Nano 伺服器上的 IISIIS on Nano Server

適用於︰Windows Server 2016Applies To: Windows Server 2016

重要

從 Windows Server 版本 1709 開始,Nano Server 僅以容器基礎 OS 映像的形式來提供。Starting in Windows Server, version 1709, Nano Server will be available only as a container base OS image. 請查看 Nano Server 的變更以了解這代表的意義。Check out Changes to Nano Server to learn what this means.

您可以使用 -Package 參數搭配 Microsoft-NanoServer-IIS-Package,在 Nano Server 上安裝 Internet Information Services (IIS) 伺服器角色。You can install the Internet Information Services (IIS) server role on Nano Server by using the -Package parameter with Microsoft-NanoServer-IIS-Package. 如需設定 Nano Server (包括安裝套件) 的資訊,請參閱安裝 Nano ServerFor information about configuring Nano Server, including installing packages, see Install Nano Server.

在此版本的 Nano Server 中,可以使用下列 IIS 功能:In this release of Nano Server, the following IIS features are available:

功能Feature 預設已啟用Enabled by default
一般 HTTP 功能Common HTTP Features
預設文件Default document xx
瀏覽目錄Directory browsing xx
HTTP 錯誤HTTP Errors xx
靜態內容Static content xx
HTTP 重新導向HTTP redirection
狀況及診斷Health and Diagnostics
HTTP 記錄HTTP logging xx
自訂記錄Custom logging
要求監視器Request monitor
追蹤Tracing
效能Performance
靜態內容壓縮Static content compression xx
動態內容壓縮Dynamic content compression
安全性Security
要求篩選Request filtering xx
基本驗證Basic authentication
用戶端憑證對應驗證Client certificate mapping authentication
摘要式驗證Digest authentication
IIS 用戶端憑證對應驗證IIS client certificate mapping authentication
IP 及網域限制IP and domain restrictions
URL 授權URL authorization
Windows 驗證Windows authentication
應用程式開發Application Development
應用程式初始化Application initialization
CGICGI
ISAPI 擴充程式ISAPI extensions
ISAPI 篩選器ISAPI filters
伺服器端包含Server-side includes
WebSocket 通訊協定WebSocket protocol
管理工具Management Tools
適用於 Windows PowerShell 的 IIS 系統管理模組IISAdministration module for Windows PowerShell xx

http://iis.net/learn 已發行其他 IIS 設定 (例如使用 ASP.NET、PHP 和 Java) 的系列文章,以及其他相關內容。A series of articles on other configurations of IIS (such as using ASP.NET, PHP, and Java), as well as other related content is published at http://iis.net/learn.

在 Nano Server 上安裝 IISInstalling IIS on Nano Server

您可以離線 (Nano Server 已關閉時) 或線上 (Nano Server 正在執行時) 安裝此伺服器角色;離線安裝是建議選項。You can install this server role either offline (with the Nano Server off) or online (with the Nano Server running); offline installation is the recommended option.

若要離線安裝,請使用 New-NanoServerImage 的 -Packages 參數新增套件,如下列範例所示:For offline installation, add the package with the -Packages parameter of New-NanoServerImage, as in this example:

New-NanoServerImage -Edition Standard -DeploymentType Guest -MediaPath f:\ -BasePath .\Base -TargetPath .\Nano1.vhd -ComputerName Nano1 -Package Microsoft-NanoServer-IIS-Package

如果您有現成的 VHD 檔案,您可以使用 DISM.exe 離線安裝 IIS,方法是掛接 VHD,然後使用 Add-Package 選項。If you have an existing VHD file, you can install IIS offline with DISM.exe by mounting the VHD, and then using the Add-Package option.
下列範例步驟假設您正從 BasePath 選項所指定的目錄執行,此目錄是在執行 New-NanoServerImage 之後所建立。The following example steps assume that you are running from the directory specified by BasePath option, which was created after running New-NanoServerImage.

