IIS Security

I didnt know where this should go so posted it to iis.security also. I have a site which is windows authentication based on a domain that has active directory as its backend on IIS 6 / Win2k3 servers. My site is ...

Quick newb question, if you turn off anonymous access to the Default Website in IIS and turn on Integrated Authentication - then if you go to http://localhost you will get through to the site, but if you go to [link] you will need to login first - why the need for login ? ...

I have a web server in the DMZ which is not on a domain.  I have set the default directory for the site to a UNC share on DFS through a firewall, and I set the domain username / password for the share.  I can ...

Our website was compromised sometime in the last few days, but our Antivirus (Symantec Corporate) when run on the server doesn't detect it. It is a Windows Server 2003 Standard server, running SP1 and all the latest patches.  IIS sends down a website to the user with IFRAMEs ...

I need to understand the basics of using CA root certs on the browser and what happens in the background to validate the cert. 1) If the browswer has say, for example, the public key for Verisign or Microsoft.com (root CA) then when I hit a site that has been issued a key ...

We currently only allowing access to our website to a fixed set of IPs.  We are blocking these at the firewall now.  As we are growing, we're adding more and more IPs to allow access and our firewall guys love us. ...

I have IIS5.0 installed on Windows XP SP2. By default, in "IIS Directory Security Anonymous access and authentication control" has: Anonymous access TICKED Allow IIS to control password TICKED Integrated Windows authentication TICKED Account used for anonymous access IUSR_machinename & password asterisks ...

Hi, I have a Win2K3 Server with IIS6 on it.  In the Default website, I have a directory (/iwaprotected) with just a default.asp in it.  The machine is a member of domain "whatever.com". When I use IE6 (on the same physical machine) to connect to ...

Hello, I have a web app that has its own configuration file named vinetype.config.  Under certain circumstances, this vinetype.config file may sit in the same directory as the web.config file (in default IIS setup in the ...