SlideShare a Scribd company logo

Understandingiis 120715123909-phpapp01

Download as PPT, PDF
A
arunparmar

IIS is a web server that processes HTTP requests and delivers web content through its main components like HTTP.sys, worker processes, ISAPI extensions, and application pools; it operates in either isolation mode with InetInfo.exe or DLLHost.exe handling requests, or worker process mode with W3wp.exe; when a request is received, IIS determines if the response is cached or passes it to the appropriate component to retrieve dynamic content before returning the response.

Technology
1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
“Understanding our IIS”
Contents  Web Server  Kernel & User mode  IIS and it's main components  Different Modes of Operations  Request Processing  Take Away
Web Server • The primary function of a web server is to deliver web pages on requests from clients using HTTP. • It can be referred as hardware(computer) or the software (computer application) • Hosts websites/web application to serve www. • Found embedded in devices like printers, routers, web-cams to serve local network • Able to map URL to a local file system resource (static requests) as well as internal or external program name (dynamic requests)
Kernel & User Mode • The executing code • The executing code has complete and has no ability to unrestricted access directly access to the underlying hardware or hardware. reference memory. • Kernel mode is • Code running in user generally reserved mode must delegate for the lowest-level, to system APIs to most trusted access hardware or functions of the memory. operating system.
Kernel & User Mode • Crashes in kernel • Crashes in user mode mode are are always catastrophic; they recoverable. will halt the entire PC. • Comparatively slow • Usually work faster, as they have to ask because, as part of the system the the system, it can permission to use directly use all the more memory or hardware resources more CPU resources. it needs.
IIS & it's main components • Designed to provide secure, scalable solutions for creating and managing www sites and servers • We can publish information on intranets, extranets and the internet • Provides FTP, SMTP, Indexing and other services • Components: – HTTP.sys – Worker processes (W3wp.exe) – ISAPI – InetInfo.exe – Application pools
HTTP.sys • Also known as “HTTP Protocol Stack” or “Http Listener Process” • Implemented as a kernel-mode device driver • core component to receive and serve HTTP requests and passing them off to the worker processes • When you create a Web site, IIS registers the site with HTTP.sys • Other than retrieving a stored response from its internal cache, HTTP.sys does not process the requests that it receives.
W3wp.exe • A worker process is user-mode code whose role is to process requests, such as processing requests to return a static page • The worker process is controlled by the WWW service • A worker process runs as an executable file named W3wp.exe • Worker processes also run application code, such as ASP.NET applications and XML Web services.
ISAPI • Internet Server Application Programming Interface, is an API developed to provide the application developers with a powerful way to extend the functionality of IIS • Extensions and Filters are the two types of applications that can be developed using ISAPI • ISAPI extensions are true applications that run on IIS and have access to all of the functionality provided by IIS
ISAPI Application Mapping are implemented as DLLs that • ISAPI extensions are loaded into a process that is controlled by IIS • Like ASP and HTML pages, IIS uses the virtual location of the DLL file in the file system to map the ISAPI extension • ASP.Net functionality is contained in an ISAPI extension called aspnet_isapi.dll • Any file that is requested from the IIS server that ends in “.aspx” is mapped to aspnet_isapi.dll which is assigned to process the file before displaying its output in the client’s window
InetInfo.exe • A user-mode component that hosts the IIS metabase and that also hosts the non-Web services like the FTP, SMTP etc • Used to manage ISAPI applications that run within the IIS process context • The services that run in Inetinfo.exe run as dynamic-link libraries (DLLs) under the Local System account • In IIS5.0 or IIS6.0 runs in IIS5.0 isolation mode >Inetinfo.exe hosts the worker process
DLLHost.exe (IIS 5.0) • Manage out-of-process ISAPI applications • Any pooled ISAPI applications running on the server run within the context of a single instance of DLLHost.exe • The dllhost.exe process goes by the name COM Surrogate, which is an general purpose executable to host dlls out of process • In case of any unhandled error which may crash the COM Surrogate process, leaves the originating process intact.
Application Pools (IIS 6.0) • Group of Web Applications and Web Sites are called Application Pools • Every application within an application pool shares the same worker process • The worker process(w3wp.exe) that services one application pool is separated from the worker process that services another • Each separate worker process provides a process boundary so each application pool is separated by these process boundaries
IIS Different Modes of Operations • IIS 5.0 isolation mode (InetInfo.exe or DLLHost.exe takes the ownership for request processing) • IIS 6.0 worker process isolation mode (worker process W3wp.exe takes the ownership for request processing)
IIS 5.0 Isolation Mode file:///C:/Documents and Settings/Admin/My Documents/My Pictures/iis5_isolation_mode.jpg
Request Processing • A request arrives. If the requested application is running in- process, then Inetinfo.exe takes the request. If not, then DLLHost.exe takes the request. • Inetinfo.exe or DLLHost.exe determines if the request is valid. If the request is not valid, it sends a code for an invalid request back to the client. • If the request is valid, Inetinfo.exe or DLLHost.exe checks to see if the response is located in the IIS cache. • If the response is in the cache, it is returned immediately. • If the response is not cached, Inetinfo.exe or DLLHost.exe processes the request, by evaluating the URL to determine if the request is for static (HTML), or dynamic content (ASP) • The response is sent back to the client and the request is logged, if IIS is configured to do so.
IIS 6.0 Isolation Mode file:///C:/Documents and Settings/Admin/My Documents/My Pictures/iis6_isolation_Mode.jpg
Request Processing • A request arrives at HTTP.sys. • HTTP.sys determines if the request is valid. If the request is not valid, it sends a code for an invalid request back to the client. • If the request is valid, HTTP.sys checks to see if the request is for static content (HTML) because static content can be served immediately. • If the request is for dynamic content, HTTP.sys checks to see if the response is located in its “kernel-mode cache”. • If the response is in the cache, HTTP.sys returns the response immediately. • If the response is not cached, HTTP.sys determines the correct “request queue”, and places the request in that queue.
Request Processing(contd.) • If the queue has no worker processes assigned to it, HTTP.sys signals the WWW service to start one. • The worker process pulls the request from the queue and processes the request, evaluating the URL to determine the type of request (ASP, ISAPI, or CGI). • The worker process sends the response back to HTTP.sys. • HTTP.sys sends the response back to the client and logs the request, if configured to do so.
Take Away

