Hi,
I have 2 websites on a IIS machine. one of them is open to the public and
another one should be only accessable from inside the network (LAN). What
has to be done in order to secure it, so peolpe from outside wont be able to
see the Intranet website.
Thanks a lot for any comment. Rob
Hi Rob,
In future, please consider using cross-posting (one send to
all intended groups) instead of multi-posting (multiple,
independent, unrelated sends of identical inquery). Use
of cross-post helps us all by keeping everything in one
thread in all the groups.
Since there are great IIS folks here, I repeat my reply
from other group here, that they may add/correct to advise
you further.
Roger
Much of the whole, complete, and true answer depends
on how this machine is connected to the network(s).
One could start by configuring the server with two IPs.
In the IIS mgmt interface, in the properties of each site,
set the site for one of the IPs (instead of the default, all
unasigned). While in the properties of the internal site,
go into the directory security tab and set the site to not
allow anonymous access, and depending on your client
environment you would probably check that the internal
site uses Windows integrated authentication.
Next, make sure that the NTFS permissions on the content
of the internal site allow for your users but not for the
IUSR_/IWAM_ accounts used for anonymous access.
You may or may not be using host-based IP traffic control
of some form on that server, but if so you can define allowed
access to the internal site IP so it must originate from only
you internal systems.
However your server sits network-wise so that it does
respond to both external and internal requests, you need
to adjust this so that external only get to the intended, single
IP and so that responses from the internal site IP cannot go
out onto the internet.
Those are some starting points, not exhaustive, but do get
you toward a fairly safe separation of the site, provided
that the server is safe from invasions/exploits (untrusted
internal users, excess exposure to external netword).
"Rob"
news:3A97FB1D-237C-43BE-ADF8-CF62971C1BA2@microsoft.com...
> Hi,
> I have 2 websites on a IIS machine. one of them is open to the public and
> another one should be only accessable from inside the network (LAN). What
> has to be done in order to secure it, so peolpe from outside wont be able
> to
> see the Intranet website.
> Thanks a lot for any comment. Rob