When requesting such a file, IIS will first check whether the file exists. After the file exists, it will not call the dynamic link library defined in the program map for parsing.

5. Protecting Log Security

Ensuring log security can improve overall system security.

● Modify the storage path of IIS logs

By default, IIS logs are stored in %WinDir%System32LogFiles, it is best to modify the storage path, because the hackers are very clear. In the “Internet Service Manager”, right click on the website directory and select “Attributes”. In the “Web Site” page of the Website Directory Properties dialog box, select “Enable Logging”. Next, click the [Properties] button next to it, on the "General Properties" page, click the [Browse] button or enter the log storage path directly in the input box.

● Modify the log access permission, and only the administrator can access it.

Through the above small series for everyone to explain the steps, is it more clear, and quickly set up IIS server for your win2003 system.