Simple Path-Based Security

In IIS Web sites, files as well as applications are hosted and offered to the user. After you have allowed a client to make a TCP/IP connection to your server, the next step is to limit access to the files and applications relating to the requested Web site. Segregating access to files by their physical path on the server is a simple way to ensure that different Web sites are not accidentally intermingled.

Defining and Restricting the Physical Path

The very first security requirement specific to a Web server running on IIS 7—even a Web site that only serves static content to anonymous client users—is to ensure that visiting clients can only retrieve files that have been specifically published to that Web site.

Fortunately, ...

Get Windows Server® 2008 Security Resource Kit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows Server® 2008 Security Resource Kit by

Simple Path-Based Security

Defining and Restricting the Physical Path

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly