Customizing IIS 7.0 Roles and Modules

Artigo
01/20/2011

This article describes the specific Microsoft® Windows Server™ 2008 roles, role services, features and the associated Internet Information Services (IIS) version 7.0 modules that are required to run www.microsoft.com Web servers. It then demonstrates how the Microsoft.com Engineering Operations (MSCOM Ops) team installs the role services it requires by using the ServerManagerCmd.exe command line tool. It also demonstrates how to view and modify related applicationHost.config settings by using the appcmd.exe command line tool.

One of exciting new features in IIS 7.0 is the modular architecture that enables server administrators to customize exactly which features are installed on their Web servers. By installing only the features you need to run your site, you reduce the server footprint, thereby optimizing performance and increasing security. There are over 40 modules, each containing a specific set of features that you can independently install.

One of strengths of the new modular architecture is that you can extend the base IIS 7.0 functionality by creating custom modules to meet the requirements of your site. For example, when the MSCOM Ops team moved to a hardware load balancing solution, we lost the ability to track unique client IP (c-ip) information in our IIS logs. To work around this problem, we created a custom module that passes the client IPs from our hardware load balancer into each of our Web server IIS logs.

Installing Windows Server 2008 Role Services

Windows Server 2008 refers to the primary function of a server as a server role and the associated functional components that you install as role services. File server and Web server are examples of server roles. The role services that the MSCOM Ops Team installs on a Web server include static content and ASP.NET.

MSCOM Ops installs the Web Server (Web-Server) component on the www.microsoft.com site. Additionally, we install many of the other role services that are described in Tables 1 through 7.

Table 1 describes commonly used HTTP features, such as enabling static content (HTML, .jpeg files, and so on) or default documents.

Table 1. Common HTTP Features (Web-Common-Http Component)

Role Service	MSCOM installed	Component	applicationHost.config section	Module	Description
Static Content	Yes	Web-Static-Content	<system.webServer> <staticContent>	StaticFileModule (static.dll)	Static content (such as .html, .css and .jpeg files) can be served by the Web server if this feature is enabled.
Default Document	Yes	Web-Default-Doc	<system.webServer> <defaultDocument>	DefaultDocumentModule (defdoc.dll)	Allows users to be seamlessly directed to the default document defined for the Web site when they visit www.site.com, but do not provide a default document (such as default.aspx).
Directory Browsing	Yes	Web-Dir-Browsing	<system.webServer> <directoryBrowse>	DirectoryListingModule (dirlist.dll)	Lists the contents of a directory.
HTTP Errors	Yes	Web-Http-Errors	<system.webServer> <httpErrors>	CustomErrorModule (custerr.dll)	Allows error messages sent to a visitor’s browser to be customized and for the server administrator to view the new detailed errors on the local Web server.
HTTP Redirection	Yes	Web-Http-Redirect	<system.webServer> <httpRedirect>	HttpRedirectionModule (redirect.dll)	Allows hosted customers to redirect requests for one URL to another URL.

Table 2 describes application development features, which allow applications (such as ASP.NET) to run on the server.

Table 2. Application Development Features (Web-App-Development Component)

Role Service	MSCOM installed	Component	applicationHost.config section	Module	Description
ASP.NET	Yes	Web-Asp-Net	Not applicable	Not applicable	ASP.NET ISAPI and modules for managed code applications (.aspx pages).
.NET Extensibility	Yes	Web-Net-Ext	Not applicable	Not applicable	Infrastructure required for ASP.NET. Allows developers to change and extend Web server functionality in the new request pipeline.
ASP	Yes	Web-ASP	<system.webServer> <asp>	IsapiModule (isapi.dll)	Required if customers use classic ASP applications.
CGI	No	Web-CGI	<system.webServer> <cgi>	CgiModule (cgi.dll)	Required for CGI applications (such as PHP) so that they can use the new FastCGI component.
ISAPI Extensions	Yes	Web-ISAPI-Ext	Not applicable	Not applicable	Required for ASP.NET and other ISAPI extensions.
ISAPI Filters	Yes	Web-ISAPI-Filter	<system.webServer> <isapiFilters>	IsapiFilterModule (filter.dll)	Required for the ASP.NET 1.1 ISAPI filter.
Server Side Includes	No	Web-Includes	<system.webServer> <serverSideInclude>	ServerSideInclude Module (iis_ssi.dll)	Processes server-side includes code.

Table 3 describes health and diagnostics features, which provide the infrastructure for monitoring and troubleshooting the health of the Web server and sites.

Table 3. Health and Diagnostics Features (Web-Health Component)

Role Service	MSCOM installed	Component	applicationHost.config section	Module	Description
HTTP Logging	Yes	Web-Http-Logging	<system.webServer> <httpLogging>	HttpLoggingModule (loghttp.dll)	Allows logging of Web site activity or traffic.
Logging tools	Yes	Web-Log-Libraries	Not applicable	Not applicable	IIS Logging tools
Request Monitor	Yes	Web-Request-Monitor	<system.webServer> <RequestMonitorModule>	RequestMonitorModule (iisreqs.dll)	Allows requests to be monitored as they occur. This feature can be used to determine why a worker process is unresponsive or slow.
Tracing	Yes	Web-Http-Tracing	<system.webServer> <tracing> <traceFailedRequests> <system.webServer> <tracing> <traceProvider Definitions>	FailedRequestsTracing Module (iisfreb.dll)	Infrastructure for diagnosing problems by using Event Tracing in Windows and Failed Request Tracing.
Custom Logging	No	Web-Custom-Logging	<system.webServer> <CustomLoggingModule>	CustomLoggingModule (logcust.dll)	Loads custom logging modules.

Table 4 describes security features, which provide the infrastructure for securing requests and filtering incoming requests based on security rules.

Table 4. Security Features (Web-Security Component)

Role Service	MSCOM installed	Component	applicationHost.config section	Module	Description
Basic Authentication	No	Web-Basic-Auth	<system.webServer> <security> <basicAuthentication>	BasicAuthentication Module (authbas.dll)	Requires a user ID and password, and provides a low level of security. User credentials are sent in clear text across the network.
Windows Authentication	No	Web-Windows-Auth	<system.webServer> <security> <windows Authentication>	WindowsAuthentication Module) (authsspi.dll)	Sends user authentication information over the network as a Kerberos ticket, and provides a high level of security.
Digest Authentication	No	Web-Digest-Auth	<system.webServer> <security> <digestAuthentication>	DigestAuthentication Module (authmd5.dll)	Requires a user ID and password, provides a medium level of security, and may be used when you want to grant access to secure information from public networks.
Client Certificate Mapping Authentication	No	Web-Client-Auth	<system.web> <Serversecurity> <authentication> <clientCertificate Mapping Authentication>	CertificateMapping AuthenticationModule (authcert.dll)	Performs Certificate Mapping authentication using Active Directory.
IIS Client Certificate Mapping Authentication	No	Web-Cert-Auth	<system.web> <Serversecurity> <authentication> <iisClientCertificate Mapping Authentication>	IISCertificateMapping AuthenticationModule (authmap.dll)	Performs Certificate Mapping authentication using IIS certificate configuration.
URL Authorization	No	Web-Url-Auth	<system.webServer> <security> <authorization>	UrlAuthorizationModule (urlauthz.dll)	Allows users to create rules that restrict access to content.
Request Filtering	Yes	Web-Filtering	<system.webServer> <security> <RequestFiltering>	RequestFilteringModule (modrqflt.dll)	URLscan replacement in applicationHost.config. Screens incoming requests based on rules sets.
IP and Domain Restrictions	No	Web-IP-Security	<system.webServer> <ipSecurity>	IpRestrictionModule (iprestr.dll)	Allows IIS to restrict access by IP and or Domain.

Table 5 describes performance features, which help improve Web server performance.

Table 5. Performance Features (Web-Performance Component)

Role Service	MSCOM installed	Component	applicationHost.config section	Module	Description
Static Content Compression	Yes	Web-Stat-Compression	<system.webServer> <httpCompression>	StaticCompression Module (compstat.dll)	Allows static content to be compressed and unlike dynamic responses, compressed static responses can be cached without degrading CPU resources.
Dynamic Content Compression	Yes	Web-Dyn-Compression	<system.webServer> <httpCompression>	DynamicCompression Module (compdyn.dll)	Allows dynamic compression, using bandwidth more efficiently, but may add a CPU load.

Table 6 describes management tool features, which provide IIS management-level capabilities.

