Photo:1
Photo:2
Photo:3
Photo:4
Photo:1 Photo:2 Photo:3 Photo:4 |
| History | |
| 2>
The first Microsoft web server was a research project at European Microsoft Windows NT Academic Centre (EMWAC), part of the University of Edinburgh in Scotland, and was distributed as freeware.[1] However, since the EMWAC server was unable to scale sufficiently to handle the volume of traffic going to Microsoft.com, Microsoft was forced to develop its own web server, IIS.[2]
Almost every version of IIS was released either alongside or with a version of Microsoft Windows. IIS 1.0 was initially released as a free add-on, a set of web-based services for Windows NT 3.51. However, IIS 2.0 was included with Windows NT 4.0. IIS 3.0, which was included with Service Pack 3 of Windows NT 4, introduced the Active Server Pages dynamic scripting environment.[3] IIS 4.0 was released as part of an "Option Pack" for Windows NT 4.0 and dropped support for the Gopher protocol.[citation needed]
IIS 5.0 shipped with Windows 2000 and introduced additional authentication methods, management enhancements including a new MMC-based administration application, support for the WebDAV protocol, and enhancements to ASP.[4] IIS 5.1 was shipped with Windows XP Professional, and was nearly identical to IIS 5.0 on Windows 2000 except for several limitations Microsoft introduced. IIS 5.1 supported only 10 simultaneous connections and supported only a single web site.[5][6] IIS 6.0, included with Windows Server 2003 and Windows XP Professional x64 Edition, added support for IPv6 and included a new worker process model that increased security as well as reliability.[7]
IIS 7.0 was a complete redesign and rewrite of IIS, and was shipped with Windows Vista and Windows Server 2008. IIS 7.0 included a new modular design that allowed for a reduced attack surface and increased performance. IIS 7.0 also introduced a hierarchical configuration system allowing for simpler site deploys, a new Windows Forms-based management application, new command line management options and increased support for the .NET Framework.[8] IIS 7.0 on Vista does not limit the number of allowed connections as IIS on XP did, but limits concurrent requests to 10 (Windows Vista Ultimate, Business, and Enterprise Editions) or 3 (Vista Home Premium). Additional requests are queued, which hampers performance, but they are not rejected as with XP.
The current shipping version of IIS is IIS 7.5, included in Windows 7 and Windows Server 2008 R2. IIS 7.5 improved WebDAV and FTP modules as well as command line administration in PowerShell. It also introduced Best Practices Analyzer tool and process isolation for application pools.[9]
[edit] Tags:Microsoft,Windows Nt 3.51,Web Server,Microsoft Windows,Ftp,Windows Server,Windows Xp,Windows Vista,Windows 7,Edit,University Of Edinburgh,Freeware,Microsoft.com,Service Pack,Active Server Pages,Gopher Protocol,Mmc,Webdav,Asp,Windows Server 2003,Windows Xp Professional X64 Edition,Ipv6,Windows Forms,.net Framework,Windows Server 2008 R2,Powershell,Windows Nt 4.0,Windows 2000,Windows Xp Professional,Windows Server 2008,Attack Surface,Authentication,Com,Search,Shell,Services, | |
| Versions | |
| 3>
IIS 1.0, Windows NT 3.51 available as a free add-on
IIS 2.0, Windows NT 4.0
IIS 3.0, Windows NT 4.0 Service Pack 2[10]
IIS 4.0, Windows NT 4.0 Option Pack
IIS 5.0, Windows 2000
IIS 5.1, Windows XP Professional and Windows XP Media Center Edition (requires retail CD)
IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
IIS 7.0, Windows Server 2008 and Windows Vista (Home Premium, Business, Enterprise and Ultimate editions)
IIS 7.5, Windows Server 2008 R2 and Windows 7 (Home Premium, Professional, Enterprise and Ultimate editions)
[edit] Tags:Windows Xp Media Center Edition,Media Center, | |
| Usage | |
| 2>
As of October 2011[update], IIS is the second most used server in the world, after Apache HTTP Server. It is used on 15.66% of servers and responds to 12.46% of total requests.[11]
[edit] Tags:Http,Apache Http Server, | |
| Security | |
| 2>
Earlier versions of IIS were hit with a number of vulnerabilities, especially the CA-2001-13 which led to the infamous Code Red worm;[12] however, both versions 6.0 and 7.0 currently have no reported issues with this specific vulnerability.[13][14] In IIS 6.0 Microsoft opted to change the behaviour of pre-installed ISAPI handlers,[15] many of which were culprits in the vulnerabilities of 4.0 and 5.0, thus reducing the attack surface of IIS. In addition, IIS 6.0 added a feature called "Web Service Extensions" that prevents IIS from launching any program without explicit permission by an administrator.
In the current release, IIS 7, the components are provided as modules so that only the required components have to be installed, thus further reducing the attack surface. In addition, security features are added such as Request Filtering, which rejects suspicious URLs based on a user-defined rule set.[16]
By default IIS 5.1 and lower run websites in-process under the SYSTEM account,[17] a default Windows account with 'superuser' rights. Under 6.0 all request handling processes have been brought under a Network Services account with significantly fewer privileges so that should there be a vulnerability in a feature or in custom code it won't necessarily compromise the entire system given the sandboxed environment these worker processes run in.[18] IIS 6.0 also contained a new kernel HTTP stack (http.sys) with a stricter HTTP request parser and response cache for both static and dynamic content.[19]
According to Secunia, as of June 2011[update], IIS 7 had a total of 6 resolved vulnerabilities while[14] IIS 6 had a total of 11 vulnerabilities out of which 1 was still unpatched. The unpatched security advisory has a severity rating of 2 out of 5.[13]
In June 2007, a Google study of 80 million domains concluded that while the IIS market share was 23% at the time, IIS servers hosted 49% of the world's malware, the same as Apache servers whose market share was 66%. The study also observed the geographical location of these dirty servers and suggested that the cause of this could be the use of pirated copies of Windows for which security updates were unavailable.[20] This is no longer the case: Microsoft supplies security updates to all users.[21][22]
[edit] Tags:Vulnerabilities,Code Red Worm,Isapi,Sandboxed,Secunia,Apache Servers,Kernel, | |
| Features | |
| 2>
The architecture of IIS 7 is modular. Modules, also called extensions, can be added or removed individually so that only modules required for specific functionality have to be installed. IIS 7 includes native modules as part of the full installation. These modules are individual features that the server uses to process requests and include the following:[23]
HTTP modules – Used to perform tasks specific to HTTP in the request-processing pipeline, such as responding to information and inquiries sent in client headers, returning HTTP errors, and redirecting requests.
Security modules – Used to perform tasks related to security in the request-processing pipeline, such as specifying authentication schemes, performing URL authorization, and filtering requests.
Content modules – Used to perform tasks related to content in the request-processing pipeline, such as processing requests for static files, returning a default page when a client does not specify a resource in a request, and listing the contents of a directory.
Compression modules – Used to perform tasks related to compression in the request-processing pipeline, such as compressing responses, applying Gzip compression transfer coding to responses, and performing pre-compression of static content.
Caching modules – Used to perform tasks related to caching in the request-processing pipeline, such as storing processed information in memory on the server and using cached content in subsequent requests for the same resource.
Logging and Diagnostics modules – Used to perform tasks related to logging and diagnostics in the request-processing pipeline, such as passing information and processing status to HTTP.sys for logging, reporting events, and tracking requests currently executing in worker processes.
