There are a couple of other ways you can control access to your Web server, though they are generally less useful—however you may find that they fit in with your applications. In particular, the first of these can be used when you implement an Extranet, where you only want to permit access for a selected set of customers.
Limiting Access By IP Address
If you only want to allow particular users or groups of users to access your site, you can use the IP Address and Domain Restrictions dialog to grant access only to specific IP addresses, and deny all others. Alternatively, though generally less useful, is to deny access to specific IP addresses and allow access to all others:
However, recall that (as we discussed earlier) many Web users dial into the Internet via an ISP who allocates IP addresses on demand, and so this type of user's IP address will be different each time they visit your site.
Using Non-Default Port Numbers
The default port that the WWW service listens on is port 80 (and port 443 for SSL/PCT requests). You can set IIS to listen on other ports as well, and remove port 80 if required. This way visitors will have to know and specify as part of the URL the correct port number in order to gain access to your site, for example
. You change the default port allocations in the Properties dialog for that directory, or use the Advanced dialog to set up multiple ports:http://yoursite.com:8671/default.htm
This isn't going to do much good if you then publish the full URL, but may be useful if you want to hide your site from casual browsers, or from search engines and agents that generate random IP numbers to see if any servers respond. Anyone can search the publicly available lists of domain name allocations to find you site's IP address anyway, but using a non-standard port makes it that bit harder to gain access.
Good Practice With IIS
There are some general points that you should keep in mind when setting up IIS:
\InetPub\WWWRoot
and \InetPub\FTPRoot
), but a virtual directory can point anywhere.
In IIS 3, there was only one option for Execute permission in a virtual directory (or Alias). This had to be set (ticked) for ASP and other scripts to be executed, and this allowed executable programs to run as well. In IIS4 there are two options available in the Properties dialog for any directory (not just virtual directories). The Script option allows ASP and other scripts to run, while the Execute option allows executable programs such as
and .exe
files to run.
.dll
For a detailed explanation of the security features implemented in Internet Information Server see the topic Security in the Server Administration section of the IIS documentation.