Sage CRM being a web-based application requires a web server in order to function properly. The Primary role of this web server is to help store, process and deliver web pages as and when required to the users by means of HTTP. Now since Sage CRM is reliant on web server, IIS is one of the major pre-requisite and must be installed and configured prior to attempting CRM installation. But, have you ever focussed on securing access to the IIS server?
Once you host any web applications or web services on IIS; your applications or other IIS directories are prone to data hack security concerns. By default, when you create a new IIS website it’s typically open to everyone which simply means anyone can access and view the data being hosted by that site. Obviously, this is a security concern for most people and because of vulnerability, a malicious user can gain access to the web root directory, and then escalate his permissions and gain access to the whole drive where the web root is.
Just by the mere access of browsing the default URL of IIS directory, the default IIS page opens up i.e. with the help of http://<Server Name>/. We eventually end up giving unnecessary access to server virtual directory. After that, it is very easy to hack other applications or web services hosted on that particular server which end up disclosing database server access.
In order to restrict a user from accessing the directory and this default page, below are the steps to be followed –
- In Run, type “inetmgr”. This will open IIS.
- Go to Sites | Default Web Site and select Default Document property.
3. Double click on Default Document property. This will open Default document pages.
4. Right click on Default.htm page and click on disable.
5. Execute IIRESET.
After following the above steps, when we access the above URL error message will be displayed as follows –
The most common reason for HTTP Error 403 is mistyped URL. Thus, in order to gain access to an application it is necessary to browse correct URL for a web page or file and not just the directory. A regular URL would end in .com, .php, .org, .html, or just have an extension, while a directory URL would usually end with a “/”.
In this way, you can make the configurations on servers to disallow directory browsing for security reasons.
Greytrix – a globally recognized and one of the oldest Sage Gold Development Partner is a one-stop solution provider for Sage ERP and Sage CRM organizational needs. Being acknowledged and rewarded for multi-man years of experience and expertise, we bring complete end-to-end assistance for your technical consultations, product customizations, data migration, system integrations, third party add-on development and implementation competence.
Greytrix has some unique integration solutions developed for Sage CRM with Sage ERPs namely Sage X3, Sage Intacct, Sage 100, Sage 500 and Sage 300. We also offer best-in-class Sage ERP and Sage CRM customization and development services to Business Partners, End Users and Sage PSG worldwide. Greytrix helps in migration of Sage CRM from Salesforce | ACT! | SalesLogix | Goldmine | Sugar CRM | Maximizer. Our Sage CRM Product Suite includes addons like Greytrix Business Manager, Sage CRM Project Manager, Sage CRM Resource Planner, Sage CRM Contract Manager, Sage CRM Event Manager, Sage CRM Budget Planner, Gmail Integration, Sage CRM Mobile Service Signature and Sage CRM CTI Framework.
Greytrix is a recognized Sage Champion ISV Partner for GUMU™ Sage X3 – Sage CRM integration also listed on Sage Marketplace.
For more information on our integration solutions, please contact us at firstname.lastname@example.org. We will be glad to assist you.