IIS is Microsoft’s web server offering and has been available since the mid-1990s forward. Currently in its eighth incarnation with Windows Server 2012, the product has evolved tremendously and is an integral part of many of Microsoft’s technologies. Presently, IIS 7.0 and 7.5 for Windows Server 2008 and 2008r2, respectively, are the most commonly encountered versions in the wild.
In many ways IIS resembles Apache conceptually, but there are some differences that can and do occur. Much like the modular architecture of Apache, IIS implements modules that extend and enhance the core functionality of the product. Modules that can be added to IIS include these:
- Process management
- Server-side language
- Support for legacy technologies (mainly for IIS 6.0 users)
- Protocol listeners
- Security support
- Certificate support
- Authentication support
- Database support
One of the elements on this list, protocol listeners, needs some extra attention because it will figure prominently in your later investigations. Protocol listeners are modules designed to receive requests for specific protocols, deliver them to IIS for processing, and then return the response to the original requesting party. Of these listeners the most frequently used one is the HTTP listener as part of the HTTP.sys module. This listener intercepts HTTP requests and delivers them to IIS, and then HTTP.sys delivers the response back to the browser or application that initiated the request.
In any version of IIS from 6.0 forward, only a handful of listeners and other components are installed by default. This is in response to issues and changes that had arisen up through version 5 of the product. Prior to version 6, the product was not considered modular and shipped with all services essentially installed and ready to be used.