After the Web and FTP servers are created, proper management is required to enable the user's information to be accessed by other visitor. The management of the Web and FTP servers is basically the same, including some routine management and security management, which introduces the seven major aspects of the following.
First, enable expiration
Enabling expiration is to ensure that the expiration information of your site is not released. When the information on the user's Web and FTP sites is very powerful, the expired content setting is very necessary, which is not only conducive to the purification of the user's Web and FTP sites, but also contribute to the visitor to find information. When expiration is enabled, the user can set the entire site to the entire site, or you can set it for a directory. The following is a brief introduction to the expired content setting process.
Note: After starting expiration, the web browser compares the expiration time or time of the current date or time and settings when browsing, to decide whether to display the original information or updated.
1. Click the HTTP Tarhead tab, as shown in Figure 1. In this tab, enable the Enable Content Failure check box to activate the options in the Enable Content Failure option area.
Figure 1 HTTP "http header" tab
2. In the Enable Content Failure option area, the user can set the expiration time of the content. Select "Out of the expiration here" radio button, enter a value in the subsequent text box and select a time unit in its subsequent drop-down list box, for example, 2 0 and days, after 2 0 days later If the visitor can no longer access the current information now; select "At this time" radio button, select the date from the subsequent drop-down list box, and adjust the value of the subsequent tame, the user can be directly The expiration time is set, for example, the selected time is 1 9 9 9, February 3 1, 1 2: 0 0: 0 0, then the current information will be in 1 9 9 9, February 3 1 Day 1 2: 0 0: 0 0 expire, can no longer be accessed; if you want to expire the site now, select the "Express Express" radio button.
Second, content grading settings
If the content of the user site is not for all visits, you need to perform content hierarchical settings to prevent other visits that do not have a hierarchical requirements to view site content. By grading service settings, users can insert some descriptive tags in each of the HTTP headers of each web page. When the visitor accesses the user's site, his web browser can check the httt service requirements of each web page, and determine what content according to the hierarchical settings of the browser You can see which content can not be browsed.
In the preset, Windows 2000 is used in the RSAC (RSAC Software Advisory Council) grading service system. The Internet grade is Dr. Donald F. Roberts of Stanford University, which is primarily set for four aspects of violence, sex, naked, and language. Before setting the grading service content, the user must enter a RSAC grading questionnaire to get some recommended content to better grade. The grading content setting process is as follows:
1. In the figure shown in FIG. 1, click the "Edit Rating" button to open the "Content Rating" dialog as shown in Figure 2.
Figure 2 "Content Hierarchical" dialog
2. In the "Hymth Services" tab, click the Details button to check the Internet page of the RSAC hierarchy service, click the "Hierarchy" button to connect to the RSAC site, fill in the hierarchy questionnaire.
3. After the RSAC system has a solution, the user can set the contents of the hierarchical service to filter the content of the company's web page. Click the Rating tab, and select the "This resource enable hierarchy" check box in the Hortan tab, then the tab is shown in Figure 3. Figure 3 "Hierarchical" tab
4. In the Category list box, select one of the four categories of violence, naked, naked, and language, and the hierarchical slider will be displayed, adjust the slider, change the hierarchical level of the selected category.
5. If you want to grade your email, users can enter their own email addresses in the Email Name of this content class.
6. If you want to set the failure time for the hierarchical service, click the "Failure to" drop down the lower-drop list box, select a date from the pop-up electronic calendar.
7. After setting it, click the "OK" button to return to the Properties dialog box, then click the "OK" button to save the settings.
Third, add a web footer
In user Web site management, users often insert a script file written in each web page as a web page to increase the contents of the web site. For example, a script file written in an HTML language adds some simple text and identification graphics for web pages, even including user Web site management and service direction. These contents not only increase the readability of the user's Web site, but also boot the visitor to read the content of the user Web site. In addition, the web footer can also reduce the time of execution of the web server, if the user's Web site is frequently accessed by other visits, using the document footer is very useful. To add a web page, you can refer to the steps below:
1. Create an HTML web page footer file and save it on the hard disk where your web server is located.
2. In the console directory tree of the Internet Service Manager (shown in Figure 4), right click on a Web site or a catalog subpode, for example, the MSADC virtual directory, from the pop-up shortcut menu, select the Properties command Open the MSADC Properties dialog box, click the Document tab, as shown in Figure 4.
