Skip to main content
SpringerLink
Log in

IIS and ModSecurity

  • Chapter
  • First Online:
Cyber Operations

Abstract

Microsoft Internet Information Services (IIS) is a web server available on Windows Server, as well as on Windows desktop systems. On Windows Server, it is considered a server role, and it is installed using the roles and features components. As a web server, IIS can run multiple web sites on multiple ports using multiple protocols. It can be managed locally or remotely through the graphical tool IIS Manager. Configuration information is stored in .xml configuration files that can be manipulated with command-line tools. Access to IIS web sites can be controlled in several ways, including filtering by properties of the client or the request. Authentication of remote clients can be done via HTTP basic authentication but can also take place using Windows authentication methods. Web sites can be protected by SSL using self-signed certificates, certificates signed by a local signing server, or by a commercial Certificate Authority. Customizable logging to plaintext log files is provided, and PowerShell can be used to parse these logs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    It is possible if Notepad is started as an Administrator though.

  2. 2.

    https://www.nartac.com/Products/IISCrypto/

  3. 3.

    To make the result clearer to the reader, requests for /favicon.ico have been omitted.

  4. 4.

    There are many different Microsoft Visual C++ Redistributable packages; ModSecurity requires the Visual C++ Redistributable for Visual Studio 2013. The Notes and References for Chapter 20 provides a list of available redistributable packages along with download links for each.

  5. 5.

    For suitable values of the word “fortunately.”

Author information

Authors and Affiliations

  1. Towson, MD, USA

    Mike O’Leary

Authors
  1. Mike O’Leary
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Mike O'Leary

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

O’Leary, M. (2019). IIS and ModSecurity. In: Cyber Operations. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-4294-0_15

Download citation

Publish with us

Policies and ethics

Search

Navigation