Securing and managing Microsoft IIS

The Right Tools

Activating and Configuring Logging

In addition to tracking failed requests, you can also log normal IIS operations through the Logging item on the IIS Manager home page. Logging can be enabled for individual pages and applications separately in the Actions area of the console. By default, logging is enabled for the server itself and for websites.

Logfiles can be saved in any folder. By default, the files end up in the \inetpub\logs\LogFiles folder. In the first selection field, you need to specify in the listbox whether you want to create a logfile for each web page or a file for the entire server. Various logfile formats are available; however, you should leave logfile encoding set to UTF 8. Logfile formats include:

  • W3C (default): These logfiles are stored as text; the Select Fields button lets you specify what should be logged in the file. The individual fields are separated by spaces.
  • IIS: This selection also saves the logfiles in text format; however, the comma-separated individual fields are fixed and therefore cannot be adjusted.
  • NCSA (National Center for Supercomputing Applications): Here, too, the fields are fixed, and less information is logged than with the other protocol methods.

In this window, you also specify when new logfiles should be created – according to a certain schedule (hourly, daily, weekly, or monthly), according to a certain size, or not at all. The selection depends on, among other things, the number of visitors to the server. If you do not check the Use local time for file naming and rollover option, UTC (world time) is used by default.

Optimizing Server Performance

Compression can improve server response times and save bandwidth when transmitting web pages. You can manage compression with the feature of the same name in IIS Manager. Some settings are only available at the server level. However, many settings can also be made at the website and application levels, so each application uses its own settings for compression. Enabling compression will increase the load on the server hardware.

Parts of the websites can be made available in the web server's cache, so retrieving these parts does not expose the server to load. You can use the Output Caching feature in IIS Manager to manage this feature. The cache is enabled by default, and you can set limits in the settings; however, the cache is only useful in production after you have defined rules to determine which data you want the server to cache.

Remote IIS Management

In PowerShell and Windows Admin Center, you can access a server running IIS over the network. Although this is also possible with IIS Manager, it is far more complicated to configure and use. For example, to open a connection, use:

Enter-PSSession -ComputerName <Servername>

Get-Website displays the websites on the server, including the bindings and all settings. You can see the individual bindings by typing Get-WebBinding , which lets you check which websites are available on a server and which bindings are in use. From this information, you can also add bindings to websites (e.g., for the use of SSL). To create a new binding, for example, to enable SSL for a site, enter:

New-WebBinding -Name '<Site name>' -IPAddress * -Port 443 -Protocol https

The two Get- commands mentioned earlier then show the successful binding (Figure 5). In PowerShell, you can also output the bindings specifically for a website,

(Get-Website -Name '<Default Website>').bindings.Collection

as shown in Figure 5.

Figure 5: You can issue and assign self-signed certificates in PowerShell.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus