Programming4us
         
 
 
Windows Server

Windows Server 2008 : Configuring IIS Security (part 7)

12/12/2010 9:05:38 AM
Configuring Handler Mappings

When you add the Web Server (IIS) role to Windows Server 2008, a default set of handler mappings are defined for the Web server and for the default Web site. New Web sites and Web applications are also configured with a default set of handler mappings. In addition, when you add role services to the Web Server (IIS) role, additional handler mappings might be added automatically to the configuration.

You can use IIS Manager to configure handler mappings. After you have connected to an installation of IIS, you must choose at which level you want to configure mappings. You can configure mappings at the following levels:

  • Web Server

  • Web Sites

  • Web Applications

  • Virtual Directories

  • Web Folders

Child items in the hierarchy automatically inherit handler mappings. For example, a child item automatically inherits the default handler mappings for a new Web application from the configuration of the parent Web site. Settings made at lower levels override the settings from higher levels. This enables a specific Web application to support a certain type of file content (such as ASP.NET pages) whereas other applications and the parent Web site might support only static content.

To view the handler mappings that are configured at a specific level, click the relevant object in the left pane of IIS Manager. Then, select Handler Mappings from the Features View in the center pane. Figure 13 shows the handler mappings that are defined for a Web site.

Figure 13. Viewing handler mappings for a Web site


The display includes information about all the handler mappings defined at the selected level. The name specifies information about the request handler itself. Examples include StaticFile and ASPClassic. Built-in handler mappings have default names, but administrators can provide names for new mappings when they are created. The Path column shows the specific request extensions for which the handler will be used.

The State column specifies whether the handler is enabled or disabled. If the handler is disabled, requests that match the mapping will not be processed. The Handler column specifies details about the program that is to be called. Finally, the Entry Type specifies whether the handler mapping is inherited from a parent object or is Local (defined directly for this object).

You can use the Group By drop-down list to view handler mappings based on different criteria. The Entry Type shows which settings have been inherited from parent objects and which handlers are configured directly for the selected object. The State grouping shows which handler mappings are enabled and which are disabled. These view options make it easy to determine the security attack surface for each component of the Web server.

Removing Handler Mappings

To secure your Web content, it is a good idea to remove any request handlers that you know will not be required when running in production. To remove a handler mapping, click it, and then select the Remove command from the Actions pane. After a handler is removed, requests for the types of content that it handled will not be processed. For example, Figure 14 shows the result that is returned to a local Web browser when the StaticFile request handler has been removed for the Web application. In this case, the request file (default.htm) is present in the Web application folder. However, because no request handler is available for the .htm file extension, the request cannot be processed. To the requester, it appears that the file does not exist.

Figure 14. A detailed request handler error page

Other -----------------
- Windows Server 2008 Server Core : Performing Server Updates
- Windows Server 2008 Server Core : Deciding How to Perform Maintenance
- Windows Server 2008 Server Core : Performing Application Installations
- Configuring Internet Information Services (part 7)
- Configuring Internet Information Services (part 6) - Migrating From IIS 6.0
- Configuring Internet Information Services (part 5) - Managing Web Server Configuration Files
- Configuring Internet Information Services (part 4)
- Configuring Internet Information Services (part 3) - Understanding Web Applications
- Configuring Internet Information Services (part 2) - Creating and Configuring Web Sites
- Configuring Internet Information Services (part 1) - Working with IIS Management Tools
- Windows Server 2008 : Installing the Web Server Role (part 9) - Using Windows System Resource Manager
- Windows Server 2008 : Installing the Web Server Role (part 8)
- Windows Server 2008 : Installing the Web Server Role (part 7)
- Windows Server 2008 : Installing the Web Server Role (part 6)
- Windows Server 2008 : Installing the Web Server Role (part 5)
- Windows Server 2008 : Installing the Web Server Role (part 4)
- Windows Server 2008 : Installing the Web Server Role (part 3)
- Windows Server 2008 : Installing the Web Server Role (part 2)
- Windows Server 2008 : Installing the Web Server Role (part 1)
- Windows Server 2008 : Recovering Role Services and Features (part 4)
 
 
Most View
- Exchange Server 2003 : Creating and Managing Address Lists and Recipient Policies (part 2) - Administering Address Lists
- jQuery 1.3 : Working with numeric form data (part 5)
- Exchange Server 2010 : Availability Planning for Mailbox Servers (part 8) - Designing and Configuring DAGs
- User-Level Security : Authorization and Impersonation (part 3) - Security Token Authentication
- Microsoft ASP.NET 3.5 : Writing HTTP Handlers (part 3) - The Picture Viewer Handler
- BizTalk Server 2009 : The core principles of a service-oriented architecture (part 1)
- SharePoint 2010 : Adding a user via PowerShell, Delegating PowerShell permissions
- iPad SDK : Implementing an About Panel in a Modal Way (part 1) - Creating the Modal Web View Controller
- Windows Server 2008 : Configuring Remote Access (part 6)
- Windows Phone 7 : Silencing Your Phone
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS