Internet Information Services
| File:Internet Information Services 7 Console.png Screenshot of IIS 7's management console | |
| Developer(s) | Microsoft |
|---|---|
| Stable release | 7.5 / Unknown |
| Operating system | Microsoft Windows |
| Type | Server |
| License | Proprietary |
| Website | http://www.microsoft.com/iis |
Internet Information Services (IIS) - formerly called Internet Information Server - is a set of Internet-based services for servers created by Microsoft for use with Microsoft Windows. It is the world's second most popular web server in terms of overall websites behind the industry leader Apache HTTP Server. As of April 2009[update] it served 29.27% of all websites according to Netcraft.[1] The services provided currently include FTP, FTPS, SMTP, NNTP, and HTTP/HTTPS.
Versions
- IIS 1.0, Windows NT 3.51 available as a free add-on
- IIS 2.0, Windows NT 4.0
- IIS 3.0, Windows NT 4.0 Service Pack 3
- IIS 4.0, Windows NT 4.0 Option Pack
- IIS 5.0, Windows 2000
- IIS 5.1, Windows XP Professional, Windows XP Media Center Edition
- IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
- IIS 7.0, Windows Server 2008 and Windows Vista (Home Premium, Business, Enterprise, Ultimate Editions)
- IIS 7.5, Windows Server 2008 R2 and Windows 7
History
The first Microsoft webserver was a research project at European Microsoft Windows NT Academic Centre (EMWAC), part of the University of Edinburgh in Scotland, and was distributed as freeware.[2] However since the EMWAC server was unable to scale sufficiently to handle the volume of traffic going to microsoft.com, Microsoft was forced to develop its own webserver, IIS.[3]
IIS was initially released as an additional set of Internet-based services for Windows NT 3.51. IIS 2.0 followed, adding support for the Windows NT 4.0 operating system; and IIS 3.0 introduced the Active Server Pages dynamic scripting environment.[4]
IIS 4.0 dropped support for the Gopher protocol and was bundled with Windows NT as a separate "Option Pack".[citation needed]
The current shipping version of IIS is 7.5 for Windows 7 and Windows Server 2008 R2, 7.0 for Windows Vista and Windows Server 2008, 6.0 for Windows Server 2003 and Windows XP Professional x64 Edition, and IIS 5.1 for Windows XP Professional. Windows XP has a restricted version of IIS 5.1 that supports only 10 simultaneous connections and a single web site.[5] IIS 6.0 added support for IPv6. A FastCGI module is also available for IIS5.1, IIS6[6] and IIS7.[7]
IIS 7.0 is not installed by Windows Vista by default but it can be selected from the list of optional components. It is available in all editions of Windows Vista including Home Basic. IIS 7 on Vista does not limit the number of allowed connections as IIS on XP did but limits concurrent requests to 10 (Windows Vista Ultimate, Business, and Enterprise Editions) or 3 (Vista Home Premium). Additional requests are queued which hampers performance but they are not rejected as with XP.
IIS 7.0 (Windows Vista/2008) is much faster than IIS 5.1 (Windows XP) because it relies on the HTTP.SYS kernel driver.
Security
| This article may need to be updated. Please update this article to reflect recent events or newly available information, and remove this template when finished. Please see the talk page for more information. |
Earlier versions of IIS were hit with a number of vulnerabilities, chief among them CA-2001-19 which led to the infamous Code Red worm; however, both versions 6.0 and 7.0 currently have no reported issues with this specific vulnerability.[8][9] In IIS 6.0 Microsoft opted to change the behaviour of pre-installed ISAPI handlers,[10] many of which were culprits in the vulnerabilities of 4.0 and 5.0, thus reducing the attack surface of IIS. In addition, IIS 6.0 added a feature called "Web Service Extensions" that prevents IIS from launching any program without explicit permission by an administrator. With the current release IIS 7.0 the components are modularised so that only the required components have to be installed, thus further reducing the attack surface. In addition, security features are added such as URLFiltering which rejects suspicious URLs based on a user-defined rule set.
By default IIS 5.1 and lower run websites in-process under the SYSTEM account,[11] a default Windows account with 'superuser' rights. Under 6.0 all request handling processes have been brought under a Network Services account with significantly fewer privileges so that should there be a vulnerability in a feature or in custom code it won't necessarily compromise the entire system given the sandboxed environment these worker processes run in. IIS 6.0 also contained a new kernel HTTP stack (http.sys) with a stricter HTTP request parser and response cache for both static and dynamic content.
There are various built-in security features from Microsoft. Many companies offer third-party security tools and features, also known as "Web App Firewalls, or Web Application Firewalls." The advantage of such tools is that they offer much more comprehensive elements (such as easy-to-use GUI, etc.) that aid in protecting an IIS installation with an additional layer of protection at a higher level.