  1. mkdir mountdirmkdir mountdir
  2. .\Tools\dism.exe /Mount-Image /ImageFile:.\NanoServer.vhd /Index:1 /MountDir:.\mountdir.\Tools\dism.exe /Mount-Image /ImageFile:.\NanoServer.vhd /Index:1 /MountDir:.\mountdir
  3. .\Tools\dism.exe /Add-Package /PackagePath:.\packages\Microsoft-NanoServer-IIS-Package.cab /Image:.\mountdir.\Tools\dism.exe /Add-Package /PackagePath:.\packages\Microsoft-NanoServer-IIS-Package.cab /Image:.\mountdir
  4. .\Tools\dism.exe /Add-Package /PackagePath:.\packages\en-us\Microsoft-NanoServer-IIS-Package_en-us.cab /Image:.\mountdir.\Tools\dism.exe /Add-Package /PackagePath:.\packages\en-us\Microsoft-NanoServer-IIS-Package_en-us.cab /Image:.\mountdir
  5. .\Tools\dism.exe /Unmount-Image /MountDir:.\MountDir /Commit.\Tools\dism.exe /Unmount-Image /MountDir:.\MountDir /Commit

注意

請注意,步驟 4 會新增語言套件 - 此範例會安裝 EN-US。Note that Step 4 adds the language pack--this example installs EN-US.

此時您可以使用 IIS 來啟動 Nano Server。At this point you can start Nano Server with IIS.

在 Nano Server 上線上安裝 IISInstalling IIS on Nano Server online

雖然建議離線安裝伺服器角色,但在容器案例中,您可能需要在線上 (Nano Server 正在執行時) 進行安裝。Though offline installation of the server role is recommended, you might need to install it online (with the Nano Server running) in container scenarios. 若要這樣做,請執行下列步驟:To do this, follow these steps:

  1. 將 Packages 資料夾從安裝媒體複製到執行中的本機 Nano Server (例如複製到 C:\packages)。Copy the Packages folder from the installation media locally to the running Nano Server (for example, to C:\packages).

  2. 在另一部電腦上建立新的 Unattend.xml 檔案,然後將它複製到 Nano Server。Create a new Unattend.xml file on another computer and then copy it to the Nano Server. 您可以將此 XML 內容複製並貼到您建立的 XML 檔案:You can copy and paste this XML content into the XML file you created:


    <unattend xmlns="urn:schemas-microsoft-com:unattend">  
    <servicing>  
        <package action="install">  
            <assemblyIdentity name="Microsoft-NanoServer-IIS-Package" version="10.0.14393.0" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" />  
            <source location="c:\packages\Microsoft-NanoServer-IIS-Package.cab" />  
        </package>  
        <package action="install">  
            <assemblyIdentity name="Microsoft-NanoServer-IIS-Package" version="10.0.14393.0" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="en-US" />  
            <source location="c:\packages\en-us\Microsoft-NanoServer-IIS-Package_en-us.cab" />  
        </package>  
    </servicing>  
    <cpi:offlineImage cpi:source="" xmlns:cpi="urn:schemas-microsoft-com:cpi" />  
</unattend>  
  1. 在您建立 (或複製) 的新 XML 檔案中,將 C:\packages 修改為您複製套件內容的目的地目錄。In the new XML file you created (or copied), edit C:\packages to the directory you copied the content of Packages to.

  2. 切換至具有新建立之 XML 檔案的目錄,然後執行Switch to the directory with the newly created XML file and run

    dism /online /apply-unattend:.\unattend.xmldism /online /apply-unattend:.\unattend.xml

  3. 執行下列命令,確認已正確安裝 IIS 套件及其關聯的語言套件:Confirm that the IIS package and its associated language pack is installed correctly by running:

    dism /online /get-packagesdism /online /get-packages

    您應該會看到 "Package Identity : Microsoft-NanoServer-IIS-Package~31bf3856ad364e35~amd6410.0.14393.1000" 列出兩次,一次針對 Release Type : Language Pack,另一次針對 Release Type : Feature Pack。You should see "Package Identity : Microsoft-NanoServer-IIS-Package~31bf3856ad364e35~amd6410.0.14393.1000" listed twice, once for Release Type : Language Pack and once for Release Type : Feature Pack.

  4. 使用 net start w3svc 或藉由重新啟動 Nano Server 來啟動 W3SVC 服務。Start the W3SVC service either with net start w3svc or by restarting the Nano Server.

啟動 IISStarting IIS

安裝並執行 IIS 之後,即準備好處理 Web 要求。Once IIS is installed and running, it is ready to serve web requests. 瀏覽位於 http://<Nano Server 的 IP 位址> 的預設 IIS 網頁,以確認 IIS 是否正在執行。Verify that IIS is running by browsing the default IIS web page at http://<IP address of Nano Server>. 在實體電腦上,您可以使用修復主控台來判斷 IP 位址。On a physical computer, you can determine the IP address by using the Recovery Console. 在虛擬機器上,您可以使用 Windows PowerShell 命令提示字元並執行下列命令來取得 IP 位址:On a virtual machine, you can get the IP address by using a Windows PowerShell prompt and running:

Get-VM -name <VM name> | Select -ExpandProperty networkadapters | select IPAddresses

如果您無法存取預設 IIS 網頁,請找到 Nano Server 上的 c:\inetpub 目錄以再次檢查 IIS 安裝。If you are not able to access the default IIS web page, double-check the IIS installation by looking for the c:\inetpub directory on the Nano Server.

啟用和停用 IIS 功能Enabling and disabling IIS features

當您安裝 IIS 角色時,預設會啟用一些 IIS 功能 (請參閱本主題之<Nano Server 上的 IIS 概觀>中的表格)。A number of IIS features are enabled by default when you install the IIS role (see the table in the "Overview of IIS on Nano Server" section of this topic). 您可以使用 DISM.exe 啟用 (或停用) 其他功能You can enable (or disable) additional features using DISM.exe

IIS 的每項功能會以一組設定元素的形式來提供。Each feature of IIS exists as a set of configuration elements. 例如,Windows 驗證功能包含下列元素:For example, the Windows authentication feature comprises these elements:

區段Section 設定元素Configuration elements
<globalModules> <add name="WindowsAuthenticationModule" image="%windir%\System32\inetsrv\authsspi.dll
<modules> <add name="WindowsAuthenticationModule" lockItem="true" \/>
<windowsAuthentication> <windowsAuthentication enabled="false" authPersistNonNTLM\="true"><providers><add value="Negotiate" /><add value="NTLM" /><br /></providers><br /></windowsAuthentication>

完整的 IIS 子功能集包含在本主題的<附錄 1>中,而其對應的設定元素則包含在本主題的<附錄 2>中。The full set of IIS sub-features are included in Appendix 1 of this topic and their corresponding configuration elements is included in Appendix 2 of this topic.

範例︰安裝 Windows 驗證Example: installing Windows authentication

  1. 在 Nano Server 上開啟 Windows PowerShell 遠端工作階段主控台。Open a Windows PowerShell remote session console on the Nano Server.

  2. 使用 DISM.exe 安裝 Windows 驗證模組:Use DISM.exe to install the Windows authentication module:

    dism /Enable-Feature /online /featurename:IIS-WindowsAuthentication /all
    

    /all 參數將會安裝所選功能相依的任何功能。The /all switch will install any feature that the chosen feature depends on.

範例︰解除安裝 Windows 驗證Example: uninstalling Windows authentication

  1. 在 Nano Server 上開啟 Windows PowerShell 遠端工作階段主控台。Open a Windows PowerShell remote session console on the Nano Server.

  2. 使用 DISM.exe 解除安裝 Windows 驗證模組:Use DISM.exe to uninstall the Windows authentication module:

    dism /Disable-Feature /online /featurename:IIS-WindowsAuthentication
    

其他常見的 IIS 設定工作Other common IIS configuration tasks

建立網站Creating websites

使用下列 Cmdlet:Use this cmdlet:

PS D:\> New-IISSite -Name TestSite -BindingInformation "*:80:TestSite" -PhysicalPath c:\test

您接著可以執行 Get-IISSite 來確認網站的狀態 (傳回網站名稱、識別碼、狀態、實體路徑和繫結)。You can then run Get-IISSite to verify the state of the site (returns the web site name, ID, state, physical path, and bindings).

刪除網站Deleting web sites

執行 Remove-IISSite -Name TestSite -Confirm:$falseRun Remove-IISSite -Name TestSite -Confirm:$false.

