Web Server Access to Files

  1. Never place the websites on drive C
    This adds protection against possible future security issues and allows better hardening.
    1. Recommended: put them on another server (SAN/NAS/Windows Share) and use UNC drives. In our example we'll call it websan.hosting.local.
      This increases your flexibility allowing you to easily replace the web server. 
    2. Alternative: If you won't use shares, you should still place files in another virtual drive. Let's call it "W:\".
  2. We recommend to place Log files on yet another network target - our examples will use weblogs.hosting.local.
    This adds better separation and helps keep the journal intact even if the website is compromised, and let's you automate archival / analytics centrally across all servers. 
    Alternative is to use another virtual drive like "L:\". 
  3. In your UNC share, create a main folder for all websites, and in that one folder per site.
    In our example we'll call the folder "Solutions". This will help you configure permissions. It results in: 
    \\websan.hosting.local\Solutions\Project 1\
    \\websan.hosting.local\Solutions\Project 2\

IIS Installation / Plugins

todo

  1. Rewrite Module
  2. Hardening

IIS Configuration

TODO