What is IIS Web Server? - Web hosting in Kenya & Domain Names in Kenya

Last updated on April 4th, 2025 at 12:41 pm

Ever wondered what keeps thousands of websites running smoothly on Windows servers?

IIS Web Server is the powerful engine behind many websites you visit daily.

This Microsoft-created tool handles everything from simple web pages to complex applications.

But what exactly is IIS?

IIS (Internet Information Services) is a flexible web server from Microsoft that runs on Windows systems to serve HTML pages and files to users who request them through their browsers.

It works as the middleman between your website’s files and the people trying to access them online.

IIS doesn’t just display static content – it supports dynamic web applications through ASP.NET and other technologies.

If you’re running a Windows-based server environment, understanding IIS is essential for managing your web hosting needs.

It offers security features, performance optimization, and extensibility that make it a popular choice for businesses using Windows Server.

About IIS Architecture

IIS architecture forms the backbone of Microsoft’s web server technology.

It combines powerful components that work together to deliver web content, process requests, and manage web applications efficiently.

Components of IIS

IIS contains several key components that enable it to function as a robust web server.

At its core, IIS web server integrates with Windows Server to provide web hosting capabilities.

The main components include:

HTTP.sys – Handles HTTP requests at the kernel level
World Wide Web Service (WWW) – Manages web content delivery
Windows Process Activation Service (WAS) – Controls process activation and recycling

These components work together in a structured architecture that spans both kernel mode and user mode operations.

This separation provides better security and performance for web applications.

IIS architecture allows for significant customization through modules. You can add or remove functionality based on your specific needs.

HTTP.sys and Kernel Mode

HTTP.sys operates in the kernel mode layer of the IIS architecture.

This powerful component manages all incoming HTTP requests before they reach your applications.

IIS has two main layers – Kernel Mode and User Mode.

When a request arrives, HTTP.sys intercepts it first, handling critical functions:

Network request processing
Connection management
Request queuing
Caching responses
Basic URL routing

HTTP.sys significantly improves performance by handling these tasks at the kernel level. It filters requests before they reach application processes, adding a layer of security.

One major benefit of HTTP.sys is its ability to cache responses. This reduces the workload on worker processes and speeds up content delivery to users.

Worker Processes and Application Pools

Worker processes (w3wp.exe) execute in user mode and handle the actual processing of web requests.

They run your web applications and generate responses to send back to clients.

Application pools are one of IIS’s most powerful features. They let you isolate web applications from each other by running them in separate worker processes.

This provides several benefits:

Improved reliability – If one application crashes, others continue running
Better security – Applications can run under different identities
Resource management – You can allocate specific resources to critical applications

You can configure recycling settings for worker processes to automatically restart them at scheduled times or when they reach memory thresholds.

This helps maintain optimal performance.

Application pools can run in different .NET versions simultaneously on the same server.

This flexibility makes it easier to host multiple applications with different requirements.

Setting Up IIS Web Server

Setting up IIS Web Server involves installing the service, configuring it through Server Manager, and using IIS Manager to fine-tune your website settings.

This process transforms your Windows server into a fully functional web hosting platform with proper security and performance options.

Installation Process

To install IIS on your Windows server, you need to use the Server Manager utility.

Open Server Manager from the Start menu or taskbar.

Click on “Add roles and features” to start the installation wizard. This opens a step-by-step guide.

Select “Role-based or feature-based installation” and choose your server from the server pool.

When you reach the Server Roles page, check the box for “Web Server (IIS).”

You’ll see a popup asking to add required features – click “Add Features” to continue. The wizard will display various IIS role services to install.

For basic web hosting, the default options work well, but you can add extra components like ASP.NET modules if needed.

Click “Next” through the remaining screens and finally “Install” to begin installation.

The process takes a few minutes to complete.

Server Manager and Roles

After installation, Server Manager becomes your control center for managing IIS and other server roles.

The dashboard gives you an overview of all installed roles.

Click the “Tools” menu and select “Internet Information Services (IIS) Manager” to access detailed web server settings.

This is where most of your configuration work happens.

Server roles determine what your server can do. The Web Server (IIS) role contains several role services you can enable or disable:

Key IIS Role Services:

Web Server: Core HTTP functionality
Common HTTP Features: Static content, default documents
Health and Diagnostics: Logging, request monitoring
Security: Authentication methods, IP restrictions
Application Development: Support for .NET, PHP, etc.

You can modify these roles anytime by returning to the “Add Roles and Features” wizard in Server Manager. This flexibility lets you customize your web server based on your specific needs.

IIS Manager and the Configuration

IIS Manager is your main tool for configuring websites and applications. You can access it through Server Manager or by typing “inetmgr” in the Run dialog.

The interface shows a hierarchy with your server at the top, then sites, applications, and virtual directories below. Click on any level to see relevant settings in the center pane.

To create a new website, right-click on “Sites” in the left panel and select “Add Website.” You’ll need to provide:

Site name
Physical path (where your files are stored)
Binding information (IP address, port, and host name)

For security, set up Windows Authentication if you need to restrict access to specific users. Find this under the Authentication icon in the IIS section.

Configure application pools to isolate different websites from each other. This prevents problems in one site from affecting others.

Set up HTTPS by installing a certificate and configuring SSL bindings. This is essential for secure data transmission and improved search rankings.

IIS Manager also lets you manage handler mappings, MIME types, and compression settings to optimize your website’s performance.

Hosting Web Applications and Websites

IIS provides robust platform capabilities for hosting websites and web applications with flexibility and performance.

The server architecture supports various deployment options while maintaining strong security protections.

Hosting Models and Deployment

IIS offers multiple hosting models to fit different needs. You can host traditional websites, complex web applications, or microservices depending on your requirements.

For ASP.NET applications, IIS provides native integration with both the classic ASP.NET framework and modern ASP.NET Core applications.

When working with ASP.NET Core, you can use IIS as a reverse proxy in front of Kestrel for enhanced performance.

The deployment process is straightforward with features like Web Deploy and FTP publishing.

You can easily configure multiple websites on a single server using host headers, IP-based bindings, or different port numbers.

IIS supports HTTP/2 protocol, providing faster loading times through features like header compression and multiplexing connections.

This is particularly valuable for resource-intensive applications.

Virtual Directories and Application Development

Virtual directories in IIS let you organize content logically without matching the physical folder structure on your server. This creates flexible application structures.

You can establish application pools to isolate different websites and applications from each other. This design prevents one problematic application from affecting others running on the same server.

IIS integrates seamlessly with development tools like Visual Studio, allowing direct deployment and debugging.

The extensible platform supports various programming languages beyond ASP.NET, including PHP, Node.js, and others through extensions.

Application development benefits from IIS features like:

URL Rewriting – Clean, user-friendly URLs
Application Request Routing – Load balancing capabilities
WebSockets support – Real-time communications

Security Features and Access Control

IIS includes comprehensive security features to protect your websites and applications. Built-in authentication methods include Windows authentication, basic authentication, and client certificate mapping.

You can implement detailed authorization rules to control who accesses your content. IIS provides granular permissions at the site, application, and file levels.

IIS server security features help prevent common attacks like SQL injection and cross-site scripting through request filtering and input validation. The platform also monitors and blocks unauthorized access attempts automatically.

For enhanced security, IIS supports:

SSL/TLS certificate binding for encrypted communications
IP address and domain restrictions
Request filtering to block potentially harmful requests
Dynamic IP restrictions to prevent brute force attacks

Efficient caching mechanisms improve both performance and security by reducing server load and minimizing attack surfaces. You can configure output caching, kernel caching, and user-mode caching based on your requirements.

Performance Tuning and Optimization

Optimizing your IIS web server can dramatically improve website responsiveness and handle more concurrent users.

Key techniques focus on managing traffic flow, utilizing caching effectively, and implementing compression to reduce bandwidth usage.

Application Request Routing and Load Balancing

IIS Application Request Routing (ARR) helps distribute traffic across multiple servers to prevent overloading.

You can set up ARR as a reverse proxy to intelligently direct traffic to the most available servers.

To implement load balancing:

Install the ARR module through IIS Manager
Create server farms to group your web servers
Configure health checks to monitor server status
Set distribution algorithms (round robin, least connections, etc.)

ARR examines incoming HTTP requests and routes them based on rules you define.

For example, you might route API calls to specialized application servers while sending content requests to dedicated file servers.

