How to secure IIS in Windows Server 2012

IIS (Internet Information Services) always faces the Internet. Therefore, it is important to follow some rules to minimize the risk of hacking or any other security issues.

The first rule is to update the system regularly
The second principle is to create Application Pool (containing one or more applications and allow configuration of many levels between different web applications). This can be done by following the steps shown below.

Step 1: You must access Server Manager> Internet Information Services (IIS) Manager> Application Pools .

How to secure IIS in Windows Server 2012 Picture 1 Go to Server Manager> Internet Information Services (IIS) Manager> Application Pools

Step 2: Click Sites , right-click Default Website , select Manage Website> Advanced Settings .

How to secure IIS in Windows Server 2012 Picture 2 Select Manage Website> Advanced Settings

Step 3: Select Default Pools.

Step 4: Disable the OPTIONS method, this can be done by following the path Server Manager> Internet Information Services (IIS) Manager> Request Filtering .

How to secure IIS in Windows Server 2012 Picture 3 Go to Server Manager> Internet Information Services (IIS) Manager> Request Filtering

Step 5: In the Actions panel , select Deny Verb , enter OPTIONS into Verb , then click OK.

Step 6 : Enable Dynamic IP Restrictions blocks by going to IIS Manager , double-clicking on IP Address and Domain Restrictions , then selecting the Actions panel .

How to secure IIS in Windows Server 2012 Picture 4 Double click on IP Address and Domain Restrictions

Step 7: Then select Edit Dynamic Restriction Settings , modify and set dynamic IP restriction settings as needed, then click OK.

Step 8: Activate and configure the Request Filtering rules. To do this, go to IIS Manager , double-click Request Filtering, switch to the Rules tab , then the Actions panel .