How to security IIS inetpub\wwwroot\_vti_inf.html file
How to security IIS inetpub\wwwroot\_vti_inf.html file
Dear sir,
I have performed a security scanner of server, report mentiones that:
THREAT:
The file "_vti_inf.html" was retrieved. This file contains basic configuration information for the Web server FrontPage Extensions.
IMPACT:
Scan Results page 5
The information obtained through successful exploitation of this vulnerability can assist in further attacks against the host.
SOLUTION:
Restrict access to the file.
But how to restrict access to this file? I cannot found any suitable document how to restrict it. Does it means set permission of the or change content of file?
Here are the content of file:
======================================================================
<html>
<head>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1">
<title> FrontPage Configuration Information </title>
</head>
<body>
<!-- _vti_inf.html version 0.100>
<!--
This file contains important information used by the FrontPage client
(the FrontPage Explorer and FrontPage Editor) to communicate with the
FrontPage server extensions installed on this web server.
The values below are automatically set by FrontPage at installation. Normally, you do not need to modify these values, but in case
you do, the parameters are as follows:
'FPShtmlScriptUrl', 'FPAuthorScriptUrl', and 'FPAdminScriptUrl' specify
the relative urls for the scripts that FrontPage uses for remote
authoring. These values should not be changed.
'FPVersion' identifies the version of the FrontPage Server Extensions
installed, and should not be changed.
--><!-- FrontPage Configuration Information
FPVersion="5.0.2.6790"
FPShtmlScriptUrl="_vti_bin/shtml.dll/_vti_rpc"
FPAuthorScriptUrl="_vti_bin/_vti_aut/author.dll"
FPAdminScriptUrl="_vti_bin/_vti_adm/admin.dll"
TPScriptUrl="_vti_bin/owssvr.dll"
-->
<p><!--webbot bot="PurpleText"
preview="This page is placed into the root directory of your FrontPage web when FrontPage is installed. It contains information used by the FrontPage client to communicate with the FrontPage server extensions installed on this web server. You should not
delete this file."
--></p>
<h1>FrontPage Configuration Information </h1>
<p>In the HTML comments, this page contains configuration
information that the FrontPage Explorer and FrontPage Editor need to
communicate with the FrontPage server extensions installed on
this web server. Do not delete this page.</p>
</body>
</html>
===============================================================
June 22nd, 2012 5:40am