Authentication Mechanisms
IIS 5.0 and higher support the following authentication mechanisms:
- Basic access authentication
- Digest access authentication
- Integrated Windows Authentication
- .NET Passport Authentication (not supported in Windows Server 2008 and above)
Authentication changed slightly between IIS6 and IIS7, most notably in that the anonymous user which was named "IUSR_{machinename}" is a built-in account in Vista and future operating systems and named "IUSR". Notably, in IIS 7, each authentication mechanism is isolated into its own module and can be installed or uninstalled
See also
- Apache HTTP Server
- PWS
- List of FTP server software
- List of mail servers
- Comparison of web servers
- Metabase
- ASP.NET
- Windows Communication Foundation
References
- ↑ "Netcraft Web Server Survey, April 2009". http://news.netcraft.com/archives/2009/04/06/april_2009_web_server_survey.html. Retrieved 2009-04-13.
- ↑ "Windows NT Internet Servers". Microsoft. July 10, 2002. http://support.microsoft.com/kb/120734. Retrieved 2008-05-26.
- ↑ Dave Kramer (December 24, 1999). "A Brief History of Microsoft on the Web". Microsoft. http://www.microsoft.com/misc/features/features_flshbk.htm.
- ↑ "Microsoft ASP.NET 2.0 Next Stop on Microsoft Web Development Roadmap". http://www.directionsonmicrosoft.com/sample/DOMIS/update/2004/08aug/0804a2nsow.htm.
- ↑ "Internet Information Services 5.1". http://www.microsoft.com/windowsxp/evaluation/features/iis.mspx. Retrieved 2007-07-20.
- ↑ "FastCGI Extension for IIS6.0 and IIS5.1 - Go Live". http://www.iis.net/downloads/default.aspx?tabid=34&i=1521&g=6. Retrieved 2007-09-27.
- ↑ "FastCGI for IIS7". http://www.iis.net/downloads/default.aspx?tabid=34&i=1299&g=6. Retrieved 2007-09-27.
- ↑ "Vulnerability Report: Microsoft Internet Information Services (IIS) 6". http://secunia.com/advisories/product/1438/?task=statistics. Retrieved 2008-10-14.
- ↑ "Vulnerability Report: Microsoft Internet Information Services (IIS) 7". http://secunia.com/advisories/product/17543/?task=statistics. Retrieved 2008-10-14.
- ↑ "IIS Installs in a Locked-Down Mode (IIS 6.0)". MSDN. http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/54257c42-d723-4b12-badf-f4902c195821.mspx?mfr=true. Retrieved 2007-07-20.
- ↑ "HOW TO: Run Applications Not in the Context of the System Account in IIS#Default Installation". http://support.microsoft.com/kb/319067/. Retrieved 2007-07-20.
External links
- Microsoft Internet Information Services product page
- IIS.net - Microsoft Internet Information Services technical home page
- IIS 7.0 Technical Reference - Microsoft TechNet
- IIS Installation for XP - Microsoft
- Security Guidance for IIS - Microsoft TechNet
- Microsoft Web Platform Installer - IIS for Windows Vista RTM, Windows Vista SP1, Windows XP, Windows Server 2003, Windows Server 2008 and other web tools.
| ||||||||||||||||||||||||||||||||||||||||||||||
ar:خادمات معلومات الإنترنت bg:Internet Information Services ca:Internet Information Services da:Internet Information Services de:Microsoft Internet Information Services es:Internet Information Services fr:Internet Information Services ko:인터넷 정보 서비스 id:Internet Information Services it:Internet Information Services he:Internet Information Services hu:Internet Information Services ms:Internet Information Services nl:Internet Information Services ja:Internet Information Services pl:IIS pt:Internet Information Services ro:Internet Information Services ru:Internet Information Services sk:Internet Information Services fi:Internet Information Services sv:Internet Information Services th:อินเทอร์เน็ตอินฟอร์เมชันเซอร์วิสเซส tr:Internet Information Services uk:Internet Information Services zh:Internet Information Services
If you like SEOmastering Site, you can support it by - BTC: bc1qppjcl3c2cyjazy6lepmrv3fh6ke9mxs7zpfky0 , TRC20 and more...
- Pages using duplicate arguments in template calls
- Pages with broken file links
- Articles containing potentially dated statements from 2009
- Articles with invalid date parameter in template
- All articles containing potentially dated statements
- All articles with unsourced statements
- Articles with unsourced statements from September 2008
- Wikipedia articles in need of updating
- FTP server software
- Mail transfer agents
- Microsoft server technology
- Web server software
