IIS模块（Modules）

IIS模块（Modules）
概述
与以前版本不同，新的IIS版本中，不再在服务器上持有多数的功能（Instead of keeping the majority of functionality within the server itself），⽽是⽤⼀个名为“Web服务器引擎（Web server engine）”来替代。

在这个Web服务器引擎上，可以根据需要，添加或者移除模块，⽤以实现各种功能。

⽐如，⽤⾝份验证模块来实现鉴定客户端的证书的功能，⽤缓存模块管理缓存⾏为。

（模块所在位置是⼯作者进程）
采⽤模块的⽅式，有以下⼏个优点：
（1）可以控制哪些模块在服务器上使⽤。

（2）可以⾃定义模块替代现有模块或者引⽤新特性。

（3）可以⾃定义服务器的⾓⾊（You can customize a server to a specific role in your environment.）。

（4）更加安全和便捷的管理。

移除不必要的模块，可以减少服务器可能被攻击的地⽅，以及减少内存占⽤，舍去对“不必要功能”的管理。

⼀、本地模块（Native Modules）
在完全安装的IIS7及以上版本中，可以找到本地模块。

根据需要，你可以移除它们或者⽤⾃定义模块替代它们。

1.HTTP模块
即在请求处理管理中，针对HTTP的模块，包括重定向请求、返回HTTP错误、响应。

Module Name Description Resource
CustomErrorModule Sends default and configured HTTP error messages when an error
status code is set on a response.
Inetsrv\Custerr.dll
HttpRedirectionModule
Supports configurable redirection for HTTP requests.Inetsrv\Redirect.dll
ProtocolSupportModule Performs protocol-related actions, such as setting response headers
and redirecting headers based on configuration.
Inetsrv\Protsup.dll
RequestFilteringModule Added in IIS 7.5. Filters requests as configured to control protocol and
content behavior.
Inetsrv\modrqflt.dll
WebDAVModule Added in IIS 7.5. Allows more secure publishing of content by using
HTTP over SSL.
Inetsrv\WebDAV.dll
2.安全模块
即在请求处理管理中，执⾏与安全相关的任务的模块。

根据⾝份验证⽅案，选择相应的模块（各模块是独⽴的）。

也包括URL验证模块和请求过滤模块。

Module Name Description Resource
AnonymousAuthenticationModule Performs Anonymous authentication
when no other authentication method succeeds.
Inetsrv\Authanon.dll
BasicAuthenticationModule Performs Basic authentication.Inetsrv\Authbas.dll CertificateMappingAuthenticationModule Performs Certificate Mapping authentication using Active Directory.Inetsrv\Authcert.dll DigestAuthenticationModule Performs Digest authentication.Inetsrv\Authmd5.dll
IISCertificateMappingAuthenticationModule Performs Certificate Mapping authentication
using IIS certificate configuration.
Inetsrv\Authmap.dll Performs URLScan tasks such as configuring allowed verbs
RequestFilteringModule Performs URLScan tasks such as configuring allowed verbs
and file name extensions,setting limits, and scanning for
bad character sequences.
Inetsrv\Modrqflt.dll
UrlAuthorizationModule Performs URL authorization.Inetsrv\Urlauthz.dll WindowsAuthenticationModule Performs NTLM integrated authentication.Inetsrv\Authsspi.dll IpRestrictionModule Restricts IPv4 addresses listed in the ipSecurity list in configuration.Inetsrv\iprestr.dll Module Name Description Resource
AnonymousAuthenticationModule Performs Anonymous authentication when no other authentication
method succeeds.
Inetsrv\Authanon.dll
BasicAuthenticationModule
Performs Basic authentication.Inetsrv\Authbas.dll CertificateMappingAuthenticationModule
Performs Certificate Mapping authentication using Active Directory.Inetsrv\Authcert.dll DigestAuthenticationModule
Performs Digest authentication.Inetsrv\Authmd5.dll
IISCertificateMappingAuthenticationModule Performs Certificate Mapping authentication using IIS certificate
configuration.
Inetsrv\Authmap.dll
RequestFilteringModule name extensions, setting limits,
and scanning for bad character sequences.
UrlAuthorizationModule
WindowsAuthenticationModule
Performs NTLM integrated authentication.Inetsrv\Authsspi.dll IpRestrictionModule
Restricts IPv4 addresses listed in the ipSecurity list in configuration.Inetsrv\iprestr.dll
3.内容模块
即在请求处理管理中，执⾏与内容相关的任务的模块。