Figure 4 "Document" tab
3. In the Document tab, select the Enable Document Footer check box; enter the full path to the footer file in the Enable Document Footer text box. If the user doesn't know the full path of the footer file, click the "Browse" button to open the "Open" dialog for selection.
4. Click the "OK" button, return to the Properties dialog, click the "OK" button to save the settings.
Note The document footer file is not a complete HTML document, which only contains those HTML tag information, which shows how to arrange the content of the footer. For example, through a footer file, increasing the name of the user in each web page, the footer file should contain text content and how to format text fonts and colors.
Fourth, safety and authority settings
Security and Permissions Settings are the most important protection of IIS to ensure their site security, which can be used to control how to verify the identity of the user and their access. During the safety and limited setting, administrators can not only set permissions and site security inheritance, but also select settings to be applied, including verification methods, access licenses, IP address restrictions, etc. The permissions and security settings are as follows:
1. Select All Tasks | The Permissions Wizard command to open the Permissions Wizard dialog. Click the "Next" button to open the Security Settings dialog as shown in Figure 5.
Figure 5 "Permission Wizard" dialog
2. If you want to inherit security settings from the parent site or virtual directory, select "Inherit all Security Settings" radio button; if you need to select a new security setting, select "Select a new security setting from the template.
3. Click the "Next" button to open the Windows Directory and File Permissions dialog, as shown in Figure 6. Figure 6 "Windows Directory and File Permissions" dialog
4. If you want to keep your Windows directory and file permissions, you should select the "Keep Directory and File Permissions" radio button; if you want to keep the original Windows directory and file permissions and join the new settings, you should choose the original situation. Directory and file license configuration, and join the recommended license permissions "radio button. Here you choose "Recommended: Replace All Directory and File Access" radio button to replace the original directory and file permissions with newly set permissions.
5. Click the "Next" button to open the Security Summary dialog box shown in Figure 7. Select the settings you want to apply in the Settings list box, including the verification method, access license, IP address restrictions, and file ACLs will not Modified and other settings.
Figure 7 "Safety Summary" dialog
6. Click the "Next" button to open "The IIS 5.0 'Permission Wizard Wizard'" dialog you have successfully completed, and then click Finish to complete the settings.
V. Safety certification
In Windows 2000, Internet Information Services provides three login authentication methods for Internet information services, which are anonymous, clear text, and inquiry / answer. Users use that way depends on the purpose of the user builds the Internet information server.
If the purpose of the user builds the site is to advertise, you can choose an anonymous way. Because most of the visitor is the first time to access the user's site, users are not necessarily necessary to establish an account for them. If you want to provide an email storage or information delivery from your own Internet information server, you will need to select a plaintext. Because in this manner, the visitor must use the username and password to access, which can effectively protect private mail or information security. If the user's Internet information server is primarily employees within the company, and the information in the server is hoped to be safest, you can choose to ask / answer methods. This approach requires accessers to access requests before accessing, and accessible can only be accessed after the license is obtained; so that the visitor is performed directly on the user server. However, this method requires visitors to use the browser that must be an InternetExplorer browser because other browsers do not support this authentication.
Since access to web, ftp and smtp virtual servers is anonymous on many Internet information servers, this section takes anonymous access as an example to perform secure authentication settings.
1. In the dialog shown in the figure, click the Directory Security tab, as shown in Figure 8.
Figure 8 "Directory Security" tab
2. In the Anonymous Access and Verification Control option area, click the Edit button to open the Verification Method dialog, as shown in Figure 9.
Figure 9 Set anonymous access and verification control
3. To select an anonymous authentication method, enable the "Anonymous Access" check box and click the Edit button to open the Anonymous Account dialog box shown in Figure 10.
Figure 10 Set anonymous account
4. When installing the Internet information service, the system will automatically create an anonymous account: IUSR computer name, if the computer is named LY, anonymous account is: IUSR_LY. Use the IUSR Computer Name account to log in to the server. When allowing anonymous service, administrators can change the user account of the user anonymous request and change the password of this account. Enter the user account name directly in the "User Name" text box, or click the "Browse" button to open the Select Windows User Accounts dialog box as shown in Figure 11 Select a user account to add.