IIS 6.0 and higher support the following authentication mechanisms:[24]
Anonymous authentication
Basic access authentication
Digest access authentication
Integrated Windows Authentication
UNC authentication
.NET Passport Authentication (Removed in Windows Server 2008 and IIS 7.0)[25]
Certificate authentication
IIS 7.5 includes the following additional or enhanced security features:[26]
Client Certificate Mapping
IP Security
Request Filtering
URL Authorization
Authentication changed slightly between IIS 6.0 and IIS 7, most notably in that the anonymous user which was named "IUSR_{machinename}" is a built-in account in Vista and future operating systems and named "IUSR". Notably, in IIS 7, each authentication mechanism is isolated into its own module and can be installed or uninstalled.[25]
[edit] Tags:Operating System,Basic Access Authentication,Digest Access Authentication,Integrated Windows Authentication,.net Passport Authentication, | |
| IIS Express | |
| 2>
IIS Express, a lightweight version of IIS, is available as a standalone freeware server and may be installed on Windows XP with Service Pack 3 and subsequent versions of Microsoft Windows. IIS 7.5 Express supports only the HTTP and HTTPS protocols.[27] IIS Express can be downloaded separately[28] or as a part of Microsoft WebMatrix.[29]
[edit] Tags:Https,Microsoft Webmatrix, | |
| Extensions | |
| 2>
IIS releases new feature modules between major version releases to add new functionality. The following extensions are available for IIS 7.5:
FTP Publishing Service – Lets Web content creators publish content securely to IIS 7 Web servers with SSL-based authentication and data transfer.[30]
Administration Pack – Adds administration UI support for management features in IIS 7, including ASP.NET authorization, custom errors, FastCGI configuration, and request filtering.[31]
Application Request Routing – Provides a proxy-based routing module that forwards HTTP requests to content servers based on HTTP headers, server variables, and load balance algorithms.[32]
Database Manager – Allows easy management of local and remote databases from within IIS Manager.[33]
Media Services – Integrates a media delivery platform with IIS to manage and administer delivery of rich media and other Web content.[34]
URL Rewrite Module – Provides a rule-based rewriting mechanism for changing request URLs before they are processed by the Web server.[35]
WebDAV – Lets Web authors publish content securely to IIS 7 Web servers, and lets Web administrators and hosters manage WebDAV settings using IIS 7 management and configuration tools.[36]
Web Deployment Tool – Synchronizes IIS 6.0 and IIS 7 servers, migrates an IIS 6.0 server to IIS 7, and deploys Web applications to an IIS 7 server.[37]
[edit] Tags: | |
| See also | |
| 2>
IIS topics
IIS Metabase
LogParser
Microsoft Personal Web Server
Windows Activation Services
Similar servers
Comparison of web servers
List of FTP server software
List of mail servers
[edit] Tags:Mail Server,Ftp Server,Iis Metabase,Logparser,Microsoft Personal Web Server,Windows Activation Services,Comparison Of Web Servers,List Of Ftp Server Software,List Of Mail Servers, | |
| References | |
| 2>
^ "Windows NT Internet Servers". Microsoft. July 10, 2002. http://support.microsoft.com/kb/120734.
^ Kramer, Dave (December 24, 1999). "A Brief History of Microsoft on the Web". Microsoft corporation. http://www.microsoft.com/misc/features/features_flshbk.htm.
^ "Microsoft ASP.NET 2.0 Next Stop on Microsoft Web Development Roadmap". http://www.directionsonmicrosoft.com/sample/DOMIS/update/2004/08aug/0804a2nsow.htm.
^ "Chapter 1 - Overview of Internet Information Services 5.0". http://technet.microsoft.com/en-us/library/bb742405.aspx. Retrieved 2010-10-25.
^ "Internet Information Services 5.1". http://www.microsoft.com/windowsxp/evaluation/features/iis.mspx. Retrieved 2007-07-20.
^ "IIS Answers - IIS5.1 on XP Pro". http://www.iisanswers.com/IIS51.htm. Retrieved 2010-10-25.
^ "What's New In IIS 6.0?". http://www.devx.com/webdev/Article/17085/. Retrieved 2010-11-25.
^ "IIS 7.0: Explore The Web Server For Windows Vista and Beyond". http://msdn.microsoft.com/en-us/magazine/cc163453.aspx. Retrieved 2010-11-25.
^ "What's New in Web Server (IIS) Role in Windows 2008 R2". http://technet.microsoft.com/en-us/library/dd560629(WS.10).aspx. Retrieved 2010-11-25.
^ Release notes on SP2 CD.
^ "October 2011 Web Server Survey". Netcraft. Netcraft Ltd.. 6 October 2011. http://news.netcraft.com/archives/2011/10/06/october-2011-web-server-survey.html. Retrieved 15 October 2011.
^ "CA-2001-13 Buffer Overflow In IIS Indexing Service DLL". CERT® Advisory. Computer emergency response team. 17 January 2002. http://www.cert.org/advisories/CA-2001-13.html. Retrieved 1 July 2011.
^ a b "Vulnerability Report: Microsoft Internet Information Services (IIS) 6". Secunia. Secunia ApS. http://secunia.com/advisories/product/1438/?task=statistics. Retrieved 1 July 2011.
^ a b "Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x". Secunia. Secunia ApS. http://secunia.com/advisories/product/17543/?task=statistics. Retrieved 1 July 2011.
