IIS explained


Internet Information Services (IIS) - formerly called Internet Information Server - is a set of Internet-based services for servers created by Microsoft for use with Microsoft Windows. It is the world's second most popular web server in terms of overall websites, trailing far behind the industry leader Apache HTTP Server. As of June 2008 it served 35.39% of all websites according to Netcraft. The servers currently include FTP, SMTP, NNTP, and HTTP/HTTPS.

Versions


  • IIS 1.0, Windows NT 3.51 available as a free add-on
  • IIS 2.0, Windows NT 4.0
  • IIS 3.0, Windows NT 4.0 Service Pack 3
  • IIS 4.0, Windows NT 4.0 Option Pack
  • IIS 5.0, Windows 2000
  • IIS 5.1, Windows XP Professional,Windows MCE
  • IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
  • IIS 7.0, Windows Server 2008 and Windows Vista and Windows 7 (Pre-beta)

History


The first Microsoft webserver was a research project by the European Microsoft Windows NT Academic Centre (EMWAC), part of the University of Edinburgh in Scotland, and was distributed as freeware. However since the EMWAC server was unable to scale sufficiently to handle the volume of traffic going to microsoft.com, Microsoft was forced to develop its own webserver, IIS.

IIS was initially released as an additional set of Internet based services for Windows NT 3.51. IIS 2.0 followed, adding support for the Windows NT 4.0 operating system; and IIS 3.0 introduced the Active Server Pages dynamic scripting environment.

IIS 4.0 dropped support for the Gopher protocol and was bundled with Windows NT as a separate "Option Pack" CD-ROM.

The current shipping version of IIS is 7.0 for Windows Vista and Windows Server 2008, 6.0 for Windows Server 2003 and Windows XP Professional x64 Edition, and IIS 5.1 for Windows XP Professional. Windows XP has a restricted version of IIS 5.1 that supports only 10 simultaneous connections and a single web site. IIS 6.0 added support for IPv6. A FastCGI module is also available for IIS5.1, IIS6 and IIS7.

IIS 7.0 is not installed by Windows Vista by default but it can be selected from the list of optional components. It is available in all editions of Windows Vista save Home Basic and Starter. IIS 7 on Vista does not limit the number of allowed connections as IIS on XP did but limits concurrent requests to 10 (Windows Vista Ultimate, Business, and Enterprise Editions) or 3 (Vista Home Premium). Additional requests are queued which hampers performance but they are not rejected as with XP which resulted in the 'server too busy' error message.

Security


Earlier versions of IIS were hit with a number of vulnerabilities, chief among them CA-2001-19 which led to the infamous Code Red worm; however, both versions 6.0 and 7.0 currently have no reported issues that affect them. In IIS 6.0 Microsoft opted to change the behaviour of pre-installed ISAPI handlers, many of which were culprits in the vulnerabilities of 4.0 and 5.0, thus reducing the attack surface of IIS. In addition, IIS 6.0 added a feature called "Web Service Extensions" that prevents IIS from launching any program without explicit permission by an administrator. With the current release IIS 7.0 the components are modularised so that only the required components have to be installed, thus further reducing the attack surface. In addition, security features are added such as URLFiltering which rejects suspicious URLs based on a user-defined rule set.

By default IIS 5.1 and lower run websites in-process under the SYSTEM account, a default Windows account with 'superuser' rights. Under 6.0 all request handling processes have been brought under a Network Services account with significantly fewer privileges so that should there be an vulnerability in a feature or custom code it won't necessarily compromise the entire system given the sandboxed environment these worker processes run in. IIS 6.0 also contained a new kernel HTTP stack (http.sys) with a stricter HTTP request parser and response cache for both static and dynamic content.

Authentication Mechanisms


IIS 5.0 and higher support the following authentication mechanisms:
  • Basic access authentication
  • Digest access authentication
  • Integrated Windows Authentication
  • .NET Passport Authentication

Version 7.0


Debuting with Windows Vista, and included in Windows Server 2008, IIS 7.0 features a modular architecture. Instead of a monolithic server which features all services, IIS 7 has a core web server engine. Modules offering specific functionality can be added to the engine to enable its features. The advantage of having this architecture is that only the features required can be enabled and that the functionalities can be extended by using custom modules.

