Due to employer security issues, the development team is not allowed to have IIS on their development PCs. I would like to know if there is a way to have IIS locally and disallow incoming/outgoing connections? The development team would just like to harness the power of IIS for development purposes and not have to worry about "security" breaches/issues? Long story...
+1
A:
You can bind it to a local-only address.
Instead of binding it to 0 or * (any available address) bind it to 127.0.0.1. This will only allow your box to access IIS since it's only listening on IP 127.0.0.1.
Changing the binding is different from version to version, what version are you using?
EDIT
For IIS 5/6 you want to.
- Right-click your site and goto Properties
- Select the Web Site tab
- Under Web Site Identification click Advanced
This should allow you to change your bindings.
Make sure the only binding you have is 127.0.0.1 on whatever port.
Chad Moran
2009-02-19 22:08:41
Yes, that's the way I already load my apps. Great news thanks! Any other precautions we should take? Greatly appreciate it.
2009-02-19 22:17:23
Maybe if you're not governed under a GPO (group policy) you might want to enable windows firewall for port 80.
Chad Moran
2009-02-20 01:13:40