Avatar of nav2567
nav2567Flag for United States of America

asked on 

Present a secured site maintenance page.

Dear Experts,

We have a IIS secured website which has yet to pass a penetration test before we can open it to public access.

Is there a secured way we could allow some sort of static page for external access site until the pen test is completed?

The website is already linked to a secured certificate which has the site's common name defined.  Basically, we want to present a maintenance page just to relay the information that the site is not available or not yet active.

Please advise if this is doable or not.

Thanks in advance ;)
Microsoft IIS Web ServerSecuritySSL / HTTPS

Avatar of undefined
Last Comment
Avatar of btan

Can consider a http redirect and limit to specific location in server.
To configure the content to come from only the specified destination directory, use the following syntax:
appcmd set config /section:httpRedirect /childOnly:true | false
By default, this attribute is false, but you specify true for the childOnly attribute. To do this, type the following at the command prompt, and then press ENTER:
appcmd set config /section:httpRedirect /childOnly:true

Another is that you could set that site up to serve the same page for all requests, regardless of the request URL. The strategy is to stop website regardless of the request coming in
Assuming you have IIS Scripting installed, open an elevated PowerShell:

import-module webadministration

Consider stopping all sites except the Offline one:

Get-ChildItem IIS:\Sites | Where {$_.Name -ne "Offline"} | Stop-WebSite

when the SQL-Server is back up, start them up again:

Get-ChildItem IIS:\Sites | Where {$_.Name -ne "Offline"} | Start-WebSite

For FTP sites, the commands will show an error. You cannot pipe an FTP site to a Stop-WebSite cmdlet, but it still works for all the web sites.

For sites that are not running alright, consider to exclude them:

Where {$_.Name -ne "Offline" -and $_.Name -ne "foobar.com"}

If there is no PowerShell cmdlets for IIS installed, you can explore appcmd.exe  
Avatar of nav2567
Flag of United States of America image



The website is already binded to a SSL certificate and we open only 443 on our firewall.

Will redirect work?
Avatar of btan

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Microsoft IIS Web Server
Microsoft IIS Web Server

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo