Based on security audit, I am addressing audit findings and eventually I am stack with one item:
124242 : Microsoft .NET Handlers Enumeration
Risk 1 : Web Services
It is possible to obtain the list of handlers the remote ASP.NET web server supports.
Solution:
None
References:
http://support.microsoft.com/kb/815145
Credit:
Tenable : 2009-12-04
I am running ASP.NET 2.0 application on Windows 2008 R2 server and I don't have ISA Server installed.
I feel that I need to configure some rules in Windows Firewall or URLScan, but I don't understand which one exactly.
Using this page http://www.iis.net/ConfigReference/system.webServer/handlers we found that access policy can be changed.
So pick one you like and apply using command string:
%systemroot%\system32\inetsrv\Appcmd set config "instancename/files" /section:handlers /accessPolicy:NoRemoteRead /commit:apphost
Place your instance name instead of "instancename".
Hope this helps.
Good luck.