More Related Content

PPT
Understanding iis part1
Om Vikram Thapa
 
PPT
Understanding iis part2
Om Vikram Thapa
 
DOCX
IIS interview questions and answers
Interviewwiz
 
PPT
IIS 7: The Administrator’s Guide
Information Technology
 
PPTX
IIS Always-On Services
Brian Ritchie
 
PPT
IIS-Settings
Mindfire Solutions
 
PPTX
ASP.NET Request Processing Internals
Abhijit Jana
 
PPT
INTRODUCTION TO IIS
sanya6900
 
Understanding iis part1
Om Vikram Thapa
 
Understanding iis part2
Om Vikram Thapa
 
IIS interview questions and answers
Interviewwiz
 
IIS 7: The Administrator’s Guide
Information Technology
 
IIS Always-On Services
Brian Ritchie
 
IIS-Settings
Mindfire Solutions
 
ASP.NET Request Processing Internals
Abhijit Jana
 
INTRODUCTION TO IIS
sanya6900
 

What's hot (18)

PPT
Understanding IIS
Om Vikram Thapa
 
PDF
Build sites on iis
Paul Davis
 
PPTX
Codeigniter framework
baabtra.com - No. 1 supplier of quality freshers
 
PPTX
IIS7 For Non IIS PFEs
Kenny Abdiel Maita
 
PPT
introasp_net-7364068.ppt
IQM123
 
PDF
CNIT 129S: 10: Attacking Back-End Components
Sam Bowne
 
PPT
introaspnet-3030384.ppt
IQM123
 
PDF
WebLogic on ODA - Oracle Open World 2013
Michel Schildmeijer
 
PDF
IIS 7.0 Architecture And Integration With Asp.Net
Manny Siddiqui MCS, MBA, PMP
 
