IIS and WAP Deployment
The Day I Learned About IIS Security
What is Internet Information Services (IIS)?
Why I Deploy IIS
IIS Architecture
Core Components
HTTP.SYS
Windows Activation Service (WAS)
Application Pools (w3wp.exe)
Websites
Installing IIS
Basic Installation
Full Installation with All Features
Install URL Rewrite Module
Install Application Request Routing (ARR)
Application Pool Configuration
Creating Application Pools
Application Pool Recycling
Application Pool Limits
Rapid-Fail Protection
Website Configuration
Creating Websites
Host Headers and SNI
Virtual Directories and Applications
Authentication Configuration
Windows Authentication
Kerberos Configuration
Forms Authentication
Client Certificate Authentication
SSL/TLS Configuration
Install SSL Certificate
Configure TLS Protocols
Configure Cipher Suites
HTTP to HTTPS Redirect
Security Hardening
Request Filtering
Remove Server Headers
Security Headers
IP Restrictions
Web Application Proxy (WAP)
WAP Architecture
Installing WAP
Publishing Applications Through WAP
Publish with ADFS Pre-authentication
Publish with Pass-through Authentication
Publish with Client Certificate Authentication
WAP Health Monitoring
Load Balancing with ARR
Configure ARR
Monitoring and Troubleshooting
Performance Monitoring
Failed Request Tracing
Common Issues
Application Pool Crashes
Kerberos Authentication Failures
SSL/TLS Errors
Best Practices Summary
Application Pools
Security
Performance
Authentication
Conclusion
Further Reading
Last updated