Home / security

IIS Lockdown tool

Computers that use standard install webservers based on Internet Information Services (IIS) 4.0, 5.0, 5.1 have a security risk. This most importand reason is that the standard configuration activate services that can be easily abused. To close these services (FTP, NNTP, SMTP, ...) Microsoft released Internet Information Services Lockdown Tool.
You can download it at :

Usefull feature is URL-Scan. This filters incoming HTTP-request by predefined rules. Potential dangerous request are blocked.
On IIS 6.0 URL-Scon is possible but not recommended, because the build-in security of IIS 6.0 is better.

You can find more information on the Microsoft site :


In cooperation with SecurityHome.eu