Web Sites
A Web site is a container for Web applications, and you can access it through one or more unique bindings. A Web site binding is the combination of an IP address, a port, and the optional host headers on which IIS listens for requests made to that Web site. Each web site can have individual logging and connection settings.
Run reports on the following web site settings:
- Name
- Bindings
- Site ID
- Max Bandwidth
- Max Connections
- Application Pool
- Source Path
- Source Access Credentials (Optional)
- Document Footer
- SSL Settings
- ISAPI Filters
- Time-out Settings
Screenshot showing IIS web site configuration in a document generated by XIA Configuration
Authentication Settings
Document the following authentication settings:
- Anonymous Authentication Enabled
- Anonymous Authentication Username
- Basic Authentication Enabled
- Basic Authentication Domain and Realm
- Client Certificate Authentication Enabled
- Integrated Authentication Enabled
Screenshot showing IIS authentication settings in the XIA Configuration web interface
ASP.NET Settings (IIS7 and above)
Audit the following ASP.NET settings on IIS7 and above:
- Trust Level
- App Settings
- Connection Strings
- Machine Key Settings
- Session State Configuration
- SMTP Settings
- Max Sessions
- Session Time-out
Screenshot showing ASP.NET settings in the XIA Configuration web interface
Classic ASP Settings
XIA Configuration provides the following information about classic ASP settings:
- Buffering On
- Code Page
- Script Error Message
- Script Language
- Script Time-out
- Session Enabled
- Max Sessions
- Session Time-out
Screenshot showing classic ASP settings in a document generated by XIA Configuration
Common Settings
Create IIS documentation with the following common settings:
- Default Document Settings
- Directory Browsing Settings
- Custom Error Pages
- MIME Types
- Handler Mappings
- Logging Directory
- Logging Flags
- Log Format