PPTX
Apex world 2018 continuously delivering APEX
Sergei Martens
 
PDF
Laravel and CodeIgniter: pros & cons
ElenorWisozk
 
PPTX
Web303
Information Technology
 
PPTX
High Volume Payments using Mule
Adhish Pendharkar
 
PPTX
Operational Security 3.7
StephenKardian
 
PPT
Iis it-slideshares.blogspot.com
phanleson
 
PDF
Restful风格ž„web服务架构
Benjamin Tan
 
PPTX
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
Ido Flatow
 
PDF
IBM InterConnect 2015 - IIB in the Cloud
Andrew Coleman
 
Understanding IIS
Om Vikram Thapa
 
Build sites on iis
Paul Davis
 
Codeigniter framework
baabtra.com - No. 1 supplier of quality freshers
 
IIS7 For Non IIS PFEs
Kenny Abdiel Maita
 
introasp_net-7364068.ppt
IQM123
 
CNIT 129S: 10: Attacking Back-End Components
Sam Bowne
 
introaspnet-3030384.ppt
IQM123
 
WebLogic on ODA - Oracle Open World 2013
Michel Schildmeijer
 
IIS 7.0 Architecture And Integration With Asp.Net
Manny Siddiqui MCS, MBA, PMP
 
Apex world 2018 continuously delivering APEX
Sergei Martens
 
Laravel and CodeIgniter: pros & cons
ElenorWisozk
 
Web303
Information Technology
 
High Volume Payments using Mule
Adhish Pendharkar
 
Operational Security 3.7
StephenKardian
 
Iis it-slideshares.blogspot.com
phanleson
 
Restful风格ž„web服务架构
Benjamin Tan
 
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
Ido Flatow
 
IBM InterConnect 2015 - IIB in the Cloud
Andrew Coleman
 
Ad

Similar to Understandingiis 120715123909-phpapp01 (20)

PDF
Web Server Hardening
n|u - The Open Security Community
 
PPTX
10 tips to make your ASP.NET Apps Faster
Brij Mishra
 
PPT
Windows internals
Piyush Jain
 
PPTX
Add a web server
AgCharu
 
PPTX
Application Virtualization overview - BayCUG
Denis Gundarev
 
PDF
CNIT 121: 10 Enterprise Services
Sam Bowne
 
PDF
CNIT 152: 10 Enterprise Services
Sam Bowne
 
PDF
AAI-2016 WebSphere Application Server Installation and Maintenance in the Ent...
WASdev Community
 
PPTX
Debugging the Web with Fiddler
Ido Flatow
 
PDF
SharePoint Saturday San Antonio: SharePoint 2010 Performance
Brian Culver
 
PPTX
IIS request process
Mahbub Hasan
 
PPTX
06.m3 cms set-upwebserver
tarensi
 
PPTX
SharePoint 2013 - What's New
AdventosConsulting
 
PPT
Network Implementation and Support Lesson 13 Web Resouces
Eric Vanderburg
 
PPTX
IIS_Presentation.pptxlllllllllllllllllllllllllllllllllllllllllllllll
aashimait
 
PDF
Web server
Touhid Arastu
 
PDF
SharePoint Saturday The Conference 2011 - SP2010 Performance
Brian Culver
 
PDF
How to Harden the Security of Your .NET Website
DNN
 
PPTX
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Jayesh Naik
 
PPTX
Application hardening
Jayesh Naik
 
Web Server Hardening
n|u - The Open Security Community
 
10 tips to make your ASP.NET Apps Faster
Brij Mishra
 
Windows internals
Piyush Jain
 
Add a web server
AgCharu
 
Application Virtualization overview - BayCUG
Denis Gundarev
 
CNIT 121: 10 Enterprise Services
Sam Bowne
 
CNIT 152: 10 Enterprise Services
Sam Bowne
 
AAI-2016 WebSphere Application Server Installation and Maintenance in the Ent...
WASdev Community
 
