How to Password Protect Folders in IIS and Plesk

Reading Time: 5 minutes

Introduction

When reviewing your servers security, it is critical for businesses to ensure that while building new sections of your website, that we do not leave it unsecured or visible to users while it is being built. With this in mind, there are several ways for you to “lock” a folder or domain while it is being developed. This will safeguard a folder or an entire site using the security feature built into IIS and Plesk called password protection. In today’s article we will see how easy it is to restrict access to a site or a folder.

What is IIS?

IIS stands for “Internet Information Services”. This is the default web server that is integrated with the Windows server software packages. It has a graphical interface, used for managing the Microsoft Windows server.

Global Password Protection

One of the many features that IIS has implemented, is called .Net Authorization. These rules allow us to make custom rules sets which will delineate who has access to a folder or website. There are multiple options we have available to select when adding these custom, allow or deny rules. Some of these rules include the following options.

  • All users – This rule will deny access to a folder for any user which attempt to access it. If you would like to block content for everyone, make sure that this rule is on top of the list of all other rules.
  • All anonymous users – This rule will block access to all users that are not authenticated. In other words, any user attempting to access the folder or site must have specific access granted. Any user needing access must be added to the users and groups section, otherwise they will be blocked.
  • Specified roles or user groups – This rule will block access to all users that do not have basic or custom user account and password set up.

If you would like to block access to everyone, we can follow the instructions noted here.

  1. First, open your IIS Manager from the Windows Start button.
  2. Next, select the site that you want to edit from the left side menu,
  3. Then, open the ‘.Net Authorization‘ rules and Click on “add rule” and select the type of rule you would like to add. Now, we should specify the users it will apply to.
  4. open.net.auth.rules
  5. Finally, click “OK”. Our site now has a custom rule in place.
add.auth.rule

You can add as many custom rules as you would like depending on your situation.

Custom Folder Protection

The other mechanism used for authentication and protection is called “Authentication”. In that area, we have multiple options that are available to modify. These choices are described in detail below.

iis.manager.authentication
  • Active Directory Client Certificate Authentication
  • Anonymous Authentication
  • ASP. NET Impersonation
  • Basic Authentication
  • Digest Authentication
  • Forms Authentication
  • Windows Authentication

Active Directory Client Certificate Authentication – This is a form of authentication that requires the IIS 7 server to be a member of the Active Directory domain as well as the user accounts that are stored in active directory.

Anonymous Authentication – This is a feature that provides access to the public areas of your website. If FTP is enabled, by default it will allow users to access contents of the site.

ASP. NET Impersonation – This is a security feature that allows specific users to execute code. This feature is used for anonymous users who do not have credentials, but we want to allow them to have access.

Basic Authentication – This option provides access to users that have accounts on the server’s domain. In order to access the public facing content, basic authentication should be enabled to allow the user to set a password in “Local users and Groups”. The important thing to note here is that when accessing content, passwords are sent via a clear text format and as such, considered insecure.

Digest Authentication – This option is similar to “Basic Authentication”, but credentials are sent in a more secure manner using hashing instead of plain text. This method provides more security, and also requires a user’s password to be set.

Forms Authentication – This option works by authenticating the user by reviewing the forms’ authentication ticket (which is the container for the forms’ authentication cookie), which is usually included within the user’s collection of cookies. In the event no forms’ authentication ticket is seen, the user is deemed as being anonymous.

Windows Authentication – This option is used in a more corporate setting or environment, or when numerous users are present within a network. This certification uses Windows-based authentication between a client and the Windows IIS server to verify the user who is attempting access must have a Windows account.

In all the options we have seen for protecting folders, we find it is best to use Basic Authentication or Digest authentication. Both options require a username and password. Let’s review how to set this up.

First, we will start by opening the Server Manager dashboard. Then, on the right side under “Tools” select “Computer Management”.

server.manager.dashboard

When the Computer Manager opens, navigate to the “Local Users and Groups” section. Click on the “Users” and on the right side select “More Actions >> New User”. Here we can set up a new username and password for a user, and once complete, save it to provide access.

local.users.groups

Now that we have the user set up, we can enable protection on any folders needed. To select a folder, let’s open our “IIS Manager” and select the site or folder that you want to limit access to.

