Hi Guys,
I am setting up a new IIS 7.5 System, to move a classic ASP Application form IIS 6. I have not much experience with IIS 7.5, but many settings are similar to IIS 6 and the Application works fine. I am just wonderung about the Handler settings, because I just need static file and classic ASP and I deinstalled CGI and .NET at the IIS Role in Server-Manager. However a lot of handlers are still installed there.
My Questions:
1) Is it usefull for security to remove all Handlers except the satic file and .asp?
2) Could it lead into problems to remove them?
3) Some Entries (for example cshtm, aspq,... ) are listed many times and one of them has the handler "System.Web.HttpForbiddenHandler". Does this mean, the file extension is installed, but the extension is forbidden at the same time, so the handler is already disabled because of the forbidden entry?
Thanks for any help ;)