The URL Rewrite module works with ARR to create powerful routing rules. This combination allows you to maintain high availability even if individual servers fail.

Caching Mechanisms and Static Content

Proper caching significantly reduces server load by storing frequently accessed content in memory.

IIS offers several caching options to boost performance.

You can optimize the HTTP.sys cache by:

Setting appropriate cache size limits based on server memory
Configuring cache expiration policies
Using kernel-mode caching for static files

For static content like images and CSS files, enable the IIS static content module. This bypasses application processing for these files, delivering them directly from the file system or cache.

Consider these key settings:

<caching>

  <profiles>

    <add extension=".jpg" policy="CacheUntilChange" />

    <add extension=".css" policy="CacheForTimePeriod" duration="01:00:00" />

  </profiles>

</caching>

Memory-based caching stores frequently accessed files directly in RAM, dramatically improving response times for popular content.

Output Caching and Compression

Output caching stores complete HTTP responses to avoid regenerating dynamic content repeatedly. This dramatically reduces processing overhead for frequently requested pages.

To implement output caching:

Enable the Output Caching feature in IIS Manager
Set appropriate cache durations for different content types
Configure cache profiles in your web.config file

HTTP compression reduces bandwidth requirements by compressing responses before sending them to clients. Enable both static and dynamic compression in IIS for optimal results.

You can fine-tune compression settings:

Static Compression Settings:

CPU usage threshold: 80%
Compression level: 7 (balanced between CPU usage and compression ratio)
Minimum file size: 2KB

Dynamic Compression Settings:

CPU usage threshold: 60%
Compression level: 4 (lower to reduce server load)
Cache directory size: 100MB

Monitoring compression ratios helps you validate your settings. Most websites see a 60-80% reduction in transfer sizes, resulting in faster page loads and reduced bandwidth costs.

Security and Compliance

Securing your IIS web server requires a multi-layered approach to protect against attacks while meeting important regulatory standards.

Proper security measures not only protect your data but also build trust with your users.

Protecting Against Vulnerabilities

IIS servers face numerous security threats that require proactive protection. Reducing the attack surface area is one of the most effective security strategies for your IIS implementation.

Start by keeping your IIS software updated with the latest patches. Microsoft regularly releases security updates that fix known vulnerabilities. Ignoring these updates leaves your server exposed to attacks.

Configure proper access controls and permissions. Give users only the access they need to perform their jobs—nothing more. This limits what an attacker can do if they compromise a user account.

Remove or disable unused features and modules. Each enabled component increases your attack surface. For example, if you don’t need WebDAV or FTP, disable them completely.

Use a web application firewall (WAF) to filter malicious traffic before it reaches your server. This adds an extra layer of protection against common attacks like SQL injection and cross-site scripting.

SSL/TLS and HTTPS

Implementing strong encryption is essential for protecting data transmitted between your server and users.

Modern IIS servers support the latest SSL/TLS protocols to secure communications.

Configure your IIS server to use HTTPS exclusively by:

Installing a trusted SSL certificate
Enforcing HTTPS through HTTP-to-HTTPS redirects
Implementing HTTP Strict Transport Security (HSTS)

Enable only secure cipher suites and disable outdated protocols like SSL 2.0, SSL 3.0, and TLS 1.0.

These older protocols contain known vulnerabilities that attackers can exploit.

Regularly test your SSL/TLS configuration using online tools to identify weaknesses. These tools check for issues like weak ciphers or protocol vulnerabilities that might compromise your security.

Remember to renew your SSL certificates before they expire to avoid service disruptions and security warnings that can alarm your users.

Regulatory Compliance

Your IIS web server must meet industry regulations if you handle sensitive data or operate in regulated industries.

Compliance requirements vary by industry and region.

For PCI DSS compliance (required for handling credit card information), you need to:

Maintain a secure network with firewalls
Encrypt cardholder data during transmission
Implement strong access controls
Regularly test security systems

HIPAA compliance for healthcare organizations demands:

Thorough access controls
Audit controls for tracking who accesses protected health information
Transmission security through encryption
Integrity controls to prevent unauthorized data modification

Document your security measures and perform regular compliance audits. Many regulations require proof that you’re following security best practices, not just claiming to do so.

Consider using IIS security templates and hardening guidelines from respected security organizations to ensure you haven’t missed important settings that could affect compliance.