IIS Knowledge Base Guide¶

Category: IIS Administration Tags: IIS, Windows, Web Server, Configuration, Best Practices, Knowledge Base

Why Install IIS on F: Drive Instead of C:¶

Performance Benefits - Separates web content from system drive to reduce I/O contention - F: drive is typically larger storage dedicated to data - C: drive reserved for operating system files

Management Advantages - Easier backup strategies - web content isolated from system files - Better security through application separation - Corporate policies often mandate separating applications from OS - Storage management - prevents web logs from filling system drive

IIS Manager vs Log Files¶

IIS Manager¶

What it is: Graphical management console for configuring IIS - Configure websites, application pools, virtual directories - Set authentication, SSL certificates, URL rewriting rules - Monitor real-time performance and active connections - Location: %windir%\system32\inetsrv\InetMgr.exe

IIS Log Files¶

What they are: Automatically generated records of all web requests - Default location: C:\inetpub\logs\LogFiles\W3SVC1\ - Contains request details, response codes, timestamps, IP addresses - Used for traffic analysis, troubleshooting, security monitoring, compliance

W3C Log Format - Why Use It?¶

Industry Standard - W3C Extended Log Format is universally recognized - Compatible with most log analysis tools (LogParser, AWStats, Webalizer)

Customizable and Efficient - Choose which fields to log (date, IP, status codes, user agents, etc.) - Only logs necessary data, reducing file size and storage costs - Well-structured format enables automated parsing and analysis

Tool Integration - Works seamlessly with Microsoft LogParser - Supports third-party analytics and monitoring solutions - Easy to import into databases and reporting tools

IIS Server Configuration Options¶

.NET Authorization¶

Purpose: Controls access to .NET applications and resources

What it manages: - Authentication methods (Windows Authentication, Forms Authentication, Anonymous) - Authorization rules for specific users and roles - Access control for pages, directories, or application methods - Integration with ASP.NET membership providers and Active Directory

.NET Compilation¶

Purpose: Defines how ASP.NET code is compiled and executed

Key settings: - Debug vs Release mode: Debug includes debugging symbols, Release is optimized for performance - Target Framework: Specifies .NET version (.NET Framework 4.8, .NET Core, etc.) - Compilation options: Batch compilation settings for better performance - Temporary files: Manages compiled assemblies in temporary ASP.NET files directory

.NET Error Pages¶

Purpose: Controls how application errors are displayed to users

Configuration options: - Custom error pages: Display user-friendly pages instead of technical stack traces - Error modes: - On - Always show custom errors - Off - Always show detailed errors (development only) - RemoteOnly - Show custom errors to remote users, detailed to local users - Default redirects: Specify custom pages for 404 (not found) and 500 (server error) responses - Security benefit: Prevents sensitive application information from being exposed to end users

MIME Types¶

Purpose: Tells web browsers how to handle different file types

How it works: - File associations: Maps file extensions to content types - .pdf → application/pdf - .jpg → image/jpeg - .json → application/json - Browser behavior: Determines whether file is displayed in browser or downloaded - Content handling: Controls streaming, caching, and compression settings - Security: Prevents execution of unknown or potentially dangerous file types

Common MIME types: - text/html - HTML web pages - text/css - Cascading Style Sheets - application/javascript - JavaScript files - image/png - PNG image files - application/json - JSON data responses - application/octet-stream - Generic binary files (forces download)

Quick Reference¶

Default Log Location: C:\inetpub\logs\LogFiles\W3SVC1\

IIS Manager Path: %windir%\system32\inetsrv\InetMgr.exe

Log File Naming: ex[YYMMDD].log (example: ex241201.log for December 1, 2024)

Key Log Fields: - date time - When request occurred - c-ip - Client IP address - cs-method - HTTP method (GET, POST, etc.) - cs-uri-stem - Requested URL path - sc-status - HTTP response code - time-taken - Processing time in milliseconds