IIS 7 and Above
Where To Fix An Alert
Last post Dec 16, 2019 04:55 PM by Zyxian
Dec 13, 2019 06:48 PM|Zyxian|LINK
I know this isn't a DNN forum but I posted this question over on their site and it hasn't gotten a reply. (Only someone saying they need the answer too). I hope I am posting in the correct area.
In the Security section of my DNN website, the Audit Check for CheckDiskAccess shows "Hackers could access drives/folders outside the website. C:\mywebsite\ Read:Y, Write:Y, Create:Y, Delete:N
- C:\ - Read:Y, Write:Y, Create:Y, Delete:N".
I'm new to Windows Server and IIS. Where do I change permissions to keep DNN from being able to get outside the website?
Is it somewhere in IIS or is it in ASP?
Thank you for any help.
Dec 16, 2019 09:57 AM|Yuk Ding|LINK
I'm not an DNN framework user so I'm not sure whether this issue has something to do with IIS permission. IIS site use anonymous user (IUSR) to IO file or configuration file. And the web app execute process under application pool identity( IIS Apppool\sitename).
So please try to restrict permission for your application user and authenticate user.
If the reply is helpful, it is appreciated if you could mark it as answer.
Dec 16, 2019 04:55 PM|Zyxian|LINK
Thank you Jokies.
I will double check to make sure I didn't miss something in there.