Table of Contents
Advertisement
Configuring Internet Information Services to avoid the detection of hidden directories
Web-based applications will sometimes inadvertently expose a site's directory structure. Although
the exposed directories do not list their contents, the exposed directory information is detrimental
to the site's overall security. By knowing a directories name, a potential hacker can guess its
content and possible file names that reside within. Sensitive content can pose a severe security
threat when directory names are exposed.
To avoid this potential security risk, you can issue 404 - Not Found response status codes instead of
403 - Forbidden response status codes. This change will obfuscate the presence of directories on
the site, and will prevent the site structure from being exposed.
You must be a member of the Administrators group on the local computer to perform the following
procedure, or you must be delegated the appropriate authority. As a security best practice, logon to
your computer using an account that is not in the Administrators group, and then use the Windows
Run as command to run the Internet Information Services Manager as an administrator.
Open a Windows Command Prompt and enter the following:
E
runas /user:<administrative_accountname> "mmc %systemroot%\system32\inetsrv\iis.msc"
Where <administrative_accountname> is the account name for someone with administrative
authority to the workstation.
In Internet Information Services Manager, expand the local computer, expand
E
right-click
Default Web Site
Click the
E
Custom Errors
E
In the
Error Messages for HTTP Errors
Select
from the
E
URL
Enter the following in the
E
Click
, and then click
E
OK
Exit the Internet Information Services Manager.
E
E
Launch the Windows Registry Editor (type regedit in a Windows Command Prompt).
Navigate to the following location:
E
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters
Create a new DWORD value named
E
Open a Windows Command Prompt and enter iisreset.
Installing Microsoft SQL Server
You must have SQL Server installed on at least one machine.
To install SQL Server, follow the instructions that come with the application.
E
, and then select
tab.
list, select the HTTP error
list box.
Message Type
field:/spssmr/shared/404-custom.asp.
URL
again.
OK
IgnoreAppPoolForCustomErrors
.
Properties
403;14
Installing required software
,
Web Sites
, and click
Edit Properties
and give it a value of
.
1
13
.
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the SPSS Data Collection and is the answer not in the manual?