Figure 11 Select Windows User Account
5. In the Anonymous User Accounts dialog box, enable the Allow IIS Control Password check box, or enter the user account password in the Password text box. 6. Click the "OK" button to complete the anonymous access settings, return to the Verification Method dialog box, then click the "OK" button to return to the Default Web Site Properties dialog box, then click the "OK" button to close the dialog frame.
Note: If the user's Web and FTP services disable anonymous access or access is limited by the NTFS access control list, the system automatically uses the authentication, requiring the username and password of the visitor. At this time, you need to select the login verification access method, the INTERNET information service optional verification method has basic validation, and the brief verification of the Windows domain server and Windows verification. Generally selecting Windows verification, because basic verification is a plaintext password verification, which may cause uncryptable passwords to transmit on the network, and the illegal accessor of the system wants to endanger users can check the user password during the verification process; The brief verification of the Windows Domain Server is a brief authentication that makes the Internet Information Services to work with the Windows 2000 Domain Account Manager. Only ask the user account and save the account password as an encrypted text; it is not conducive to the security of the verification information. Sex. To verify using Windows, enable the Inherit Windows Verification check box in the Authentication Access option area in the Authentication Method dialog box.
Six, IP address and domain name limit
With IP addresses and domain name limits, users can disable some specific computers or hosts in some areas to access themselves from their own Web and FTP sites and SMTP virtual servers. This limiting mechanism is very useful when there is a lot of attacks and destruction from certain addresses or a subnet. However, the primary condition for the IP address and the domain name limit is that the user must know which IP addresses used by the online hacker's computer or which network areas belonging, otherwise it cannot be restricted. For Internet-based information servers, the site accepts access from all parties, and users are difficult to perform address restrictions. Typically, only the IP address and domain name are used for security protection only based on the information server based on the corporate internal network. The following will describe the setup process of IP address and domain name limit as an example.
1. In the figure shown in FIG. 8, click the Edit button in the IP Address and Domain Name Limit text box, open the IP Address and Domain Limit dialog, as shown in Figure 12.
Figure 12 Setting the IP address and domain name limit
2. If you select an Authorization Access radio button, in addition to the computer in the Exceptions list box, all other computers can access the contents of the Web site. If you select a "Reject Access" radio button, all other computers cannot access content on the Web site in addition to the computers in the Exceptions list box. Here, select the "Authorization Access" radio button and add a computer that is not accessed.
3. Click the "Add" button to open the Authorized Directions Dialog box as shown in Figure 13.
Figure 13 Authorized Access
4. If you want to limit a single computer, select the "Single" radio button and enter the IP address of the computer you want to authorize in the "IP Address" text box; or click the "DNS Find" button to open "DNS Find" The dialog box selects the computer you want to authorize in a DNS domain. If you want to limit a set of computers, select "A Set of Computers" radio buttons, enter any of the IP addresses of any of the computer you want to authorize in the Network Identity text box, and in the subnet mask "Enter the subnet mask in the text box. If you want to limit your computer in a domain, select the "Domain Name" radio button and enter the domain name of the authorized domain in the Domain Name text box.
5. Click the "OK" button to return to the IP Address and Domain Limit dialog. If you want to access authorization, you can continue to click Add. Thus, a single computer, a set of computers, or a domain client accessible server, while other customers have no access. 6. Click the "OK" button to return to the Default Web Site Properties dialog box, then click the "OK" button to save the settings.
Seven, stop, start, and tentative site service
In site maintenance, stop, start, and tentative sites services are often going to work. For example, when a site content and settings need to make a relatively large modification, the user can stop or suspend the service of the site for operation. When you have stopped or suspending sites, you need to start your own service.
To stop, start and temporarilyify a site information, in the console directory tree, expand the Internet Information Services node and server node to expand the server node. If you want to suspend a web or FTP site service, right click on the site, select the "Pause" command from the pop-up shortcut menu; if you want to stop a Web or FTP site service, right click on the site, from the shortcut Select the "Stop" command in the menu; if you want to start a web or FTP site service that has been paused or stop, right click on the site, select the "Start" command from the pop-up shortcut menu.