Table 6. Management Tool Features (Web-Mgmt-Tools Component)

Role Service	MSCOM installed	Component	applicationHost.config section	Module	Description
IIS Management Console	Yes	Web-Mgmt-Console	Not applicable	Not applicable	Required for locally managing IIS 7.0. Provides a user interface for server management.
IIS Management Scripts and Tools	Yes	Web-Scripting-Tools	Not applicable	Not applicable	Required for scripting tasks. Allows programmatic management of the server using scripts.
Management Service	Yes	Web-Mgmt-Service	Not applicable	Not applicable	Required for remote management of IIS 7.0, and to allow delegated users to administer their sites using a remote management tool.
IIS 6.0 Management Compatibility	Yes	Web-Mgmt-Compat	Not applicable	Not applicable	Do not install unless compatibility with features, services, scripts and management tools for IIS 6.0 is required.
IIS 6 Metabase Compatibility	Yes	Web-Metabase	<system.applicationHost> <CustomMetadata>	Not applicable	Required for Microsoft SharePoint Services 3.0, ASP.NET 1.1, SMTP service and other features that require backwards capability with the metabase. Provides compatibility for scripts based on IIS 6.0 interfaces for ADSI (Active Directory Service Interface) and ABO (Admin Base Object).
IIS 6.0 WMI Compatibility	Yes	Web-WMI	Not applicable	Not applicable	Compatibility with WMI scripting
IIS 6.0 Scripting Tools	Yes	Web-Lgcy-Scripting	Not applicable	Not applicable	Compatibility layer required to run existing applications and scripts that use ABO or ADSI
IIS 6.0 Management Console	Yes	Web-Lgcy-Mgmt-Console	Not applicable	Not applicable	Compatibility layer required for IIS 6.0 Management Console

Table 7 describes FTP publishing service features, which provide FTP functionality.

Table 7. FTP Publishing Service Features (Web-Ftp-Publishing Component)

Role Service	MSCOM installed	Component	applicationHost.config section	Module	Description
FTP Server	No	Web-Ftp-Server	<system.ftpServer>	Not applicable	Only needed if users upload using FTP. Note: This table refers to the built-in, legacy FTP server. It is highly recommended that you download and install the new FTP7.
FTP Management Console	No	Web-Ftp-Mgmt-Console	Not applicable	Not applicable	Only needed if users upload using FTP.

Roles versus Features

Roles are the primary functions of the server (Web server, File Server, and so on). Role services are the functional components that you customize to support the functionality of your server (Static Web server, ASP.NET support, and so on).

Features are different from roles in that they are support or enhance the functionality of the server (NLB, .NET Framework, SMTP, and so on).

Installing IIS 7.0 Components

As previously mentioned, you can customize how your server functions by installing only the components required for your Web server to run correctly. Each of these components is associated with a task-specific workload. Table 8 illustrates two examples of workloads associated with IIS 7.0, the components that comprise the workload, and roles, role services, and features that are enabled by installing the associated components.

Table 8. IIS 7.0 Examples of IIS 7.0 workloads, components, and related role services

Workload	Component	Role Services
Web server role	Web-Server	Static Content, Default Document, Directory Browsing, HTTP Errors, HTTP Logging, Logging Tools, Request Monitor, Request Filtering, Static Content Compression, IIS Management Console
ASP.NET role	Web-Server Web-ASP-Net Web-Net-Ext Web-Filtering Web-ISAPI-Filter Web-ISAPI-Ext	Static Content, Default Document, Directory Browsing, HTTP Errors, HTTP Logging, Logging Tools, Request Monitor, Request Filtering, Static Content Compression, IIS Management Console, ASP.NET, NET Extensibility, ISAPI Filters, ISAPI Extensions

We only install the components (roles, role services and features) that are required to run the Microsoft.com Web sites. There are several ways to install and configure IIS 7.0 on your server. You can use IIS Manager, or command line tools such as ServerManagerCmd.exe, which is included with Windows Server 2008.

We use the new ServerManagerCmd.exe command line tool to install specific IIS 7.0 components on our servers. ServerManagerCmd.exe also has a query option that you can use to list which components are currently installed.

This section contains examples that demonstrate how to use ServerManagerCmd.exe switches that are required to install specific role services. These examples demonstrate how to:

1. Install Web server role services.

2. Install ASP.NET role services.

3. Install www.microsoft.com-required role services.

4. Validate the role features that are installed on your server.

ServerManagerCmd.exe is installed in the C:\Windows\System32 folder by default, but is not added to the system Path environment variable. It is assumed that you have used the command prompt to navigate to this folder, or that you have added a reference to this folder to the Path environment variable, prior to using the following examples.

