Programming4us
         
 
 
Windows Server

Windows Server 2008 : Configuring IIS Security (part 7)

12/12/2010 9:05:38 AM
Configuring Handler Mappings

When you add the Web Server (IIS) role to Windows Server 2008, a default set of handler mappings are defined for the Web server and for the default Web site. New Web sites and Web applications are also configured with a default set of handler mappings. In addition, when you add role services to the Web Server (IIS) role, additional handler mappings might be added automatically to the configuration.

You can use IIS Manager to configure handler mappings. After you have connected to an installation of IIS, you must choose at which level you want to configure mappings. You can configure mappings at the following levels:

  • Web Server

  • Web Sites

  • Web Applications

  • Virtual Directories

  • Web Folders

Child items in the hierarchy automatically inherit handler mappings. For example, a child item automatically inherits the default handler mappings for a new Web application from the configuration of the parent Web site. Settings made at lower levels override the settings from higher levels. This enables a specific Web application to support a certain type of file content (such as ASP.NET pages) whereas other applications and the parent Web site might support only static content.

To view the handler mappings that are configured at a specific level, click the relevant object in the left pane of IIS Manager. Then, select Handler Mappings from the Features View in the center pane. Figure 13 shows the handler mappings that are defined for a Web site.

Figure 13. Viewing handler mappings for a Web site


The display includes information about all the handler mappings defined at the selected level. The name specifies information about the request handler itself. Examples include StaticFile and ASPClassic. Built-in handler mappings have default names, but administrators can provide names for new mappings when they are created. The Path column shows the specific request extensions for which the handler will be used.

The State column specifies whether the handler is enabled or disabled. If the handler is disabled, requests that match the mapping will not be processed. The Handler column specifies details about the program that is to be called. Finally, the Entry Type specifies whether the handler mapping is inherited from a parent object or is Local (defined directly for this object).

You can use the Group By drop-down list to view handler mappings based on different criteria. The Entry Type shows which settings have been inherited from parent objects and which handlers are configured directly for the selected object. The State grouping shows which handler mappings are enabled and which are disabled. These view options make it easy to determine the security attack surface for each component of the Web server.

Removing Handler Mappings

To secure your Web content, it is a good idea to remove any request handlers that you know will not be required when running in production. To remove a handler mapping, click it, and then select the Remove command from the Actions pane. After a handler is removed, requests for the types of content that it handled will not be processed. For example, Figure 14 shows the result that is returned to a local Web browser when the StaticFile request handler has been removed for the Web application. In this case, the request file (default.htm) is present in the Web application folder. However, because no request handler is available for the .htm file extension, the request cannot be processed. To the requester, it appears that the file does not exist.

Figure 14. A detailed request handler error page

Other -----------------
- Windows Server 2008 Server Core : Performing Server Updates
- Windows Server 2008 Server Core : Deciding How to Perform Maintenance
- Windows Server 2008 Server Core : Performing Application Installations
- Configuring Internet Information Services (part 7)
- Configuring Internet Information Services (part 6) - Migrating From IIS 6.0
- Configuring Internet Information Services (part 5) - Managing Web Server Configuration Files
- Configuring Internet Information Services (part 4)
- Configuring Internet Information Services (part 3) - Understanding Web Applications
- Configuring Internet Information Services (part 2) - Creating and Configuring Web Sites
- Configuring Internet Information Services (part 1) - Working with IIS Management Tools
- Windows Server 2008 : Installing the Web Server Role (part 9) - Using Windows System Resource Manager
- Windows Server 2008 : Installing the Web Server Role (part 8)
- Windows Server 2008 : Installing the Web Server Role (part 7)
- Windows Server 2008 : Installing the Web Server Role (part 6)
- Windows Server 2008 : Installing the Web Server Role (part 5)
- Windows Server 2008 : Installing the Web Server Role (part 4)
- Windows Server 2008 : Installing the Web Server Role (part 3)
- Windows Server 2008 : Installing the Web Server Role (part 2)
- Windows Server 2008 : Installing the Web Server Role (part 1)
- Windows Server 2008 : Recovering Role Services and Features (part 4)
 
 
Most View
- Configuring a Microsoft Exchange Server 2003 Infrastructure : Mixed Mode and Native Mode
- Windows Phone 7 : Shopping for Apps and Games
- jQuery 1.3 : Improving a basic form (part 5) - Conditionally displayed fields
- Extending Microsoft Dynamics CRM 4.0 : IFrames
- Exchange Server 2007: Examine Your Hardware Needs for Unified Messaging
- Windows 7 : Understand Internet Explorer’s Advanced Security Options
- Windows Azure : Programming Access Control Service (part 9) - Configuring a Web Service Client to Acquire and Send SAML Tokens
- Windows 7 : Working at the Command Line (part 1)
- Windows Server 2008 : Controlling Access to Web Services (part 10) - Configuring .NET Trust Levels
- Programming Windows Phone 7 : Color Themes
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS