Guidelines For Controlling Access To Web Servers, Web Sites, Applications, And Server Resources

By Author: unknownmem
Total Articles: 128
Comment this article

Many US specific features can be used by themselves, and many interoperate with operating system permissions to provide MCSA Certification(http://www.mcsa-70-270.com)
additional security for Web sites. Follow the guidelines in the following sections to control access to Web servers, Web sites, applications, and server resources.
Restrict Access from Specific IP Addresses or Domain Names
You can restrict access to the Web site or application by blocking specific domain names and IP addresses, or by allowing only specific domains and IP addresses. You can, for example, restrict access to intranet sites to computers on your internal net-work or some portion of your internal network. You can block specific IP addresses from which attacks are occurring. Access cannot be blocked by a portion of a Web site or an application.

Use address ranges instead of domain names where possible. If domain names are used, a reverse lookup must be done each time a request for access is received, and this will reduce microsoft exams(http://www.mcsa-70-270.com)
performance.

To block access, leave ...
... the default setting (in which all users are allowed to access the site) and then specify the domain or IP address range to be blocked. To restrict access to specific domains or address ranges, disable default access (in which no users are allowed to access the site) and then add the domain names and IP address ranges of the exceptions that you want to make. Restricting access to intranet Web sites to specific internal subnets not only makes good security sense, but it meets the business needs of restricting certain types of data to specific employees and preventing access by outsiders who penetrate the internal network. Wireless users, for example, can be given IP addresses from a range that is blocked from accessing certain internal Web sites. Visitors and intruders might gain access to the network, but access to the internal Web site is prevented.
Enable Only Essential MIME Types A number of MIME types commonly in use on Web servers are approved for use by default. Approval of these MIME types simply allows well known data formats to be used in Web page and application development. Should additional MIME types be necessary, you can add them. But do not add types that are unnecessary. Removal of MIME types to restrict usage to those approved on the MCSE study guides free download(http://www.examshots.com/certification/MCSE-2003-50.html)
Web site is also easy to do using the interface.