Warning:
Be sure that you have selected the website or folder underneath it if you remain on the tree or on the “Sites” folder access to everything inside will be restricted.
iis.manager.select.site

Next, the types of authentication section will open. Disable “Anonymous Authentication” and enable “Basic” or “Digest” authentication for a site or folder. That’s it. We have allowed access to that specific new user.

How to Password Protect Sites in Plesk

In this segment. we will review how to protect folders and domains on a Windows server using Plesk. Plesk’s protection features will add an extra layer of security to your sites and content, and it is easier to set up than just using the Windows IIS service manager.

What is Plesk?

Plesk is a hosting platform used for server administration. It will allow you to manage your websites, DNS zones, plugins, databases, email accounts, reseller accounts, etc. via a web-based interface.

Setting Up Password Protection

  1. Open Plesk
  2. Navigate to Domains > Domain name that you want to edit > Password-Protected Directories.
  3. Click “Add Protected Directory”.
  4. Type a path to the directory that you want to restrict, and a title that will be visible to the visitors.
  5. Click “OK”
plesk.password.protect.directory

Adding A User to the Password Protected Directory

Next, we have to allow a user or users access to the password protected directory. To accomplish this, use the following directions.

  1. Navigate to your Domains > Domain name that you want to edit > Password-Protected Directories.
  2. Click on the directory that you want to add user to.
  3. Set the username and password.
  4. Click “OK”.
plesk.add.user

That’s it! Securing access to your domains and folders can be as easy as one, two, three. Here at Liquid Web we value your security and offer multiple options to increase your Servers protection level.

Conclusion

Now that we have set up our domain and folder security, we can work on our website without external users having access to it until we are completed. Would you like to add additional security measures? Have no fear! At Liquid Web, we understand your concerns and can provide complete protection to meet all of your security needs. Check out our Security addons for Windows servers and stay protected with Liquid Web.

Should you have more questions related to this information, give us a call at 800.580.4985, or open a chat or ticket with us to speak with one of our knowledgeable Windows technicians or Experienced Hosting advisors to learn how you can take advantage of these techniques today!

How to Install and Configuring NTP on CentOS and Ubuntu

Reading Time: 8 minutes

Introduction

In this article we will learn what the Network Time protocol (NTP) is and how to install it on the two Linux distributions most commonly used on Liquid Web’s servers. We will be focusing on using CentOS 7 and Ubuntu 18.04 servers, but the process is largely the same on other recent versions of each. Before we start, make sure we are familiar with using SSH (Secure Shell) as we’ll need it to connect to the server. Here’s a link to one of our articles on the basics of SSH if you are unfamiliar with its usage.

Continue reading “How to Install and Configuring NTP on CentOS and Ubuntu”

Installing WordPress using WP-CLI

Reading Time: 3 minutes

WordPress has a great GUI-based installation process however some use cases call for CLI! Or, maybe you just feel more at home in a terminal, either way this article will show you how to get your WordPress site setup with just a terminal, using WP-CLI, and maybe a sprinkle of SSH.

In order to be able to install WordPress manually using WP-CLI you will first need to create a new database for the WordPress install. You will need to know how to find your SSH credentials as well as being used to using Terminal or Putty and WP-CLI.

Continue reading “Installing WordPress using WP-CLI”

Managed Hosting vs VPS Hosting

Reading Time: 8 minutes

In this article, we will discover what Dedicated, Managed and VPS Hosting is, how they compare and differ from each other, as well as the advantages and disadvantages of each. These two concepts aren’t mutually exclusive, and in this article, we hope to provide you a better idea of what to look for in a hosting solution.

Continue reading “Managed Hosting vs VPS Hosting”

Where Are The Windows Logs Stored?

Reading Time: 3 minutes

In this article, we will discuss Windows logging, using the event viewer and denoting where the windows logs are stored.

Windows server options include a robust logging and management system for logs. These logs record events as they happen on your server via a user process, or a running process. This information is very helpful in troubleshooting services and other issues, or to investigate a security problem. 

Continue reading “Where Are The Windows Logs Stored?”

Comparison Of The Four Major Server Control Panels

Reading Time: < 1 minute

In this article, we will be doing a sensible review of four of the major control panels that we encounter most often on a VPS server. These management panels include:

In moving forward, we reviewed multiple features of the following management panels across several systems in order to get a better overview of their functions and capabilities: 

Note:
We do not offer DirectAdmin as a supported management panel option however, DirectAdmin can be installed on one of our Self Managed server options

Should you decide to move towards in selecting a new management panel, our Liquid Web Solutions and Support teams can provide further information to help aid in making the right decision. Open a chat or give us a call today at 1-800-580-4985 to find out more! 