包括处理静态⽂件请求、返回默认页⾯（未指定请求何资源时）、列举⽂件夹等模块。

Module Name Description Resource
CgiModule Executes Common Gateway Interface (CGI) processes to build response output.Inetsrv\Cgi.dll DefaultDocumentModule Attempts to return a default document for requests made to the parent directory.Inetsrv\Defdoc.dll DirectoryListingModule Lists the contents of a directory.Inetsrv\dirlist.dll IsapiModule Hosts ISAPI extension DLLs.Inetsrv\Isapi.dll IsapiFilterModule Supports ISAPI filter DLLs.Inetsrv\Filter.dll ServerSideIncludeModule Processes server-side includes code.Inetsrv\Iis_ssi.dll StaticFileModule Serves static files.Inetsrv\Static.dll FastCgiModule Supports FastCGI, which provides a high-performance alternative to CGI.Inetsrv\iisfcgi.dll
4.压缩模块
即在请求处理管理中，有两个模块实现压缩功能。

Module Name Description Resource
DynamicCompressionModule Compresses responses and applies Gzip compression transfer coding to
responses.
Inetsrv\Compdyn.dll
StaticCompressionModule Performs pre-compression of static content.Inetsrv\Compstat.dll
StaticCompressionModule Performs pre-compression of static content.Inetsrv\Compstat.dll
5.缓存模块
即在请求处理管理中，执⾏与缓存相关的任务的模块。

缓存可以改善⽹站和应⽤程序的性能。

它通过在服务器的内存中保存已经处理过的信息（⽐如⽹页）来实现。

如果后续的讲求是请求相同的资源，则这些信息将被重复利⽤。

Module Name Description Resource FileCacheModule
Provides user mode caching for files and file handles.Inetsrv\Cachfile.dll HTTPCacheModule
Provides kernel mode and user mode caching in HTTP.sys.Inetsrv\Cachhttp.dll
TokenCacheModule Provides user mode caching of user name and token pairs for modules that produce
Windows user principals.
Inetsrv\Cachtokn.dll
UriCacheModule
Provides user mode caching of URL information.Inetsrv\Cachuri.dll
6.⽇志和诊断模块
即在请求处理管理中，执⾏与⽇志和诊断相关的任务和模块。

⽇志模块⽀持加载⾃定义模块，和向HTTP.SYS传递信息。

诊断模块在请求处理过程中，跟踪并报告事件。

Module Name Description Resource CustomLoggingModule
Loads custom logging modules.Inetsrv\Logcust.dll FailedRequestsTracingModule
Supports the Failed Request Tracing feature.Inetsrv\Iisfreb.dll HttpLoggingModule
Passes information and processing status to HTTP.sys for logging.Inetsrv\Loghttp.dll
RequestMonitorModule Tracks requests currently executing in worker processes and reports
information with Runtime Status and Control Application Programming
Interface (RSCA).
Inetsrv\Iisreqs.dll
TracingModule
Reports events to Microsoft Event Tracing for Windows (ETW).Inetsrv\Iisetw.dll
7.托管⽀持模块（Managed Support Modules）
即在请求处理管理中，有两个模块⽤于⽀持托管代码集成（A couple of modules in IIS support managed integration in the IIS request-processing pipeline.）。

Module Name Description Resource
ManagedEngine Provides integration of managed code
modules in the IIS request-processing
pipeline.
\Framework\v2.0.50727\webengine.dll
ConfigurationValidationModule Validates configuration issues, such as
when an application is running in Integrated
mode but has handlers or modules
declared in the system.web section.
Inetsrv\validcfg.dll
⼆、托管模块（Managed Modules）
除本地模块之外，IIS允许你使⽤托管代码模块来扩展IIS的功能。

⼀些托管模块会对应⼀个本地模块（⽐如：UrlAuthorization）。

这个本地模块是可供替代的选择。

托管模块依赖于ManagedEngine模块
Module Name Description Resource
AnonymousIdentification Manages anonymous identifiers, which are used
by features that support anonymous
identification such as profile.
System.Web.Security.AnonymousIdentificationModule
DefaultAuthentication Ensures that an authentication object is present
in the context.
System.Web.Security.DefaultAuthenticationModule
FileAuthorization Verifies that a user has permission to access the
requested file.
System.Web.Security.FileAuthorizationModule
FormsAuthentication Supports authentication by using Forms
authentication.
System.Web.Security.FormsAuthenticationModule
OutputCache
Supports output caching.System.Web.Caching.OutputCacheModule
Profile Manages user profiles by using
profile, which stores and retrieves user settings
in a data source such as a database.
System.Web.Profile.ProfileModule
RoleManager Manages a RolePrincipal instance for the
current user.
System.Web.Security.RoleManagerModule
Session Supports maintaining session state, which
enables storage of data specific to a single client
within an application on the server.
System.Web.SessionState.SessionStateModule
UrlAuthorization Determines whether the current user is permitted
access to the requested URL, based on the user
name or the list of roles of which a user is a
member.
System.Web.Security.UrlAuthorizationModule
UrlMappingsModule Supports mapping a real URL to a more user-
friendly URL.
System.Web.UrlMappingsModule
WindowsAuthentication Sets the identity of the user for an
application when Windows authentication is
enabled.
System.Web.Security.WindowsAuthenticationModule。