IIS Best Practices on Windows 2003

Author: NetworkAdminKB.com

Created: 2009-02-17

Modified: 2010-02-18

 

The following are the recommended Best Practices for configuring IIS on Windows 2003.  Use these practices when configuring IIS for single or multiple web applications on a single IIS server or in an IIS server farm.  These practices build on each other, so if you follow previous practices the following practices are easier to accomplish.  The goal of these Best Practices is to simplify administration by preventing issues as changes occur over time.

 

1)      Change the Default Web Site home folder

a.       Default Location: C:\Inetpub\wwwroot

b.      New Location: C:\Inetpub\wwwroot\default

                                                               i.      Move all existing files to the new location

                                                             ii.      This will allow the default website to be separate from any other website that is hosted on the server.

 

2)      Do not install applications into the default web site

a.       Use the Default Web Site to provide a user friendly menu of available websites or to automatically redirect to another web site hosted on the server.

b.      By not installing applications to the default website you can better manage the web server for long term support and maintenance needs.

c.       If an application must be installed into the default web site you should export the configuration and import it into another website.

d.      This practice allows you to always install and test applications while reducing the impact on currently running websites.  You can then move (Export and the Import) the site to its proper location during a scheduled maintenance period.  This is explained later in the document.

 

3)      Create separate websites as required for your environment.

a.       A single web site can host multiple applications from various vendors or these applications can be installed into separate web sites on the same server.

b.      The need to have a single or multiple web sites will depend on how you would like users to access the applications, and the support and maintenance needs of each website.

c.       Access options:

                                                               i.      http://website1/application1/page.html

                                                             ii.      http://website1/application2/page.html

1.      This configuration allows multiple applications per website

                                                            iii.      http://website1/application1/page.html

                                                           iv.      http://website2/application2/page.html

1.      This configuration allows multiple websites to host a single or multiple applications.

d.      Maintenance Needs

                                                               i.      Take into account the ability to upgrade applications and the corresponding website when planning each installation.  Consider the following actions and how they would affect all applications running on the web server.

1.      Stopping and Starting Websites

2.      Stopping and Starting Application Pools

3.      Stopping and Starting the Web Server (WWW) Service.

 

4)      Configure Logging as required for each web site.

a.       Use the default WSC Extended Log File Format

b.      All IIS logs are recorded at GMT (Greenwich Mean Time), therefore to make it easier to troubleshoot, it is highly recommended that you use the local computer time for file naming and rollover.

c.       It is also recommended that you use Weekly or Monthly logs on lightly used web sites, and use the Daily or When file size reaches log setting for heavily used web sites.

 

5)      Use only ONE IP Address for hosting multiple HTTP websites.

a.       Use host headers to provide access to multiple websites on the same IP address using HTTP.

b.      Use NIC Teaming instead of adding a second NIC with it its own IP address to address throughput issues.

 

6)      Always use the default port (80) for HTTP for all web sites requiring HTTP.

a.       This makes the end user URL (http://website) user friendly and easier to use.  Non-standard ports require the following, http://website:port, which is harder to remember and is not user friendly.

 

7)      Always use the default port (443) for HTTPS / SSL for all web sites requiring HTTPS / SSL.

a.       This makes the end user URL (https://website) user friendly and easier to use.  Non-standard ports require the following, https://website:port, which is harder to remember and is not user friendly.

 

8)      There can be only one HTTPS / SSL web site PER IP Address when using the standard port 443.

a.       Configure multiple IP Addresses on the same NIC to host multiple HTTPS / SSL websites.

b.      Use NIC Teaming instead of adding a second NIC with it its own IP address to address throughput issues.

c.       This limitation occurs because the host header information is encrypted in the SSL packet and cannot be used to determine which website should receive the packet.

 

9)      Do not use the server name for access to a website.

a.       Instead use a DNS Alias (CNAME) and host headers.

b.      Example:

                                                               i.      Website1 CNAME server1.domain.local

                                                             ii.      Website2 CNAME server1.domain.local

                                                            iii.      Website3 CNAME server1.domain.local

                                                           iv.      All three websites are hosted on the same IP address registered by server1.domain.local

                                                             v.      http://website1 takes you to the website1 via the host header

                                                           vi.      http://website2 takes you to the website2 via the host header

                                                          vii.      http://website3 takes you to the website3 via the host header

c.       Following this practice will make it easier to migrate the web site to another server in the future, which simplifies administration.

 

10)  Always configure a user friendly default page in the root URL (http://website)

a.       A user friendly default web page should exist in the root of every website.

                                                               i.      Returning Page Not Found error or Under Construction messages are NOT user friendly and should not be done.

b.      Should a default web page not exist because the application is installed in a sub-folder you should manually create a default web page and place it in the root of the website.

c.       The following are the recommended best practices for manually creating user friendly default web pages

                                                               i.      Display a user friendly menu of websites / applications OR automatically redirect the user to the appropriate subfolder or web page.