建立虛擬目錄Creating virtual directories

您可以使用 Get-IISServerManager 傳回的 IISServerManager 物件來建立虛擬目錄,這會公開 .NET Microsoft.Web.Administration.ServerManager API。You can create virtual directories by using the IISServerManager object returned by Get-IISServerManager, which exposes the .NET Microsoft.Web.Administration.ServerManager API. 在此範例中,這些命令會存取 Sites 集合的 "Default Web Site" 元素及 Applications 區段的根應用程式元素 ("/")。In this example, these commands access the "Default Web Site" element of the Sites collection and the root application element ("/") of the Applications section. 接著會呼叫該應用程式元素之 VirtualDirectories 集合的 Add() 方法,來建立新的目錄:They then call the Add() method of the VirtualDirectories collection for that application element to create the new directory:

PS C:\> $sm = Get-IISServerManager  
PS C:\> $sm.Sites["Default Web Site"].Applications["/"].VirtualDirectories.Add("/DemoVirtualDir1", "c:\test\virtualDirectory1")  
PS C:\> $sm.Sites["Default Web Site"].Applications["/"].VirtualDirectories.Add("/DemoVirtualDir2", "c:\test\virtualDirectory2")  
PS C:\> $sm.CommitChanges()  

建立應用程式集區Creating application pools

同樣地,您可以使用 Get-IISServerManager 建立應用程式集區:Similarly you can use Get-IISServerManager to create application pools:

PS C:\> $sm = Get-IISServerManager  
PS C:\> $sm.ApplicationPools.Add("DemoAppPool")  

設定 HTTPS 和憑證Configuring HTTPS and certificates

您可以如下列範例所示使用 Certoc.exe 公用程式來匯入憑證,此範例示範如何在 Nano Server 上設定網站的 HTTPS:Use the Certoc.exe utility to import certificates, as in this example, which shows configuring HTTPS for a website on a Nano Server:

  1. 在另一部未執行 Nano Server 的電腦上,建立憑證 (使用您自己的憑證名稱和密碼),然後將它匯出至 c:\temp\test.pfx。On another computer that is not running Nano Server, create a certificate (using your own certificate name and password), and then export it to c:\temp\test.pfx.

    $newCert = New-SelfSignedCertificate -DnsName "www.foo.bar.com" -CertStoreLocation cert:\LocalMachine\my

    $mypwd = ConvertTo-SecureString -String "YOUR_PFX_PASSWD" -Force -AsPlainText

    Export-PfxCertificate -FilePath c:\temp\test.pfx -Cert $newCert -Password $mypwd

  2. 將 test.pfx 檔案複製到 Nano Server 電腦。Copy the test.pfx file to the Nano Server computer.

  3. 在 Nano Server 上,使用下列命令,將憑證匯入「我的」存放區:On the Nano Server, import the certificate to the "My" store with this command:

    certoc.exe -ImportPFX -p YOUR_PFX_PASSWD My c:\temp\test.pfxcertoc.exe -ImportPFX -p YOUR_PFX_PASSWD My c:\temp\test.pfx

  4. 使用 Get-ChildItem Cert:\LocalMachine\my 擷取此新憑證的指紋 (在此範例中為 61E71251294B2A7BB8259C2AC5CF7BA622777E73)。Retrieve the thumbprint of this new certificate (in this example, 61E71251294B2A7BB8259C2AC5CF7BA622777E73) with Get-ChildItem Cert:\LocalMachine\my.

  5. 使用下列 Windows PowerShell 命令,將 HTTPS 繫結新增至預設網站 (或您要新增繫結的任何網站):Add the HTTPS binding to the Default Web Site (or whatever website you want to add the binding to) by using these Windows PowerShell commands:

    $certificate = get-item Cert:\LocalMachine\my\61E71251294B2A7BB8259C2AC5CF7BA622777E73  
    # Use your actual thumbprint instead of this example  
    $hash = $certificate.GetCertHash()  
    
    Import-Module IISAdministration  
    $sm = Get-IISServerManager  
    $sm.Sites["Default Web Site"].Bindings.Add("*:443:", $hash, "My", "0")    # My is the certificate store name  
    $sm.CommitChanges()  
    

    您也可以使用伺服器名稱指示 (SNI) 與特定的主機名稱,並搭配下列語法:You could also use Server Name Indication (SNI) with a specific host name with this syntax: $sm.Sites["Default Web Site"].Bindings.Add("*:443:www.foo.bar.com", $hash, "My", "Sni".

