We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

New IIS7 Article: Building a Custom, Secure and Reduced Footprint Web Server RSS

0 replies

Last post Jun 09, 2006 01:14 AM by bills

  • bills bills

    415 Posts


    New IIS7 Article: Building a Custom, Secure and Reduced Footprint Web Server

    Jun 09, 2006 01:14 AM|bills|LINK

    IIS6 and previous versions implemented most of the widely used server functionality inside the server itself. In contrast, IIS7 web server engine provides a modular architecture on top of which virtually all of the server features are provided as pluggable components. This enables tremendous improvements across the board, including but not limited to:

    • Ability to control exactly what set of features is loaded / used on the server, removing unneeded features to reduce the attack surface area / memory footprint of the server.
    • Ability to replace each feature with third party or custom implementations.
    • Ability to specialize the server based on its role in the server topology.
    • Advanced control over the feature set of the server, on a fine grain and application delegatable level.

    These server components, known as modules, are loaded during the initialization of the application pool worker process and provide request processing services on the server. Each IIS7 application is a combination of services provided by modules enabled for the application, and associated content used by these services. The server provides two major roles played by modules:

    • Providing request services, such as authentication or output caching. (similar to ISAPI filters in IIS6).
    • Providing request handling, such as static file handling, CGI, or ASP.NET page processing. (similar to ISAPI extensions in IIS6).

    By enabling different modules, the server can be configured to provide the services required by the applications on the server.

    Tasks illustrated in this walkthrough include:

    • Review the server configuration and the default and the set of modules loaded on the server by default.
    • Remove all modules to strip the server down to its minimal configuration, and examine the effect on footprint.
    • Build a custom server by incrementally adding modules to support a specific scenario.
    Bill Staples
    Product Unit Manager, IIS
    blog: http://blogs.iis.net/bills