We have a website set up in IIS that is for security reasons only allowed to be accessed by itself. It sits on the same webserver as publically accesible websites.
The way this has been enforced is by having its only Binding being set to "localhost", so that only requests made via "http://localhost/" (ie this PC), will be accepted. It took me a while to spot this as I'd have thought IP Restrictions would be the normal go to place to do this.
Is it acceptable/recommended/advised against to restrict to LOCAL access only to like via binding settings? If not, is there a recommended best practice?