How To Set Up FTP for Windows

Reading Time: 5 minutes

What is FTP?

You or your developer may want to have access via FTP (File Transfer Protocol) to the folders for the project or domain that is being worked on. FTP is a quick and easy way for someone to connect to their project, without having to have full access to RDP into the server. An FTP user will only have access to the folders that are designated to them, limiting them in their own environment so as not to accidentally change other user’s files and file structure on their project/domain. In this tutorial, we will cover how to utilize FTP on a Core/Self-Managed Dedicated or VPS Server, as well as a Plesk Server.  Let’s jump right in!

 

Enabling FTP Services

The first thing that you need to check before creating an FTP user is to enable FTP on your server. To do that on a Core/Self-Managed server, we need to RDP to the server and open Server Manager.

rdp connection info

Once the server manager is open, in the top right corner, there are a few options: Manage, Tools, View, and Help. We want to click on Manage, which will show a drop-down menu. At the top of the menu, click on the option Add Roles and Features.

IIS server manager dashboard

Once you have the Add Roles and Features Wizard up, click Next until you are at the Server Selection.

add role feature wizard

Make sure your server is highlighted, by default, it should be. If so, you can click Next which brings you to Server Roles.

select destination server

Server Roles are where you will find the features your server can have enabled separately, depending on your needs. We aren’t looking for anything but FTP at this time, so we won’t cover all of the features and services we find here. FTP services are going to be found under the role Web Server. Click on the carrot next to Web Server. There are 3 different options with checkboxes; Web Server, FTP Server, and Management Tools. Dropping down the FTP Feature will show the available FTP features.

If all of these are already checked, you can skip ahead to the Adding and Assigning FTP Users section of this help article. However, if these are not checked, go ahead and check FTP Server and FTP Service. If your users plan on using ASP.NET services or IIS Manager, you will want to make sure you check FTP Extensibility.

Once you have the FTP features selected, click on Next a couple of times until you get to the Confirmation page. At the top, you will see an option to “restart the destination server automatically if needed. For installing FTP Services, a restart is not needed. We can leave this box unchecked and click on Install. This install process shouldn’t take too long.

Adding and Assigning FTP Users section

Adding an FTP User Account

Before we add an FTP site, we need to set up a user with some credentials. We do this by accessing Computer Management.

set up a user credentials

On Windows 2012 and up, we can do this by right-clicking the Start Menu button, and selecting Computer Management. Here, under System Tools, if we click the drop down carrot, we will see the Local Users and Groups section. Double-click on Users and a list of all the Local Users will formulate. On the far right of the Computer Management, once we have navigated to Users, we see a More Actions and will need to click on that to add a New User.

add a New User

Clicking on New User will pop up a simple interface that asks for the user name, the user’s full name, a description for that user that serves as a description for you, the administrator, to recognize the purpose of this user. Fill out this information accordingly and type in a password for this user. Under Confirm Password, we see that by default “User must change password at next logon” is selected. Because this is strictly for FTP, we will uncheck that and check “User cannot change password” and “Password never expires”. Considering the FTP user will only have access to the destination you allow, it is not necessary to change the password.

description for FTP user

 

Adding an FTP Site

Now that FTP Services are installed and a user is created, we need to head on over to the IIS Manager. This can be found in the Start Menu, or by clicking on Tools in Server Manager as we did before, but clicking on Internet Information Services (IIS) Manager.

Adding an FTP Site

Here is the IIS Manager, we need to create the FTP site that you will want this specific user to have access to. We do this by clicking on the drop-down carrot next to the server name, and then right-clicking on the folder that says “Sites“.

create FTP site access for user

A menu will pop up, with the option to Add FTP Site. Enter the name you wish to give this FTP site. Select a Physical path, where you want the user for this FTP site to have access. Do this by either typing in the direct path, or selecting the 3 dots next to the entry bar and physically selecting the folder you wish to assign this FTP site.

Select a Physical path to ftp site

Clicking next will bring you to Bindings and SSL settings. If you have any specific IP address that is assigned to a domain that is being used for this FTP Service, you need to make sure that the IP address is selected by dropping down the bar.

Bindings and SSL settings

If all sites are taking advantage of Windows SNI (Server Name Identification) than you can leave this set to All Unassigned, if you wish to use a different port than the default FTP port, go ahead and type that in under Port. But if this is just a basic FTP instance for everyday purposes, go ahead and leave that port at the default 21. Next, you want to make sure that “Start FTP Site automatically” is selected. Unless of course, you want to manually allow the user to connect to their FTP site only when you designate by starting the page in IIS. Select No SSL and click Next for this FTP Site. In this tutorial, we will not be covering setting up an SSL for this specific FTP Site. If you do already have an SSL that you have added to the server for this purpose, you need to make sure that Allow or Require under SSL is checked, and select your SSL on the drop down bar labeled SSL Certificate.

authentication authorization info

Now we have been brought to the Authentication and Authorization section. Here at the top are two options for Authentication. Make sure that both boxes are checked. Finally, we have the Authorization section where we would select the groups or users we want to allow to be able to log into this FTP Site.

 

Setting Up the Windows Firewall

Now that we have the FTP site all set up and ready to go, we do need to set up the firewall rules. Open up your firewall by clicking on Start, scrolling to Windows Administrative Tools, and clicking on Windows Firewall with Advanced Security.

Windows Firewall with Advanced Security link

firewall.advanced.security

We need to set some rules on the Inbound Rules section, so click on that first. It’s in the top right corner. After clicking on Inbound Rules in the top right corner under Actions, you will see a section called Inbound Rules. Under that category should be New Rule.

set Inbound Firewall Rules

You may have to click on the arrow next to Inbound Rules to see this. Click on the New Rule

setup new firewall rule

And you will be selecting the Rule Type. For FTP we will be using Port, so click on that and Next. Now you will see Protocol and Ports. For Protocol, use the setting TCP. For Specific local ports type 21, 5001-5051 and click on Next.selecting Firewall Rule Type

Now we have the Action section. By default, “Allow the connection” is selected. Keep this the way it is and press Next. Now you will be prompted for when this rule will apply.

Firewall Allow the connection

We want it always to apply so keep each network connection type box checked. There are three: Domain, Private, and Public. Click Next, and you will be naming the firewall rule. We suggest just naming it FTP Connection or something of the sort.

naming the firewall rule

You should be all set. Go ahead and log into another computer, use your favorite FTP client (such as Filezilla), enter the IP address as a host, and your newly created username and password, port number, and click connect. You are now connected FTP to your designated pathway on your server.

 

FTP on a Plesk Server

This process is a lot faster and much simpler. Here are a couple links in regards to setting it up on a Plesk Windows Server.

https://help.liquidweb.com/s/article/Creating-FTP-Users

https://help.liquidweb.com/s/article/Uploading-Files-Using-FTP-in-Plesk

You did it! You have successfully set up an FTP site so that you or the developers can now edit, copy, and remove files from their designated folders smoothly.

How to Replace MySQL with Percona on Plesk CentOS 7

Reading Time: 4 minutesThis article outlines the procedure for replacing the native MySQL®️ or MariaDB®️ service that is preinstalled on any typical Plesk Onyx 11 CentOS 7 server. The procedure outlines removal of the existing MySQL related binaries and replaces them with an adequate version of the Percona binaries. Once these Percona binaries are in place, a typical multistage MySQL Incremental version upgrade is processed to bring the existing databases and Percona binaries to the desired Percona 5.7 version. Continue reading “How to Replace MySQL with Percona on Plesk CentOS 7”

Plesk to Plesk Migration

Reading Time: 9 minutesMigrating from one Plesk installation to another is easy with the Plesk Migrator Tool! The Plesk team has done a great job creating an easy to use interface for migrating entire installations of Plesk to a new server.

If you need to move files, users, subscriptions, FTP accounts, mail and DNS servers setup through Plesk, this guide will help you successfully navigate the process and come out victorious!

We will be splitting this tutorial into three sections:

Continue reading “Plesk to Plesk Migration”

How to Install Python on Windows

Reading Time: 2 minutesPython is a popular programming language for developing applications. The Python design philosophy emphasizes code readability and focuses on clear programming for both small and large-scale projects. Python allows you to run modules and full applications from a large library of resources (or even applications you write yourself) on your server. Python works on a number of popular operating systems, including Windows Server OS.

Continue reading “How to Install Python on Windows”