10 Tips for Making the Most of Your IIS
By Matt J. Foley Defending IIS to the Apache crowd can be a daunting prospect. Matt Foley, a former Solaris sys admin and current Windows fan, defends IIS and outlines 10 ways to make it as functional, secure, and easy to administer as Apache.
As an IIS administrator, it sometimes gets downright annoying having to fend off all of the insults from the Apache admins I meet who claim innate server superiority. Generally, the discussion about Web administration starts with all the various security holes plaguing IIS and the negative press the platform garnered during the past year. Then, it invariably moves to a discussion about how Netcraft and other stats sites show Apache as the dominant server on the Web, or how a certain big site uses Apache, or how there are so many cool modules to add to Apache.
Pointing out that scads of non-identified corporate in-house servers run IIS, or that it too is a free server (since it comes with the operating system), or that there are in fact plenty of cool add-ons for IIS (including many that provide source code) does little to dissuade these server chauvinists of their opinion.
But rather than whining about rude Apache admins, I thought a more useful response would be to simply write down some of the ways I've found to improve IIS. So without further delay here are my Top 10 tips for making the most of your IIS.
Tip 10: Customize Your Error Pages
Although this is quite simple to do, few people seem to take advantage of it. Just select the "Custom Errors" tab in MMC and map each error, such as 404, to the appropriate HTML or ASP template. Full details can be found here. If you want an even easier solution -- or if you want to let developers handle the mapping without giving them access to the MMC -- use a product like CustomError.
Tip 9: Dive Into the MetaBase
If you think Apache is powerful because it has a config file, then take a look at the MetaBase. You can do just about anything you want with IIS by editing the MetaBase. For example, you can create virtual directories and servers; stop, start, and pause Web sites; and create, delete, enable, and disable applications.
Microsoft provides a GUI utility called MetaEdit, which is somewhat similar to RegEdit, to help you read from and write to the MetaBase. Download the latest version here.
But to really impress those Unix admins -- and to take full advantage of the MetaBase by learning how to manipulate it programmatically -- you'll want to try out the command-line interface, officially called the IIS Administration Script Utility. Its short name is adsutil.vbs, and you'll find it in C:\inetpub\adminscripts or in %SystemRoot%\system32\inetsrv\adminsamples, along with a host of other useful administrative scripts.
A word of caution though: Like Apache conf files, the MetaBase is crucial to the functioning of your Web server, so don't ruin it. Back it up first.
Tip 8: Add Spell Checking to Your URLs
Apache folks always brag about the cool little tricks of which Apache is capable -- especially because of the wealth of modules that can extend the server's basic functionality. One of the coolest of these is the capability to fix URL typos using a module called mod_speling. A recent product offering from Port80 Software now makes it possible for IIS admins to do this trick too, using an ISAPI filter called URLSpellCheck. You can check it out on Port80's site by trying URLs like www.urlspellcheck.com/fak.htm, www.urlspellcheck.com/faq1.htm -- or any other simple typo you care to make.
Tip 7: Rewrite Your URLs
Cleaning your URLs has all sorts of benefits -- it can improve the security of your site, ease migration woes, and provide an extra layer of abstraction to your Web applications. Moving from a ColdFusion- to an ASP-based site, for example, is no big deal if you can remap the URLs. Apache users have long bragged about the huge power of mod_rewrite -- the standard Apache module for URL rewriting. Well, there are now literally a dozen versions of this type of product for IIS, and many of them are quite a bit easier to use than mod_rewrite, which tends to presume familiarity with regular expression arcana. Check out, for example, IIS ReWrite or ISAPI ReWrite.
Tip 6: Add Browser Detection