IIS 模块(Modules)
概述
与以前版本不同,新的IIS版本中,不再在服务器上持有多数的功能(Instead of keeping the majority of functionality within the server itself),而是用一个名为“Web服务器引擎(Web server engine)”来替代。在这个Web服务器引擎上,可以根据需要,添加或者移除模块,用以实现各种功能。比如,用身份验证模块来实现鉴定客户端的证书的功能,用缓存模块管理缓存行为。(模块所在位置是工作者进程)
采用模块的方式,有以下几个优点:
(1)可以控制哪些模块在服务器上使用。
(2)可以自定义模块替代现有模块或者引用新特性。
(3)可以自定义服务器的角色(You can customize a server to a specific role in your environment.)。
(4)更加安全和便捷的管理。移除不必要的模块,可以减少服务器可能被攻击的地方,以及减少内存占用,舍去对“不必要功能”的管理。
一、本地模块(Native Modules)
在完全安装的IIS7及以上版本中,可以找到本地模块。根据需要,你可以移除它们或者用自定义模块替代它们。
1.HTTP模块
即在请求处理管理中,针对HTTP的模块,包括重定向请求、返回HTTP错误、响应。
|
Module Name |
Description |
Resource |
|
CustomErrorModule |
Sends default and configured HTTP error messages when an error status code is set on a response. |
Inetsrv\Custerr.dll |
|
HttpRedirectionModule |
Supports configurable redirection for HTTP requests. |
Inetsrv\Redirect.dll |
|
ProtocolSupportModule |
Performs protocol-related actions, such as setting response headers and redirecting headers based on configuration. |
Inetsrv\Protsup.dll |
|
RequestFilteringModule |
Added in IIS 7.5. Filters requests as configured to control protocol and content behavior. |
Inetsrv\modrqflt.dll |
|
WebDAVModule |
Added in IIS 7.5. Allows more secure publishing of content by using HTTP over SSL. |
Inetsrv\WebDAV.dll |
2.安全模块
即在请求处理管理中,执行与安全相关的任务的模块。根据身份验证方案,选择相应的模块(各模块是独立的)。也包括URL验证模块和请求过滤模块。
|
Module Name |
Description |
Resource |
|
AnonymousAuthenticationModule |
Performs Anonymous authentication |
Inetsrv\Authanon.dll |
|
BasicAuthenticationModule |
Performs Basic authentication. |
Inetsrv\Authbas.dll |
|
CertificateMappingAuthenticationModule |
Performs Certificate Mapping authentication using Active Directory. |
Inetsrv\Authcert.dll |
|
DigestAuthenticationModule |
Performs Digest authentication. |
Inetsrv\Authmd5.dll |
|
IISCertificateMappingAuthenticationModule |
Performs Certificate Mapping authentication using IIS certificate configuration. |
Inetsrv\Authmap.dll |
|
RequestFilteringModule |
Performs URLScan tasks such as configuring allowed verbs |
Inetsrv\Modrqflt.dll |
|
UrlAuthorizationModule |
Performs URL authorization. |
Inetsrv\Urlauthz.dll |
|
WindowsAuthenticationModule |
Performs NTLM integrated authentication. |
Inetsrv\Authsspi.dll |
|
IpRestrictionModule |
Restricts IPv4 addresses listed in the ipSecurity list in configuration. |
Inetsrv\iprestr.dll |
|
Module Name |
Description |
Resource |
|
AnonymousAuthenticationModule |
Performs Anonymous authentication when no other authentication method succeeds. |
Inetsrv\Authanon.dll |
|
BasicAuthenticationModule |
Performs Basic authentication. |
Inetsrv\Authbas.dll |
|
CertificateMappingAuthenticationModule |
Performs Certificate Mapping authentication using Active Directory. |
Inetsrv\Authcert.dll |
|
DigestAuthenticationModule |
Performs Digest authentication. |
Inetsrv\Authmd5.dll |
|
IISCertificateMappingAuthenticationModule |
Performs Certificate Mapping authentication using IIS certificate configuration. |
Inetsrv\Authmap.dll |
|
RequestFilteringModule |
Performs URLScan tasks such as configuring allowed verbs and file name extensions, setting limits, and scanning for bad character sequences. |
Inetsrv\Modrqflt.dll |
|
UrlAuthorizationModule |
Performs URL authorization. |
Inetsrv\Urlauthz.dll |
|
WindowsAuthenticationModule |
Performs NTLM integrated authentication. |
Inetsrv\Authsspi.dll |
|
IpRestrictionModule |
Restricts IPv4 addresses listed in the ipSecurity list in configuration. |
Inetsrv\iprestr.dll |
3.内容模块
即在请求处理管理中,执行与内容相关的任务的模块。包括处理静态文件请求、返回默认页面(未指定请求何资源时)、列举文件夹等模块。
|
Module Name |
Description |
Resource |
|
CgiModule |
Executes Common Gateway Interface (CGI) processes to build response output. |
Inetsrv\Cgi.dll |
|
DefaultDocumentModule |
Attempts to return a default document for requests made to the parent directory. |
Inetsrv\Defdoc.dll |
|
DirectoryListingModule |
Lists the contents of a directory. |
Inetsrv\dirlist.dll |
|
IsapiModule |
Hosts ISAPI extension DLLs. |
Inetsrv\Isapi.dll |
|
IsapiFilterModule |
Supports ISAPI filter DLLs. |
Inetsrv\Filter.dll |
|
ServerSideIncludeModule |
Processes server-side includes code. |
Inetsrv\Iis_ssi.dll |
|
StaticFileModule |
Serves static files. |
Inetsrv\Static.dll |
|
FastCgiModule |
Supports FastCGI, which provides a high-performance alternative to CGI. |
Inetsrv\iisfcgi.dll |
4.压缩模块
即在请求处理管理中,有两个模块实现压缩功能。
|
Module Name |
Description |
Resource |
|
DynamicCompressionModule |
Compresses responses and applies Gzip compression transfer coding to responses. |
Inetsrv\Compdyn.dll |
|
StaticCompressionModule |
Performs pre-compression of static content. |
Inetsrv\Compstat.dll |
5.缓存模块
即在请求处理管理中,执行与缓存相关的任务的模块。缓存可以改善网站和应用程序的性能。它通过在服务器的内存中保存已经处理过的信息(比如网页)来实现。如果后续的讲求是请求相同的资源,则这些信息将被重复利用。
|
Module Name |
Description |
Resource |
|
FileCacheModule |
Provides user mode caching for files and file handles. |
Inetsrv\Cachfile.dll |
|
HTTPCacheModule |
Provides kernel mode and user mode caching in HTTP.sys. |
Inetsrv\Cachhttp.dll |
|
TokenCacheModule |
Provides user mode caching of user name and token pairs for modules that produce Windows user principals. |
Inetsrv\Cachtokn.dll |
|
UriCacheModule |
Provides user mode caching of URL information. |
Inetsrv\Cachuri.dll |
6.日志和诊断模块
即在请求处理管理中,执行与日志和诊断相关的任务和模块。日志模块支持加载自定义模块,和向HTTP.SYS传递信息。诊断模块在请求处理过程中,跟踪并报告事件。
|
Module Name |
Description |
Resource |
|
CustomLoggingModule |
Loads custom logging modules. |
Inetsrv\Logcust.dll |
|
FailedRequestsTracingModule |
Supports the Failed Request Tracing feature. |
Inetsrv\Iisfreb.dll |
|
HttpLoggingModule |
Passes information and processing status to HTTP.sys for logging. |
Inetsrv\Loghttp.dll |
|
RequestMonitorModule |
Tracks requests currently executing in worker processes and reports information with Runtime Status and Control Application Programming Interface (RSCA). |
Inetsrv\Iisreqs.dll |
|
TracingModule |
Reports events to Microsoft Event Tracing for Windows (ETW). |
Inetsrv\Iisetw.dll |
7.托管支持模块(Managed Support Modules)
即在请求处理管理中,有两个模块用于支持托管代码集成(A couple of modules in IIS support managed integration in the IIS request-processing pipeline.)。
|
Module Name |
Description |
Resource |
|
ManagedEngine |
Provides integration of managed code modules in the IIS request-processing pipeline. |
Microsoft.NET\Framework\v2.0.50727\webengine.dll |
|
ConfigurationValidationModule |
Validates configuration issues, such as when an application is running in Integrated mode but has handlers or modules declared in the system.web section. |
Inetsrv\validcfg.dll |
二、托管模块(Managed Modules)
除本地模块之外,IIS允许你使用托管代码模块来扩展IIS的功能。一些托管模块会对应一个本地模块(比如:UrlAuthorization)。这个本地模块是可供替代的选择。
托管模块依赖于ManagedEngine模块
|
Module Name |
Description |
Resource |
|
AnonymousIdentification |
Manages anonymous identifiers, which are used by features that support anonymous identification such as ASP.NET profile. |
System.Web.Security.AnonymousIdentificationModule |
|
DefaultAuthentication |
Ensures that an authentication object is present in the context. |
System.Web.Security.DefaultAuthenticationModule |
|
FileAuthorization |
Verifies that a user has permission to access the requested file. |
System.Web.Security.FileAuthorizationModule |
|
FormsAuthentication |
Supports authentication by using Forms authentication. |
System.Web.Security.FormsAuthenticationModule |
|
OutputCache |
Supports output caching. |
System.Web.Caching.OutputCacheModule |
|
Profile |
Manages user profiles by using ASP.NET profile, which stores and retrieves user settings in a data source such as a database. |
System.Web.Profile.ProfileModule |
|
RoleManager |
Manages a RolePrincipal instance for the current user. |
System.Web.Security.RoleManagerModule |
|
Session |
Supports maintaining session state, which enables storage of data specific to a single client within an application on the server. |
System.Web.SessionState.SessionStateModule |
|
UrlAuthorization |
Determines whether the current user is permitted access to the requested URL, based on the user name or the list of roles of which a user is a member. |
System.Web.Security.UrlAuthorizationModule |
|
UrlMappingsModule |
Supports mapping a real URL to a more user-friendly URL. |
System.Web.UrlMappingsModule |
|
WindowsAuthentication |
Sets the identity of the user for an ASP.NET application when Windows authentication is enabled. |
System.Web.Security.WindowsAuthenticationModule
|
