IIS and ModSecurity

  • Mike O’Leary


Microsoft Internet Information Services (IIS) is a web server available on all versions of Windows Server, as well as on the various Windows desktop systems. It is considered a server role, and is installed using the roles and features components on Windows Server. As a web server, IIS can run multiple web sites on multiple ports using multiple protocols. It can also be managed locally or remotely through the graphical tool IIS Manager. Configuration information is stored in .xml configuration files, which can be manipulated with command-line tools. Access to IIS web sites can be controlled in a number of ways, including filtering by properties of the client or the request. Authentication of remote clients can be done via HTTP basic authentication, but can also take place using Windows authentication methods. Web sites can be protected by SSL, using either self-signed certificates, certificates signed by a local signing server, or by a commercial CA. Customizable logging to plain text log files is provided, and PowerShell can be used to parse these logs.


Configuration File Server Certificate Basic Authentication User Access Control Action Pane 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Copyright information

© Mike O'Leary 2015

Authors and Affiliations

  • Mike O’Leary
    • 1
  1. 1.Department of MathematicsTowson UniversityTowsonUS

Personalised recommendations