^ "IIS Installs in a Locked-Down Mode (IIS 6.0)". Microsoft Developer Network (MSDN). Microsoft Corporation. http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/54257c42-d723-4b12-badf-f4902c195821.mspx?mfr=true. Retrieved 1 July 2011.
^ Kenneth, Schaefer (2011). "Core Server". Professional IIS 7. Hoboken, New Jersey: John Wiley and Sons. ISBN 9781118058558.
^ "How To: Run Applications Not in the Context of the System Account in IIS (Revision 5.1)". Microsoft Support. Microsoft Corporation. 7 July 2008. Default Installation. http://support.microsoft.com/kb/319067/. Retrieved 20 July 2007.
^ Henrickson, Hethe; Hofmann, Scott R. (2003). "Chapter 15: ASP.NET Web Services". IIS 6: the complete reference. New York City: McGraw-Hill Professional. p. 482. ISBN 9780072224955.
^ Henrickson, Hethe; Hofmann, Scott R. (2003). "Chapter 1: IIS Fundamentals". IIS 6: the complete reference. New York City: McGraw-Hill Professional. p. 17. ISBN 9780072224955.
^ "Web Server Software and Malware". http://googleonlinesecurity.blogspot.com/2007/06/web-server-software-and-malware.html.
^ "Windows Pirates Encouraged to Install Security Updates". Technology Live (USA Today). February 2010. http://content.usatoday.com/communities/technologylive/post/2010/02/windows-pirates-encouraged-to-install-security-updates/1. Retrieved 18 July 2011.
^ Cooke, Paul (27 April 2009). "Who Gets Windows Security Updates?". Windows Security Blog. Microsoft Corporation. http://windowsteamblog.com/windows/b/windowssecurity/archive/2009/04/27/who-gets-windows-security-updates.aspx. Retrieved 18 July 2011.
^ Templin, Reagan (11 August 2010). "Introduction to IIS 7 Architecture". IIS.net. Microsoft Corporation. IIS 7 Modules. http://learn.iis.net/page.aspx/101/introduction-to-iis-7-architecture/. Retrieved 16 July 2011.
^ "Authentication Methods Supported in IIS 6.0 (IIS 6.0)". IIS 6.0 Documentation. Microsoft corporation. http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true. Retrieved 13 July 2011.
^ a b "Changes Between IIS 6.0 and IIS 7 Security". IIS.net. Microsoft Corporation. 7 February 2010. http://learn.iis.net/page.aspx/110/changes-between-iis-60-and-iis-7-security/. Retrieved 13 July 2011.
^ "Available Web Server (IIS) Role Services in IIS 7.5". Microsoft TechNet. Microsoft Corporation. http://technet.microsoft.com/en-us/library/cc753473.aspx. Retrieved 13 July 2011.
^ "IIS Express FAQ". The Official Microsoft IIS Site. Microsoft corporation. January 14, 2011. http://learn.iis.net/page.aspx/901/iis-express-faq/. Retrieved January 27, 2011.
^ "Download details: Internet Information Services (IIS) 7.5 Express". Microsoft Download Center. Microsoft corporation. January 10, 2011. http://www.microsoft.com/downloads/en/details.aspx?FamilyID=abc59783-89de-4adc-b770-0a720bb21deb. Retrieved January 27, 2011.
^ "IIS Express Overview". The Official Microsoft IIS Site. Microsoft corporation. January 14, 2011. http://learn.iis.net/page.aspx/868/iis-express-overview/. Retrieved January 27, 2011.
^ "FTP Publishing Service". IIS.net. Microsoft Corporation. http://www.iis.net/download/FTP. Retrieved 17 July 2011.
^ "Administration Pack". IIS.net. Microsoft Corporation. http://www.iis.net/download/AdministrationPack. Retrieved 17 July 2011.
^ "Application Request Routing". IIS.net. Microsoft Corporation. http://www.iis.net/download/ApplicationRequestRouting. Retrieved 17 July 2011.
^ "Database Manager". IIS.net. Microsoft Corporation. http://www.iis.net/download/DatabaseManager. Retrieved 17 July 2011.
^ "IIS Media Services". IIS.net. Microsoft Corporation. http://www.iis.net/media. Retrieved 30 July 2011.