Debugging the Web with Fiddler
Ido Flatow
 
SharePoint Saturday San Antonio: SharePoint 2010 Performance
Brian Culver
 
IIS request process
Mahbub Hasan
 
06.m3 cms set-upwebserver
tarensi
 
SharePoint 2013 - What's New
AdventosConsulting
 
Network Implementation and Support Lesson 13 Web Resouces
Eric Vanderburg
 
IIS_Presentation.pptxlllllllllllllllllllllllllllllllllllllllllllllll
aashimait
 
Web server
Touhid Arastu
 
SharePoint Saturday The Conference 2011 - SP2010 Performance
Brian Culver
 
How to Harden the Security of Your .NET Website
DNN
 
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Jayesh Naik
 
Application hardening
Jayesh Naik
 
Ad

Recently uploaded (20)

PDF
Peak of Data & AI Encore - Real-Time Insights & Scalable Editing with ArcGIS
Safe Software
 
PPTX
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
PDF
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
PPTX
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
PPTX
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
PDF
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
PDF
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
PDF
Software Development Methodologies in 2025
KodekX
 
PPTX
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
PPTX
Simple and concise overview about Quantum computing..pptx
mughal641
 
PDF
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
PDF
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
PPTX
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PDF
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
Peak of Data & AI Encore - Real-Time Insights & Scalable Editing with ArcGIS
Safe Software
 
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
Software Development Methodologies in 2025
KodekX
 
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
Simple and concise overview about Quantum computing..pptx
mughal641
 