                                                             ii.      Simple HTML redirect and Menu pages that can be modified for your environment are provided later in this article.

d.      FYI: A default web page can be configured per website and per application, you typically need to only create the default page for the web site (i.e. the webpage returned for the root URL http://website).  The default web page for an installed application should exist and be properly configured to run the application.

 

11)  Follow these practices when creating links and redirection within the web sites.

a.       Always use relative paths (/folder/page.html) and not fully qualified paths (http://website/folder/page.html)

                                                               i.      This practice allows for easy changing of the website name / host headers to different values in the future.

b.      Rely on the configured default web page for redirection to applications.

                                                               i.      Do not specify the default page (/folder/login.asp) when redirecting to an application’s default page.

                                                             ii.      Instead rely on the configured default page for the application and redirect to the folder only (/folder/).

                                                            iii.      This will allow for easy upgrades on the application and prevent issues in the future should the default page change.

 

12)  Create and use separate Application Pools for each website and/or each application within a website.

a.       By separating Application Pools you can better manage the web server’s maintenance issues.

b.      Recycle applications pools instead of restarting IIS.  Most issues are the result of the Application Pool not the IIS / World Wide Web process.

 

13)  If using multiple IP Addresses configure the appropriate IP Address for each website.

a.       Do not use the default (All Unassigned) when using multiple IP Addresses (on a single NIC or with multiple NICs).

                                                               i.      You should specifically configure the IP Address for each web site to insure access is provided through the desired IP Address.

                                                             ii.      Doing this will prevent misconfigurations from occurring by making sure they are quickly discovered.  That in turn will allow future changes and migrations to occur as expected.

b.      If the server only has a single IP Address you should leave the default (All Unassigned) as the configured option for each web site.

                                                               i.      This allows you to change IP Addresses more easily on the server.

 

 

Configuring Windows 2003 for IIS Performance

1)      Memory Usage

a.       Adjust for the best performance of: Programs

2)      File and Printer Sharing

a.       Maximize data throughput for network applications

 

Simple HTML Menu of Websites

Use the following to configure the root URL to display a simple menu of available applications, allowing the user to select their desired destination.  Copy and paste the following code into a file called Default.html and place in the root of the web site.

 

<html>

<!---

Menu Page

 --->

 

<body>

<B> Menu Title </B> <BR> <BR>

 

Select from the following: <BR> <BR>

 

<a href="/Application1">Application 1 Name</a> <BR> <BR>

<a href="/Application2">Application 1 Name</a> <BR> <BR>

<a href="/Application3">Application 1 Name</a> <BR> <BR>

<a href="/Application4">Application 1 Name</a> <BR> <BR>

 

</body>

</html>

 

Simple HTML Redirect

Use the following to configure the root URL to automatically redirect to a specific application.  Copy and paste the following code into a file called Default.html and place in the root of the web site.

 

<!---

Default Redirection Page

 --->

 

<meta name="keywords" content="">

 

<META HTTP-EQUIV="REFRESH" CONTENT="0;URL=/folder/optional.asp">

<html>

<body>

</body>

</html>

 

 

Configuring Host Headers

1)      Open the IIS Manager

2)      Expand the Web Sites folder

3)      Right click the website to configure

4)      On the Web Site tab click the Advance button

5)      In Advanced Web Site Identification window do the following

a.       Click Edit to open the current setting

                                                               i.      IP address:

1.      Select (All Unassigned) or an IP Address as appropriate

                                                             ii.      TCP port: type 80

                                                            iii.      Host Header value: type the short name of the DNS alias you configured for the website

                                                           iv.      Click OK

b.      Click Add to create a new host header

                                                               i.      IP address:

1.      Select (All Unassigned) or an IP Address as appropriate

                                                             ii.      TCP port: type 80

                                                            iii.      Host Header value: type the fully qualified DNS name/alias (FQDN) you configured for the website

                                                           iv.      Click OK

c.       The end result should look something like this.

d.      Click OK

e.       Click OK

6)      Using both the Short and FQDN will ensure that the website is available to local users and remote users

a.       Remote users do not search the same domain suffix as configured in DNS

 

Creating and Configuring Application Pools

1)      Open the IIS Manager

2)      Right Click Application Pools

3)      Select New…Application Pool

a.       Type Application pool ID

b.      Select the appropriate Application pools Settings

                                                               i.      Use the DefaultAppPool as a template if not sure of settings.

c.       Click OK

4)      Expand the Web Sites folder

a.       Right Click the web site to configure

b.      Select Properties

c.       Click the Home Directory tab

d.      Configure the Application pool setting to the new application pool

e.       Click OK

 

Importing and Exporting Application Pools, Applications and Web Site Configurations

You can right click any Application Pool, Application or Web Site and import or export the configuration.  The following screenshot shows examples of Web Site and Application Pools import and export menu options.  Importing and exporting an Application (under a website) is not shown, but can be done the same way.

 

 

More Information:

Windows 2003 DNS Best Practices

Article ID: 13, Created On: 9/15/2011, Modified: 9/15/2011