Article

Home » Server-side Coding » Apache & IIS Configuration » Top 10 IIS Tips

Top 10 IIS Tips

Page: 1 2

Tip 3: Tune Your Server

Tuning IIS is no small topic -- whole books and courses are dedicated to it. But some good, basic help is available online, such as this piece from IIS guru Brett Hill, or this Knowledge Base article from Microsoft itself. However, if you don't feel like getting your hands dirty -- or can't afford the time and expense of turning yourself into an expert -- take a look at XTune, from the makers of XCache. Its performance-tuning wizards step you through the process of tuning your IIS environment, and make expert recommendations along the way.

Tip 2: Secure Your Server with Simple Fixes

Sure people are going to attack sites, but you don't have to be a sitting duck if you're willing to make even a small effort.

First off, don't advertise the fact that you run IIS by showing your HTTP server header. Remove or replace it using something like ServerMask -- probably the best twenty-five bucks you'll ever spend. You can go further than this by removing unnecessary file extensions to more effectively camouflage your server environment, and scanning request URLs for signs of exploits.

There are number of commercial products that carry out user input scanning, and Microsoft offers a free tool called URLScan that does the job. URLScan runs in conjunction with IISLockDown, a standard security package that should probably be installed on every IIS server on the planet. These are simple fixes that can pay off big-time, so implement them now!

Tip 1: Patch, Patch, Patch!

Okay, we in the IIS world do have to patch our systems and make hotfixes. However, as a former Solaris admin I had to do the same thing there, so I'm not sure why this is a big surprise. You really need to keep up with the patches. Microsoft is of course the definitive source, but if you can also use the highly-regarded www.cert.org. Simply search on "IIS".

Well there you have it: 10 tips for IIS admins to improve their servers. Some of the tips might become obsolete once IIS 6 is gold, but, for now at least, W2K and NT IIS admins should apply a few of these today and sleep a little better at night.

If you liked this article, share the love:
Print-Friendly Version Suggest an Article

Rate This Article

  • 1
    Poor
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
    Great

Post A Comment

You need to be a member of the SitePoint Forums to comment on this post. Sign Up

Already a member? Post using your SitePoint Forums account:

Topics

SitePoint Jobs

ยป We're Hiring!

SitePoint Newsletters

Get all the latest tips on Advanced Design and Layout by signing up to all of SitePoint’s informative newsletters.

HTML   Plain


View Our Privacy Policy
Sample Our Newsletter Archives

Related Forum Discussions

Related Forum: Server Management

  1. Open Source CPanel
  2. How to make some pages of the site to be in SSL
  3. Protected Log Files
  4. Firewall Recommendations
  5. Monitor process