附錄 1:IIS 子功能清單Appendix 1: List of IIS sub-features

  • IIS-WebServerIIS-WebServer
  • IIS-CommonHttpFeaturesIIS-CommonHttpFeatures
  • IIS-StaticContentIIS-StaticContent
  • IIS-DefaultDocumentIIS-DefaultDocument
  • IIS-DirectoryBrowsingIIS-DirectoryBrowsing
  • IIS-HttpErrorsIIS-HttpErrors
  • IIS-HttpRedirectIIS-HttpRedirect
  • IIS-ApplicationDevelopmentIIS-ApplicationDevelopment
  • IIS-CGIIIS-CGI
  • IIS-ISAPIExtensionsIIS-ISAPIExtensions
  • IIS-ISAPIFilterIIS-ISAPIFilter
  • IIS-ServerSideIncludesIIS-ServerSideIncludes
  • IIS-WebSocketsIIS-WebSockets
  • IIS-ApplicationInitIIS-ApplicationInit
  • IIS-SecurityIIS-Security
  • IIS-BasicAuthenticationIIS-BasicAuthentication
  • IIS-WindowsAuthenticationIIS-WindowsAuthentication
  • IIS-DigestAuthenticationIIS-DigestAuthentication
  • IIS-ClientCertificateMappingAuthenticationIIS-ClientCertificateMappingAuthentication
  • IIS-IISCertificateMappingAuthenticationIIS-IISCertificateMappingAuthentication
  • IIS-URLAuthorizationIIS-URLAuthorization
  • IIS-RequestFilteringIIS-RequestFiltering
  • IIS-IPSecurityIIS-IPSecurity
  • IIS-CertProviderIIS-CertProvider
  • IIS-PerformanceIIS-Performance
  • IIS-HttpCompressionStaticIIS-HttpCompressionStatic
  • IIS-HttpCompressionDynamicIIS-HttpCompressionDynamic
  • IIS-HealthAndDiagnosticsIIS-HealthAndDiagnostics
  • IIS-HttpLoggingIIS-HttpLogging
  • IIS-LoggingLibrariesIIS-LoggingLibraries
  • IIS-RequestMonitorIIS-RequestMonitor
  • IIS-HttpTracingIIS-HttpTracing
  • IIS-CustomLoggingIIS-CustomLogging

附錄 2:HTTP 功能的元素Appendix 2: Elements of HTTP features

IIS 的每項功能會以一組設定元素的形式來提供。Each feature of IIS exists as a set of configuration elements. 本附錄列出此版 Nano Server 中所有功能的設定元素This appendix lists the configuration elements for all of the features in this release of Nano Server

一般 HTTP 功能Common HTTP features

預設文件Default document

區段Section 設定元素Configuration elements
<globalModules> <add name="DefaultDocumentModule" image="%windir%\System32\inetsrv\defdoc.dll" />
<modules> <add name="DefaultDocumentModule" lockItem="true" />
<handlers> <add name="StaticFile" path="*" verb="*" modules="DefaultDocumentModule" resourceType="EiSecther" requireAccess="Read" />
<defaultDocument> <defaultDocument enabled="true"><br /><files><br /> <add value="Default.htm" /><br /> <add value="Default.asp" /><br /> <add value="index.htm" /><br /> <add value="index.html" /><br /> <add value="iisstart.htm" /><br /> </files><br /></defaultDocument>

StaticFile <handlers> 項目可能已經存在;如果是的話,只要將 "DefaultDocumentModule" 新增至 <modules> 屬性並以逗號分隔即可。The StaticFile <handlers> entry might already be present; if so, just add "DefaultDocumentModule" to the <modules> attribute, separated by a comma.

瀏覽目錄Directory browsing

區段Section 設定元素Configuration elements
<globalModules> <add name="DirectoryListingModule" image="%windir%\System32\inetsrv\dirlist.dll" />
<modules> <add name="DirectoryListingModule" lockItem="true" />
<handlers> <add name="StaticFile" path="*" verb="*" modules="DirectoryListingModule" resourceType="Either" requireAccess="Read" />

StaticFile <handlers> 項目可能已經存在;如果是的話,只要將 "DirectoryListingModule" 新增至 <modules> 屬性並以逗號分隔即可。The StaticFile <handlers> entry might already be present; if so, just add "DirectoryListingModule" to the <modules> attribute, separated by a comma.

HTTP 錯誤HTTP errors

區段Section 設定元素Configuration elements
<globalModules> <add name="CustomErrorModule" image="%windir%\System32\inetsrv\custerr.dll" />
<modules> <add name="CustomErrorModule" lockItem="true" />
<httpErrors> <httpErrors lockAttributes="allowAbsolutePathsWhenDelegated,defaultPath"><br /> <error statusCode="401" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="401.htm" ><br /> <error statusCode="403" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="403.htm" /><br /> <error statusCode="404" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="404.htm" /><br /> <error statusCode="405" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="405.htm" /><br /> <error statusCode="406" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="406.htm" /><br /> <error statusCode="412" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="412.htm" /><br /> <error statusCode="500" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="500.htm" /><br /> <error statusCode="501" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="501.htm" /><br /> <error statusCode="502" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="502.htm" /><br /></httpErrors>

靜態內容Static content

區段Section 設定元素Configuration elements
<globalModules> <add name="StaticFileModule" image="%windir%\System32\inetsrv\static.dll" />
<modules> <add name="StaticFileModule" lockItem="true" />
<handlers> <add name="StaticFile" path="*" verb="*" modules="StaticFileModule" resourceType="Either" requireAccess="Read" />

StaticFile \<handlers> 項目可能已經存在;如果是的話,只要將 "StaticFileModule" 新增至 <modules> 屬性並以逗號分隔即可。The StaticFile \<handlers> entry might already be present; if so, just add "StaticFileModule" to the <modules> attribute, separated by a comma.

HTTP 重新導向HTTP redirection

區段Section 設定元素Configuration elements
<globalModules> <add name="HttpRedirectionModule" image="%windir%\System32\inetsrv\redirect.dll" />
<modules> <add name="HttpRedirectionModule" lockItem="true" />
<httpRedirect> <httpRedirect enabled="false" />

狀況及診斷Health and diagnostics

HTTP 記錄HTTP logging

區段Section 設定元素Configuration elements
<globalModules> <add name="HttpLoggingModule" image="%windir%\System32\inetsrv\loghttp.dll" />
<modules> <add name="HttpLoggingModule" lockItem="true" />
<httpLogging> <httpLogging dontLog="false" />

自訂記錄Custom logging

區段Section 設定元素Configuration elements
<globalModules> <add name="CustomLoggingModule" image="%windir%\System32\inetsrv\logcust.dll" />
<modules> <add name="CustomLoggingModule" lockItem="true" />

要求監視器Request monitor

區段Section 設定元素Configuration elements
<globalModules> <add name="RequestMonitorModule" image="%windir%\System32\inetsrv\iisreqs.dll" />

追蹤Tracing

區段Section 設定元素Configuration elements
<globalModules> <add name="TracingModule" image="%windir%\System32\inetsrv\iisetw.dll" \/><br /><add name="FailedRequestsTracingModule" image="%windir%\System32\inetsrv\iisfreb.dll" />
<modules> <add name="FailedRequestsTracingModule" lockItem="true" />
<traceProviderDefinitions> <traceProviderDefinitions><br /> <add name="WWW Server" guid\="{3a2a4e84-4c21-4981-ae10-3fda0d9b0f83}"><br /> <areas><br /> <clear /><br /> <add name="Authentication" value="2" /><br /> <add name="Security" value="4" /><br /> <add name="Filter" value="8" /><br /> <add name="StaticFile" value="16" /><br /> <add name="CGI" value="32" /><br /> <add name="Compression" value="64" /><br /> <add name="Cache" value="128" /><br /> <add name="RequestNotifications" value="256" /><br /> <add name="Module" value="512" /><br /> <add name="FastCGI" value="4096" /><br /> <add name="WebSocket" value="16384" /><br /> </areas><br /> </add><br /> <add name="ISAPI Extension" guid="{a1c2040e-8840-4c31-ba11-9871031a19ea}"><br /> <areas><br /> <clear /><br /> </areas><br /> </add><br /></traceProviderDefinitions>

效能Performance

靜態內容壓縮Static content compression

區段Section 設定元素Configuration elements
<globalModules> <add name="StaticCompressionModule" image="%windir%\System32\inetsrv\compstat.dll" />
<modules> <add name="StaticCompressionModule" lockItem="true" />
<httpCompression> <httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files"><br /> <scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" /><br /> <staticTypes><br /> <add mimeType="text/*" enabled="true" /><br /> <add mimeType="message/*" enabled="true" /><br /> <add mimeType="application/javascript" enabled="true" \/><br /> <add mimeType="application/atom+xml" enabled="true" /><br /> <add mimeType="application/xaml+xml" enabled="true" /><br /> <add mimeType="\*\*" enabled="false" /><br /> </staticTypes><br /></httpCompression>

動態內容壓縮Dynamic content compression

區段Section 設定元素Configuration elements
<globalModules> <add name="DynamicCompressionModule" image="%windir%\System32\inetsrv\compdyn.dll" />
<modules> <add name="DynamicCompressionModule" lockItem="true" />
<httpCompression> <httpCompression directory\="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files"><br /> <scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" \/><br /> \<dynamicTypes><br /> <add mimeType="text/*" enabled="true" \/><br /> <add mimeType="message/*" enabled="true" /><br /> <add mimeType="application/x-javascript" enabled="true" /><br /> <add mimeType="application/javascript" enabled="true" /><br /> <add mimeType="*/*" enabled="false" /><br /> <\/dynamicTypes><br /></httpCompression>

安全性Security

要求篩選Request filtering

區段Section 設定元素Configuration elements
<globalModules> <add name="RequestFilteringModule" image="%windir%\System32\inetsrv\modrqflt.dll" />
<modules> <add name="RequestFilteringModule" lockItem="true" />
` <requestFiltering><br /> <fileExtensions allowUnlisted="true" applyToWebDAV="true" /><br /> <verbs allowUnlisted="true" applyToWebDAV="true" /><br /> <hiddenSegments applyToWebDAV="true"><br /> <add segment="web.config" /><br /> </hiddenSegments><br /></requestFiltering>

基本驗證Basic authentication

區段Section 設定元素Configuration elements
<globalModules> <add name="BasicAuthenticationModule" image="%windir%\System32\inetsrv\authbas.dll" />
<modules> <add name="WindowsAuthenticationModule" lockItem="true" />
<basicAuthentication> <basicAuthentication enabled="false" />

用戶端憑證對應驗證Client certificate mapping authentication

區段Section 設定元素Configuration elements
<globalModules> <add name="CertificateMappingAuthentication" image="%windir%\System32\inetsrv\authcert.dll" />
<modules> <add name="CertificateMappingAuthenticationModule" lockItem="true" />
<clientCertificateMappingAuthentication> <clientCertificateMappingAuthentication enabled="false" />

摘要式驗證Digest authentication

區段Section 設定元素Configuration elements
<globalModules> <add name="DigestAuthenticationModule" image="%windir%\System32\inetsrv\authmd5.dll" />
<modules> <add name="DigestAuthenticationModule" lockItem="true" />
<other> <digestAuthentication enabled="false" />

IIS 用戶端憑證對應驗證IIS client certificate mapping authentication

區段Section 設定元素Configuration elements
<globalModules> <add name="CertificateMappingAuthenticationModule" image="%windir%\System32\inetsrv\authcert.dll" />
<modules> <add name="CertificateMappingAuthenticationModule" lockItem="true"/>`
<clientCertificateMappingAuthentication> <clientCertificateMappingAuthentication enabled="false" />

