How to disable IIS default website


The global health crisis affected all sectors worldwide. Due to this 90% of the workers are doing work from home and this will shoot many security questions. Is this secure? No. Most of the customers are worried about the security issues as there will be a drastic security breach due to work from home. One of our customer highlighted security breach using IIS. This post will covers how to restrict users from accessing Default IIS page and Virtual Directory

When you enter default URL of IIS directory, default IIS page opens up. http://<Server Name>/. As unnecessarily we are giving access to server virtual directory, this becomes a security concern.

Open IIS

  • Open Run
  • Type inetmgr and click on .This will open IIS page

IIS page has been opened. Expand below

  • Server node
  • Sites

Click on  Default website and double click on default document

Select Default.htm. On the right side tab we can see that its already enabled.

Or else we can check if IIS default website is enabled or not.

Type http://<Server Name>/ in Run and click on

This will open the default website

How to disable?

To disable the default website, right click on default.htm and select the Disable option. The close the IIS

How to check if this disabled ?

Type http://<Server Name>/ in Run and click on

If the default website is disabled, this will give HTTP Error 403.14 – Forbidden error. Hence restrict Users from accessing Default IIS page and Virtual Directory

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 2

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

2 thoughts on “How to disable IIS default website

Leave a Reply

Your email address will not be published. Required fields are marked *