The web site developer (who’s not very computer literate) published the site to the root of the Default Web Site instead of to a virtual directory like she was supposed to. My boss’ solution was to create an ISA rule to allow access to the root (\*) of the Default Web Site. Is this risky?