If your server only serves static content as described for the Web workload in Table 8, you can use the ServerManagerCmd.exe Install command in the following example to install the associated role services.

To install Web server role services by using ServerManagerCmd.exe

At the command prompt, type

ServerManagerCmd –install Web-Server

and press Enter.

Similarly, if your site requires support of ASP.NET content as described for the ASP.NET workload in Table 8, you can use the ServerManagerCmd.exe Install command in the following example to install the associated role services.

To install ASP.NET role services by using ServerManagerCmd.exe

At the command prompt, type

ServerManagerCmd –install Web-Server;Web-ASP-Net;Web-Net-Ext;Web-Filtering;Web-ISAPI-Filter;Web-ISAPI-Ext

and press Enter.

The MSCOM Ops team uses ServerManagerCmd.exe to install all of the role services we require by using a single command. The following example demonstrates the ServerManagerCmd.exe command line syntax we use to configure our servers.

To install www.microsoft.com-required role services by using ServerManagerCmd.exe

At the command prompt, type

ServerManagerCmd -install Web-Server Web-Common-Http Web-Http-Redirect Web-Asp-Net Web-Net-Ext Web-ASP Web-ISAPI-Ext Web-ISAPI-Filter Web-Http-Logging Web-Log-Libraries Web-Request-Monitor Web-Http-Tracing Web-Filtering Web-Stat-Compression Web-Dyn-Compression Web-Mgmt-Console Web-Scripting-Tools Web-Mgmt-Service Web-Mgmt-Compat WAS

and press Enter.

After you run the install command, you can validate which components are installed on your server, as illustrated in the following example.

To validate the role features that are installed on your server

At the command prompt, type

ServerManagerCmd –query

and press Enter.

ServerManagerCmd.exe returns the following output:

[X] Web Server (IIS) [Web-Server]

[X] Web Server [Web-WebServer]

[X] Common HTTP Features [Web-Common-Http]

[X] Static Content [Web-Static-Content]

[X] Default Document [Web-Default-Doc]

[X] Directory Browsing [Web-Dir-Browsing]

[X] HTTP Errors [Web-Http-Errors]

[X] HTTP Redirection [Web-Http-Redirect]

[X] Application Development [Web-App-Dev]

[X] ASP.NET [Web-Asp-Net]

[X] .NET Extensibility [Web-Net-Ext]

[X] ASP [Web-ASP]

[ ] CGI [Web-CGI]

[X] ISAPI Extensions [Web-ISAPI-Ext]

[X] ISAPI Filters [Web-ISAPI-Filter]

[ ] Server Side Includes [Web-Includes]

[X] Health and Diagnostics [Web-Health]

[X] HTTP Logging [Web-Http-Logging]

[X] Logging Tools [Web-Log-Libraries]

[X] Request Monitor [Web-Request-Monitor]

[X] Tracing [Web-Http-Tracing]

[ ] Custom Logging [Web-Custom-Logging]

[ ] ODBC Logging [Web-ODBC-Logging]

[X] Security [Web-Security]

[ ] Basic Authentication [Web-Basic-Auth]

[ ] Windows Authentication [Web-Windows-Auth]

[ ] Digest Authentication [Web-Digest-Auth]

[ ] Client Certificate Mapping Authentication [Web-Client-Auth]

[ ] IIS Client Certificate Mapping Authentication [Web-Cert-Auth]

[ ] URL Authorization [Web-Url-Auth]

[X] Request Filtering [Web-Filtering]

[ ] IP and Domain Restrictions [Web-IP-Security]

[X] Performance [Web-Performance]

[X] Static Content Compression [Web-Stat-Compression]

[X] Dynamic Content Compression [Web-Dyn-Compression]

[X] Management Tools [Web-Mgmt-Tools]

[X] IIS Management Console [Web-Mgmt-Console]

[X] IIS Management Scripts and Tools [Web-Scripting-Tools]

[X] Management Service [Web-Mgmt-Service]

[X] IIS 6 Management Compatibility [Web-Mgmt-Compat]

[X] IIS 6 Metabase Compatibility [Web-Metabase]

[X] IIS 6 WMI Compatibility [Web-WMI]

[X] IIS 6 Scripting Tools [Web-Lgcy-Scripting]

[X] IIS 6 Management Console [Web-Lgcy-Mgmt-Console]

[ ] FTP Publishing Service [Web-Ftp-Publishing]

[ ] FTP Server [Web-Ftp-Server]

[ ] FTP Management Console [Web-Ftp-Mgmt-Console]

For more information about how to use the ServerManagerCmd.exe command line tool, see “Server Manager Technical Overview Appendix”.

