Forum Discussion
Solved
IIS hardening and Sharepoint
When using Sharepoint 2016, should we leave IIS untouched ? Is it ok to harden IIS ? WIll it create any issues for Sharepoint ? Is there any compnents of IIS that should be left untouched ? ANy refer...
- The retail switch only needs to be set if you're going to attempt to deploy debug code. Microsoft doesn't ship debug code. As for allowed, you can control the file types uploaded to SharePoint via the Web Application config (and you would be the one adding files outside of that method, if you chose to do so for some reason). You shouldn't be adjusting allowed verbs in SharePoint. That said, any change you do make to the web.config should go through the WebConfigModification class rather than going through IIS Manager and/or direct web.config edits.
I agree that IIS site components should probably not be touched. However, just a few examples....should we change things like setting the file Extension allowunlisted to True in web.config, setting deployment retail switch to true, disabling http trace method, enabling dynamic ip address restrictions, ensuring cookies are set with httponly attribute, disallowing non ascii characters in urls...
The retail switch only needs to be set if you're going to attempt to deploy debug code. Microsoft doesn't ship debug code. As for allowed, you can control the file types uploaded to SharePoint via the Web Application config (and you would be the one adding files outside of that method, if you chose to do so for some reason). You shouldn't be adjusting allowed verbs in SharePoint. That said, any change you do make to the web.config should go through the WebConfigModification class rather than going through IIS Manager and/or direct web.config edits.