Windows Server 2012 - IIS Security

The IIS (Internet Information Services) is facing internet all the time. So, it is important to follow some rules in order to minimize the risk of being hacked or having any other security issues. The first rule is to take all the updates of the system regularly. The second one is to create different application polls to this, which can be done by following the steps shown below.

Step 1 − You have to go to: Server Manager → Internet Information Services (IIS) Manager → Application Pulls.

Application Pools

Step 2 − Click “Sites” → Right Click “Default Website” → Manage Website → Advance Settings.


Step 3 − Select the Default Pools.

Default Pools

Step 4 − Disable the OPTIONS method, this can be done by following the path – Server Manager → Internet Information Services (IIS) Manager → Request Filtering.

Request Filtering

Step 5 − In the action pane, select "Deny Verb" → Insert ‘OPTIONS’ in the Verb → OK.

Deny Verb

Step 6 − Enable Dynamic IP Restrictions blocks by going to – IIS Manager → Double click on "IP Address and Domain Restrictions" → Actions pane.

Actions Pane

Step 7 − Then select "Edit Dynamic Restriction Settings" → Modify and set the dynamic IP restriction settings according to your needs → press OK.


Step 8 − Enable and Configure Request Filtering Rules, to do this – IIS Manager → Double click on "Request Filtering" → Change to the Rules tab → Actions Pane.

Rules Tab

Step 9 − Then select "Add Filtering Rule" → Set the required rules → Click OK.

Add Filtering Rule

Step 10 − Enable logging, to do this we need to follow this path – IIS Manager → select the specific site you want to configure → Logging.

Kickstart Your Career

Get certified by completing the course

Get Started