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 

Understandingiis 120715123909-phpapp01

  • 2. Contents  Web Server  Kernel & User mode  IIS and it's main components  Different Modes of Operations  Request Processing  Take Away
  • 3. Web Server • The primary function of a web server is to deliver web pages on requests from clients using HTTP. • It can be referred as hardware(computer) or the software (computer application) • Hosts websites/web application to serve www. • Found embedded in devices like printers, routers, web-cams to serve local network • Able to map URL to a local file system resource (static requests) as well as internal or external program name (dynamic requests)
  • 4. Kernel & User Mode • The executing code • The executing code has complete and has no ability to unrestricted access directly access to the underlying hardware or hardware. reference memory. • Kernel mode is • Code running in user generally reserved mode must delegate for the lowest-level, to system APIs to most trusted access hardware or functions of the memory. operating system.
  • 5. Kernel & User Mode • Crashes in kernel • Crashes in user mode mode are are always catastrophic; they recoverable. will halt the entire PC. • Comparatively slow • Usually work faster, as they have to ask because, as part of the system the the system, it can permission to use directly use all the more memory or hardware resources more CPU resources. it needs.
  • 6. IIS & it's main components • Designed to provide secure, scalable solutions for creating and managing www sites and servers • We can publish information on intranets, extranets and the internet • Provides FTP, SMTP, Indexing and other services • Components: – HTTP.sys – Worker processes (W3wp.exe) – ISAPI – InetInfo.exe – Application pools
  • 7. HTTP.sys • Also known as “HTTP Protocol Stack” or “Http Listener Process” • Implemented as a kernel-mode device driver • core component to receive and serve HTTP requests and passing them off to the worker processes • When you create a Web site, IIS registers the site with HTTP.sys • Other than retrieving a stored response from its internal cache, HTTP.sys does not process the requests that it receives.
  • 8. W3wp.exe • A worker process is user-mode code whose role is to process requests, such as processing requests to return a static page • The worker process is controlled by the WWW service • A worker process runs as an executable file named W3wp.exe • Worker processes also run application code, such as ASP.NET applications and XML Web services.
  • 9. ISAPI • Internet Server Application Programming Interface, is an API developed to provide the application developers with a powerful way to extend the functionality of IIS • Extensions and Filters are the two types of applications that can be developed using ISAPI • ISAPI extensions are true applications that run on IIS and have access to all of the functionality provided by IIS
  • 10. ISAPI Application Mapping are implemented as DLLs that • ISAPI extensions are loaded into a process that is controlled by IIS • Like ASP and HTML pages, IIS uses the virtual location of the DLL file in the file system to map the ISAPI extension • ASP.Net functionality is contained in an ISAPI extension called aspnet_isapi.dll • Any file that is requested from the IIS server that ends in “.aspx” is mapped to aspnet_isapi.dll which is assigned to process the file before displaying its output in the client’s window
  • 11. InetInfo.exe • A user-mode component that hosts the IIS metabase and that also hosts the non-Web services like the FTP, SMTP etc • Used to manage ISAPI applications that run within the IIS process context • The services that run in Inetinfo.exe run as dynamic-link libraries (DLLs) under the Local System account • In IIS5.0 or IIS6.0 runs in IIS5.0 isolation mode >Inetinfo.exe hosts the worker process
  • 12. DLLHost.exe (IIS 5.0) • Manage out-of-process ISAPI applications • Any pooled ISAPI applications running on the server run within the context of a single instance of DLLHost.exe • The dllhost.exe process goes by the name COM Surrogate, which is an general purpose executable to host dlls out of process • In case of any unhandled error which may crash the COM Surrogate process, leaves the originating process intact.
  • 13. Application Pools (IIS 6.0) • Group of Web Applications and Web Sites are called Application Pools • Every application within an application pool shares the same worker process • The worker process(w3wp.exe) that services one application pool is separated from the worker process that services another • Each separate worker process provides a process boundary so each application pool is separated by these process boundaries
  • 14. IIS Different Modes of Operations • IIS 5.0 isolation mode (InetInfo.exe or DLLHost.exe takes the ownership for request processing) • IIS 6.0 worker process isolation mode (worker process W3wp.exe takes the ownership for request processing)
  • 15. IIS 5.0 Isolation Mode file:///C:/Documents and Settings/Admin/My Documents/My Pictures/iis5_isolation_mode.jpg
  • 16. Request Processing • A request arrives. If the requested application is running in- process, then Inetinfo.exe takes the request. If not, then DLLHost.exe takes the request. • Inetinfo.exe or DLLHost.exe determines if the request is valid. If the request is not valid, it sends a code for an invalid request back to the client. • If the request is valid, Inetinfo.exe or DLLHost.exe checks to see if the response is located in the IIS cache. • If the response is in the cache, it is returned immediately. • If the response is not cached, Inetinfo.exe or DLLHost.exe processes the request, by evaluating the URL to determine if the request is for static (HTML), or dynamic content (ASP) • The response is sent back to the client and the request is logged, if IIS is configured to do so.
  • 17. IIS 6.0 Isolation Mode file:///C:/Documents and Settings/Admin/My Documents/My Pictures/iis6_isolation_Mode.jpg
  • 18. Request Processing • A request arrives at HTTP.sys. • HTTP.sys determines if the request is valid. If the request is not valid, it sends a code for an invalid request back to the client. • If the request is valid, HTTP.sys checks to see if the request is for static content (HTML) because static content can be served immediately. • If the request is for dynamic content, HTTP.sys checks to see if the response is located in its “kernel-mode cache”. • If the response is in the cache, HTTP.sys returns the response immediately. • If the response is not cached, HTTP.sys determines the correct “request queue”, and places the request in that queue.
  • 19. Request Processing(contd.) • If the queue has no worker processes assigned to it, HTTP.sys signals the WWW service to start one. • The worker process pulls the request from the queue and processes the request, evaluating the URL to determine the type of request (ASP, ISAPI, or CGI). • The worker process sends the response back to HTTP.sys. • HTTP.sys sends the response back to the client and logs the request, if configured to do so.