|
Home > Archive > IIS Server Security > January 2007 > IIS Browsing
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Andrea :-\) 2007-01-09, 1:49 am |
| Hello
i've a great problem with IIS (5 or 6).
I have all my website in a Subfolder of C.
If I Place on a WebSite (casual) an ASP tools to browsing directory, I can
"navigate" the other site and all the server's disk structure (Windows
directory included).
My Web work with IIS Users.(IUSR)
I've just removed:
1) Browsing Directory
2) Parent path
3) NTFS permission are only : IUSR= read, SYSTEM=full, Administrators=full
How can i solve this problem?
I must remove FilesystemObject components in ASP?
I muste store data in a D disk and the system in a C disk?
Tank to all
| |
| Ken Schaefer 2007-01-09, 1:49 am |
| You need to change the NTFS permissions appropriately.
For example, to prevent each individual website from being able to browse
other websites, you should create an individual anonymous user account for
each website. Give that user account read permissions to its own website
only, and not to any other website.
Cheers
Ken
"Andrea :-)" <andreone@gmail[nospam].com> wrote in message
news:4599869d$0$19101$4fafbaef@reader4.news.tin.it...
> Hello
> i've a great problem with IIS (5 or 6).
>
> I have all my website in a Subfolder of C.
> If I Place on a WebSite (casual) an ASP tools to browsing directory, I can
> "navigate" the other site and all the server's disk structure (Windows
> directory included).
> My Web work with IIS Users.(IUSR)
> I've just removed:
> 1) Browsing Directory
> 2) Parent path
> 3) NTFS permission are only : IUSR= read, SYSTEM=full, Administrators=full
>
> How can i solve this problem?
> I must remove FilesystemObject components in ASP?
> I muste store data in a D disk and the system in a C disk?
> Tank to all
>
| |
| Andrea :-\) 2007-01-09, 1:49 am |
| Tansk you for the Answer
(sorry for the post in the other forum).
Ok, i can make individual anonymous user account for each website but in
this mode i Cannot "cluster" my server (now I'm using Application Center)
because i cannot "export" Windows User in another server.
"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> ha scritto nel messaggio
news:%23RhLf5iLHHA.4712@TK2MSFTNGP04.phx.gbl...
> You need to change the NTFS permissions appropriately.
>
> For example, to prevent each individual website from being able to browse
> other websites, you should create an individual anonymous user account for
> each website. Give that user account read permissions to its own website
> only, and not to any other website.
>
> Cheers
> Ken
>
>
> "Andrea :-)" <andreone@gmail[nospam].com> wrote in message
> news:4599869d$0$19101$4fafbaef@reader4.news.tin.it...
>
| |
| Ken Schaefer 2007-01-09, 1:50 am |
| Hi,
You can use a domain account can't you?
Cheers
Ken
"Andrea :-)" <andreone@gmail[nospam].com> wrote in message
news:Eromh.12378$K8.7756@news.edisontel.com...
> Tansk you for the Answer
> (sorry for the post in the other forum).
>
> Ok, i can make individual anonymous user account for each website but in
> this mode i Cannot "cluster" my server (now I'm using Application Center)
> because i cannot "export" Windows User in another server.
>
>
>
> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> ha scritto nel messaggio
> news:%23RhLf5iLHHA.4712@TK2MSFTNGP04.phx.gbl...
>
>
|
|
|
|
|