Details
Web resources published through IIS are mapped, via Virtual Directories, to physical locations on disk. It is recommended to map all Virtual Directories to a non-system disk volume.
Rationale:
Isolating web content from system files may reduce the probability of:
* Web sites/applications exhausting system disk space
* File IO vulnerability in the web site/application from affecting the confidentiality and/or integrity of system files
Solution
1. Browse to web content in C:\inetpub\wwwroot\
2. Copy or cut content onto a dedicated and restricted web folder on a non-system drive such as D:\webroot\
3. Change mappings for any applications or Virtual Directories to reflect the new location
To change the mapping for the application named app1 which resides under the Default Web Site, open IIS Manager:
1. Expand the server node
2. Expand Sites
3. Expand Default Web Site
4. Click on app1
5. In the Actions pane, select Basic Settings
6. In the Physical path text box, put the new location of the application, D:\wwwroot\app1 in the example above
Default Value:
The default location for web content is: %systemdrive%\inetpub\wwwroot.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.