Securing Access to Responder Web

Setting up HTTPS

This optional configuration allows you to host the entire Responder Web application using HTTPS.

Browse to the web.config file at this location: C:\Inetpub\wwwroot\Responder.
Open Web.config. You can edit the file by opening it in an XML application (such as XML Spy) or by opening it in a simple text editing program (such as Notepad).
Insert the following two options in the appSettings section, if not already added, to disable URL path inspection:
```
    <add key="secureByUrls" value="false"/>
    <add key="undoUrlSecuring" value="false"/>
```
Save and close Web.config.
Setup IIS to require HTTPS for communication to the entire application:

Windows 7

Open and follow the steps in the "How to Set Up SSL on IIS 7" article from Learn.IIS.net.

Windows 2000 and Windows 2003

Open and follow the steps in the "How To Set Up an HTTPS Service in IIS" article from Microsoft.

If you want to expose Responder Web to users outside an internal network, ensure that all communication with the application is secure, by making all application requests through SSL as noted above. In addition, we recommend allowing access of only the necessary elements of Responder Web for the appropriate roles.