IP 及網域限制IP and domain restrictions

區段Section 設定元素Configuration elements
<globalModules> <add name="IpRestrictionModule" image="%windir%\System32\inetsrv\iprestr.dll" /><br /><add name="DynamicIpRestrictionModule" image="%windir%\System32\inetsrv\diprestr.dll" />
<modules> <add name="IpRestrictionModule" lockItem="true" \/><br /><add name="DynamicIpRestrictionModule" lockItem="true" \/>
<ipSecurity> <ipSecurity allowUnlisted="true" />

URL 授權URL authorization

區段Section 設定元素Configuration elements
<globalModules> <add name="UrlAuthorizationModule" image="%windir%\System32\inetsrv\urlauthz.dll" />
<modules> <add name="UrlAuthorizationModule" lockItem="true" />
<authorization> <authorization><br /> <add accessType="Allow" users="*" /><br /></authorization>

Windows 驗證Windows authentication

區段Section 設定元素Configuration elements
<globalModules> <add name="WindowsAuthenticationModule" image="%windir%\System32\inetsrv\authsspi.dll" />
<modules> <add name="WindowsAuthenticationModule" lockItem="true" />
<windowsAuthentication> <windowsAuthentication enabled="false" authPersistNonNTLM\="true"><br /> <providers><br /> <add value="Negotiate" /><br /> <add value="NTLM" /><br /> <\providers><br /><\windowsAuthentication><windowsAuthentication enabled="false" authPersistNonNTLM\="true"><br /> <providers><br /> <add value="Negotiate" /><br /> <add value="NTLM" /><br /> <\/providers><br /><\/windowsAuthentication>

應用程式開發Application development

應用程式初始化Application initialization

區段Section 設定元素Configuration elements
<globalModules> <add name="ApplicationInitializationModule" image="%windir%\System32\inetsrv\warmup.dll" />
<modules> <add name="ApplicationInitializationModule" lockItem="true" />

CGICGI

區段Section 設定元素Configuration elements
<globalModules> <add name="CgiModule" image="%windir%\System32\inetsrv\cgi.dll" /><br /><add name="FastCgiModule" image="%windir%\System32\inetsrv\iisfcgi.dll" />
<modules> <add name="CgiModule" lockItem="true" /><br /><add name="FastCgiModule" lockItem="true" />
<handlers> <add name="CGI-exe" path="*.exe" verb="\*" modules="CgiModule" resourceType="File" requireAccess="Execute" allowPathInfo="true" />

ISAPI 擴充程式ISAPI extensions

區段Section 設定元素Configuration elements
<globalModules> <add name="IsapiModule" image="%windir%\System32\inetsrv\isapi.dll" />
<modules> <add name="IsapiModule" lockItem="true" />
<handlers> <add name="ISAPI-dll" path="*.dll" verb="*" modules="IsapiModule" resourceType="File" requireAccess="Execute" allowPathInfo="true" />

ISAPI 篩選器ISAPI filters

區段Section 設定元素Configuration elements
<globalModules> <add name="IsapiFilterModule" image="%windir%\System32\inetsrv\filter.dll" />
<modules> <add name="IsapiFilterModule" lockItem="true" />

伺服器端包含Server-side includes

區段Section 設定元素Configuration elements
<globalModules> <add name="ServerSideIncludeModule" image="%windir%\System32\inetsrv\iis_ssi.dll" />
<modules> <add name="ServerSideIncludeModule" lockItem="true" />
<handlers> <add name="SSINC-stm" path="*.stm" verb="GET,HEAD,POST" modules="ServerSideIncludeModule" resourceType="File" \/><br /><add name="SSINC-shtm" path="*.shtm" verb="GET,HEAD,POST" modules="ServerSideIncludeModule" resourceType="File" /><br /><add name="SSINC-shtml" path="*.shtml" verb="GET,HEAD,POST" modules="ServerSideIncludeModule" resourceType="File" />
<serverSideInclude> <serverSideInclude ssiExecDisable="false" />

WebSocket 通訊協定WebSocket protocol

區段Section 設定元素Configuration elements
<globalModules> <add name="WebSocketModule" image="%windir%\System32\inetsrv\iiswsock.dll" />
<modules> <add name="WebSocketModule" lockItem="true" />