^ "URL Rewrite". IIS.net. Microsoft Corporation. http://www.iis.net/download/URLRewrite. Retrieved 17 July 2011.
^ "WebDAV Extension". IIS.net. Microsoft Corporation. http://www.iis.net/download/webDAV. Retrieved 17 July 2011.
^ "Web Deploy 2.0". IIS.net. Microsoft Corporation. http://www.iis.net/download/webdeployq. Retrieved 17 July 2011.
[edit] Tags:Microsoft Developer Network,Ole, | |
| External links | |
| 2>
IIS.NET – The Official Microsoft IIS Site
IIS 7.5 Product Page – Windows Server 2008 R2
Security Guidance for IIS – Microsoft TechNet
Microsoft Web Platform Installer – A free tool to install IIS and other components of the Microsoft Web Platform
Microsoft WebsiteSpark Program – A program that offers IIS and other Microsoft Web Platform products at no upfront cost for 3 years
v
d
e
Microsoft Windows components
Core
Active Scripting
WSH
VBScript
JScript
Aero
AutoPlay
AutoRun
ClearType
COM
ActiveX
ActiveX Document
COM Structured storage
DCOM
OLE
OLE Automation
Transaction Server
Desktop Window Manager
DirectX
Explorer
Graphics Device Interface
Imaging Format
.NET Framework
Search
IFilter
Saved search
Server Message Block
Shell
Extensions
Namespace
Special Folders
Start menu
Previous Versions
Taskbar
Windows USER
Win32 console
XML Paper Specification
Management tools
Backup and Restore Center
CHKDSK
cmd.exe
Control Panel
Applets
Device Manager
Disk Cleanup
Disk Defragmenter
Driver Verifier
Event Viewer
IEAK
IExpress
Management Console
Netsh
Problem Reports and Solutions
Resource Monitor
‎Sysprep
System Policy Editor
System Configuration
ScanDisk
System File Checker
System Restore
Task Manager
WMI
Windows Installer
Windows PowerShell
Windows Update
WAIK
WinSAT
Windows Easy Transfer
Applications
Calculator
Character Map
Contacts
DVD Maker
Fax and Scan
Internet Explorer
Journal
Magnifier
Media Center
Media Player
Mobile Device Center
Mobility Center
Narrator
Notepad
Paint
Windows Photo Viewer
Private Character Editor
Remote Assistance
Windows Desktop Gadgets
Snipping Tool
Sound Recorder
Store
Speech Recognition
Tablet PC Input Panel
WordPad
Portable Workspace Creator
Games
3D Pinball for Windows - Space Cadet
Chess Titans
FreeCell
Hearts
Hover!
Hold 'Em
Inkball
Mahjong Titans
Minesweeper
Purble Place
Reversi
Solitaire
Spider Solitaire
Microsoft Tinker
Kernel
Ntoskrnl.exe
hal.dll
System Idle Process
Registry
DLL
EXE
NTLDR / Boot Manager
Winlogon
Recovery Console
I/O
WinRE
WinPE
Kernel Patch Protection
Services
SCM
BITS
Task Scheduler
Wireless Zero Configuration
Shadow Copy
Error Reporting
Multimedia Class Scheduler
CLFS
File systems
NTFS
Hard link
Junction point
Mount Point
Reparse point
Symbolic link
TxF
EFS
WinFS
FAT
FAT12
FAT16
FAT32
exFAT
CDFS
UDF
DFS
IFS
Server
Domains
Active Directory
DNS
Group Policy
Roaming user profiles
Folder redirection
Distributed Transaction Coordinator
MSMQ
Windows Media Services
Rights Management Services
IIS Tags:Type,Active Scripting,Wsh,Vbscript,Jscript,Aero,Autoplay,Autorun,Cleartype,Activex,Activex Document,Com Structured Storage,Dcom,Ole Automation,Transaction Server,Desktop Window Manager,Directx,Explorer,Graphics Device Interface,Imaging Format,Ifilter,Server Message Block,Namespace,Special Folders,Start Menu,Previous Versions,Taskbar,Windows User,Win32 Console,Backup And Restore Center,Chkdsk,Cmd.exe,Control Panel,Applets,Device Manager,Disk Cleanup,Disk Defragmenter,Driver Verifier,Event Viewer,Ieak,Iexpress, | |
z³ote monety view link view link view link view link view link |