Configuring IIS 7.0 Modules

After you have installed the roles, roles services, and features required for your site to run correctly, you must configure the associated modules. Modules are individual components that the server uses to process requests. For example, IIS 7.0 uses the Static Content Compression (StaticCompressionModule) and Dynamic Content Compression (DynamicCompressionModule) modules to compress content to clients, and http cache module (HttpCacheModule ) to manage cache activity.

You can create and configure IIS Modules by:

· Manually editing applicationHost.config.

· Using the appcmd.exe command line tool.

· Using IIS Manager.

This section contains examples that demonstrate how to create and configure modules by using appcmd.exe. These examples demonstrate how to:

1. List all installed modules and their associated processes.

2. List the configuration of a specific module.

3. Display a list of Set command actions.

4. Add a new default document to a site.

5. Remove a default document from a site.

The appcmd.exe command line tool is installed in the %windir%\system32\inetsrv folder by default. It is assumed that you have used the command prompt to navigate to this folder, or that you have added a reference to this folder to the Path environment variable, prior to using the following examples.

The following example returns a list of installed global modules and their associated processes that are installed on the server.

To list installed modules by using appcmd.exe

At the command prompt, type

appcmd list config "www.microsoft.com" -section:globalmodules

and press Enter.

The global modules and their associated processes appear in applicationHost.config as follows:

<system.webServer>

</globalModules>

</system.webServer>

You can also list the configuration for a module that is located in applicationHost.config. The following example demonstrates how to list the configuration of the <DefaultDocument> section:

To list the configuration of a specific module by using appcmd.exe

At the command prompt, type

appcmd list config "www.microsoft.com" -section:defaultDocument

and press Enter.

The results of the query appear in applicationHost.config as follows:

<system.webServer>

<files>

</files>

</defaultDocument>

</system.webServer>

If you want to modify the configuration of the <DefaultDocument> section, you can use the appcmd.exe Set command. The following example demonstrates how to display a complete list of the actions you can perform by using the Set command with /? switch.

To display a list of Set command actions by using appcmd.exe

At the command prompt, type

appcmd set config "www.microsoft.com" -section:defaultDocument /?-files.[value='string'].value

and press Enter.

The following example demonstrates how we modify the configuration of the <DefaultDocument> section by using appcmd.exe Set command to add a new default document to our site.

To add a new default document by using appcmd.exe

At the command prompt, type

appcmd set config "www.microsoft.com" -section:defaultDocument /+files.[value='newDefault.aspx']

and press Enter.

The new default document setting appears with other default document settings in applicationHost.config as follows:

<system.webServer>

<files>

</files>

</defaultDocument>

</system.webServer>

You can also remove a default document from the list by using the previous example, and by changing the -files.[value=’string’] switch.

To remove a default document by using appcmd.exe

At the command prompt, type

appcmd set config "www.microsoft.com" -section:defaultDocument /-files.[value='newDefault.aspx']

and press Enter.

This change is reflected in applicationHost.config as follows:

<system.webServer>

<files>

</files>

</defaultDocument>

</system.webServer>

For more information about how to use the appcmd.exe command line tool, see “Getting Started with AppCmd.exe”.

Summary

In this article, we described the specific Windows Server 2008 roles, role services, features and the associated IIS 7.0 modules that are required to run www.microsoft.com Web servers. We then demonstrated how the Microsoft.com Engineering Operations team installs the role services it requires by using the ServerManagerCmd.exe command line tool. We also demonstrated how to view and modify related applicationHost.config settings by using the appcmd.exe command line tool.

Compartilhar via

Customizing IIS 7.0 Roles and Modules

Installing Windows Server 2008 Role Services

Roles versus Features

Installing IIS 7.0 Components

Configuring IIS 7.0 Modules

Summary

Recursos adicionais