IIS 7 will ship with a handful of modules, but Microsoft will make other modules available online. The following sets of modules are slated to ship with the server:

  1. HTTP Modules
  2. Security Modules
  3. Content Modules
  4. Compression Modules
  5. Caching Modules
  6. Logging and Diagnostics Modules


Writing extensions to IIS 7 using ISAPI has been deprecated in favor of the module API, which allows modules to be plugged in anywhere within the request processing pipeline. Much of IIS's own functionality is built on this API, and as such, developers will have much more control over a request process than was possible in prior versions. Modules can be written using C++, or using the IHttpModule interface from a .NET Framework language. Modules can be loaded globally where the services provided by the module can effect all sites, or loaded on a per-site basis. IIS 7 has an integrated mode application pool where .NET modules are loaded into the pipeline using the module API, rather than ISAPI. As a result ASP.NET code can be used with all requests to the server. For applications requiring strict IIS 6.0 compatibility, the Classic application pool mode loads asp.NET as an ISAPI.

A significant change from previous versions of IIS is that all Web server configuration information is stored solely in XML configuration files, instead of in the metabase. The server has a global configuration file that provides defaults, and each virtual web's document root (and any subdirectory thereof) may contain a web.config containing settings that augment or override the defaults. Changes to these files take effect immediately. This marks a significant departure from previous versions whereby web interfaces, or machine administrator access, were required to change simple settings such as default document, active modules and security/authentication. It also eliminates the need to perform metabase synchronization between multiple servers in a farm of web servers.

IIS 7 also features a completely rewritten administration interface that takes advantage of modern MMC features such as task panes and asynchronous operation. Configuration of ASP.NET is more fully integrated into the administrative interface.

Other changes:
  • PICS content ratings, support for Microsoft Passport, and server-side image maps are no longer included.
  • Executing commands via server-side includes is no longer permitted.
  • IISRESET -reboot has been removed.
  • The CONVLOG tool, which converts IIS log files into NCSA format, has been removed.
  • Support for enabling a folder for "Web Sharing" via the Windows Explorer interface has been removed.
  • IIS Media Pack (see below), which allows IIS to be used as a bare-bones media server, without using Windows Media Services.
  • New FTP module, that integrates with the new configuration store, as well as the new management environment.

IIS Media Pack


The IIS Media Pack is a set of free add-on modules for delivering digital audio and video files from an Internet Information Services 7.0 (IIS7) Web server. Download delivery from a Web server to media player software is often as a progressive download, which allows the end user's media player to quickly start rendering the media file even as the download is still in progress. Examples of media player software that will work with the IIS Media Pack include Adobe Flash Player, Apple QuickTime Player, RealNetworks RealPlayer, Microsoft Windows Media Player, and Microsoft Silverlight. The IIS Media Pack provides some of the cost savings and content control benefits of streaming media servers to Web server delivery of media files.

The first module, Bit Rate Throttling, was released to the general public on March 14, 2008. For media files, Bit Rate Throttling downloads the first few seconds of the file as fast as possible, allowing playback to begin very quickly, and then automatically detects the encoded bit rate of the file and meters out the rest of the download at that bit rate. If an end user stops playback before the end of the file, the server has only downloaded a few more seconds of file than were actually consumed, reducing bandwidth costs when compared to traditional send-and-forget HTTP downloads. Metering the delivery of media files also reduces overall bandwidth and CPU usage on the IIS server, freeing resources to serve a higher number of concurrent users. The following eleven media file formats are supported by default in the Bit Rate Throttling module: ASF, AVI, FLV, M4V, MOV, MP3, MP4, RM, RMVB, WMA, WMV. Additional media file formats can be added using the IIS configuration system. Non-media files may also be throttled at a server-administrator-specified delivery rate.

The second module is called Web Playlists, and is now in its second Customer Technology Preview (CTP) release. This feature allows an IIS server administrator to specify a sequenced playback order for a set of media files without exposing the source URLs. Playback order and the ability to limit whether an end user can seek within or skip a file are controlled on the IIS server. The Web Playlists feature can also be used to dynamically generate personalized playlists for users.


<-- Previous | Home Glossary | Next -->

📖 Latest blogs mentioning IIS

🏆 Alexa 770,715 - 📅 - SmarterMail Build 8747 - Build 8747 IMPORTANT: All secure port bindings must be configured to use a certificate file that includes the private key. Bindings that don’t contain a private key will not function as expected and will show an “Invalid certificate” ...
koddos.net Icon 🏆 Alexa 223,484 - 📅 - Lazarus Hacking Group Launches Hacking Attacks Targeting Microsoft IIS Servers - The Lazarus hacking group, which is a state-sponsored hacker group in North Korea, has continued to launch hacking attacks. This group has been accused of infiltrating the Windows Internet Information Service (IIS) web servers to illegally gain ...
koddos.net Icon 🏆 Alexa 223,484 - 📅 - Lazarus Hacking Group Obtains Initial Access By Exploiting Vulnerable Windows IIS Web Servers - The notorious North Korean hacking group, the Lazarus Group, is now launching attacks targeting vulnerable Windows Internet Information Services (IIS) web servers. The exploits in question are being done to give the threat actors initial access to ...
everleap.com Icon 🏆 Alexa 516,494 - 📅 - Is malicious traffic bypassing CloudFlare on your IIS site? Here’s how to stop it. - In my last blog post, I discussed how you can use CloudFlare to prevent bad bots from getting to your site. But, what happens if the bad traffic still remembers your old IP number for the original web server and the bots still get through. Recently ...
vcclhosting.com Icon 🏆 Alexa 282,979 - 📅 - How to Install IIS web server on Windows Server 2019 - Here is a step-by-step guide on how to install an IIS web server on Windows Server 2019: ⦁ Open the Server Manager on your Windows Server 2019 machine. ⦁ In the Server Manager, click on the “Add roles and features” option. ⦁ On the “Before you ...
vcclhosting.com Icon 🏆 Alexa 282,979 - 📅 - How to Install .NET on Windows Server 2019 - Even today, IIS is a famous desire for lots of internet builders or internet software hosting Services, because it gives many functions and may be difficult to incorporate with different Microsoft products. However, for people, especially from a ...
netspaceindia.com Icon 🏆 Alexa 539,754 - 📅 - Web Server Types: Apache vs Nginx vs IIS vs Lighttpd - There are different types of Web servers which are crucial component of the internet and are responsible for serving up the pages we view on our web browsers. There are several different types of web servers available some of them are Apache, Nginx,

📋 Latest news about IIS

DiscountASP.NET Offers IIS Tool Beta - 📅 - Among the news to emerge from Microsoft's Professional Developers Conference taking place this week in Los Angeles was an announcement from Microsoft partner DiscountASP.NET (www.discountasp.net) that the company had teamed with the software giant to offer a beta sandbox hosting environment for the Web Deployment ...
AppliedI Adds IIS 7, SQL 2008 - 📅 - Shared hosting provider Applied Innovations (appliedi.net), announced late last week that it has added a new group of shared hosting plans and managed dedicated servers using Internet Information Server 7 and MS SQL 2008. The company, a Microsoft Gold Certified partner, says it has been offering ...
DotNetPanel Offers IIS 7.0 Support - 📅 - Web hosting control panel provider DotNetPanel Software (dotnetpanel.com) announced last week it is offering a new version of its DotNetPanel control panel with Internet Information Services 7.0 support. Using the features of the latest Windows Server 2008 RC with IIS 7 and FTP 7, DotNetPanel ...
Microsoft to Rewrite IIS, Release Patches - 📅 - Microsoft (microsoft.com) has decided to take action after Gartner security analyst John Pescatore resolved that businesses should replace Microsoft's server, IIS, for more stable alternatives, reported the Register yeterday. MS head office is telling its sales channel that version 6.0 of IIS will ...
Microsoft IIS Gets Protection From Zeus - 📅 - Zeus Technology Limited (zeus.com), a provider of Web server software and solutions, announced that its customers will now be able to evaluate the Zeus Secure Web Serving Solution. The Secure Web Serving Solution is designed to sit in front of Microsoft's IIS Web server, identifying and discarding ...
Microsoft Releases Critical IIS Patch - 📅 - Microsoft Corp. (microsoft.com), announced on Wednesday that it has released a cumulative patch for its Internet Information Server that fixes more than ten holes in the Web server software, including several critical patches for vulnerabilities that could allow a hacker to take complete control of a machine. ...
Microsoft Launches IIS Promotion Push - 📅 - Software giant Microsoft (microsoft.com) has launched a campaign designed to attract new customers to its Windows Server 2003 platform, according to research and analysis firm Netcraft (netcraft.com). Microsoft launched TRYIIS.com (tryiis.com) last Monday, a Web site devoted to marketing the server ...