Securing Access to Responder Web

Setting up HTTPS

This optional configuration allows you to host the entire Responder Web application using HTTPS.

Browse to the web.config file at this location: C:\Inetpub\wwwroot\Responder.
Open Web.config. You can edit the file by opening it in an XML application (such as XML Spy) or by opening it in a simple text editing program (such as Notepad).
Insert the following two options in the appSettings section, if not already added, to disable URL path inspection:
```
    <add key="secureByUrls" value="false"/>
    <add key="undoUrlSecuring" value="false"/>
```
Save and close Web.config.
Set up IIS to require HTTPS for communication to the entire application:

Windows 7

Open and follow the steps in the "How to Set Up SSL on IIS 7" article from Learn.IIS.net.

Windows 2008 R2 and Windows 2012

Open and follow the steps in the "How to Install Your SSL Certificate to Your Windows 2008 Server" article or the "How to Install and Configure Your SSL Certificate on Windows Server 2012" article from DigiCert.com.

Windows 2000 and Windows 2003

Open and follow the steps in the "How to Set Up an HTTPS Service in IIS" article from Microsoft.

If you want to expose Responder Web to users outside an internal network, ensure that all communication with the application is secure by making all application requests through SSL, as noted above. In addition, we recommend allowing access of only the necessary elements of Responder Web for the appropriate roles.