Last Updated: 08/25/2019
Both Apache and Microsoft IIS (Internet Information Services) have great abilities to host many kinds of websites for many kinds of people and businesses. If you are looking into starting your own web-server, you probably came across the old IIS vs Apache war.
True…Apache does have the most compatibility with websites mainly with .htaccess files and with older web applications, but IIS is a really powerful, capable web-server as well (supports the ASP.Net framework, a powerful web application framework).
Over the years, IIS has gained much attention from the web hosting crowd in supporting web applications (e.g. WordPress). Also, PHP still supports Windows (as they have for years already).
Both IIS and Apache can be installed and used instantly, out of the box, with hosting HTML files. However, both need to be configured to make use of other technologies (such as PHP or Perl).
IIS also sandboxes people’s websites from each other, and allows for separate security permissions via Access Control Lists that are in the NTFS file-system as well as the rest of the Windows operating system.
Here are my opinions on which web-server software performs the best in certain areas.
|Easy Website Sand-boxing (websites, hosted on the web-server, protected from each other)||IIS|
|Quick and Easy Initial Setup||IIS & Apache (tie)|
|Easier to Manage||IIS|
(because of its powerful GUI interface)
|Most Compatible with Websites (excluding ASP and ASP.Net websites)||Apache|
|Amount of Available Internet Support||Apache|
|Best PHP Performer (assuming that you use FastCGI)||IIS & Apache (tie)|
|Lighter on your System Resources||IIS|
|Native ASP and ASP.Net Support||IIS|
(there is .NET Core for Linux, but it is not 1:1 with the full .NET Framework)
|Immune to the Slowloris attack||IIS|
(Apache can be configured to be resistant to the Slowloris attack, but without a rewrite, will not be able to be immune to this type of attack)
- FastCGI allows servers to serve PHP enabled websites faster by keeping the PHP process or processes on, instead of turning them off when not in use, since creating a process and then terminating a process is resource intensive when a server has many requests to deal with.
- There is Mono for Apache, but that does not count, since Mono is emulating ASP.Net, it’s not actually an authentic ASP.Net framework.
- The Slowloris attack is a type of Denial-of-Service that causes a website to be temperately taken offline when using an affected web server (e.g. Apache).
- The attack uses up all of the connection slots on the web server, so legitimate web traffic cannot get through. Unfortunately Apache can never be immune to this attack without a rewrite of its code.
- For what it’s worth, the NGINX web server can also be affected by this attack. I tried it myself on a virtual machine, and was able to temporarily take down a test website running on NGINX using Slowloris.
Now am I saying that Apache and NGINX are not any good? No, not at all. In fact, I am using all three web servers (IIS, Apache, and NGINX) for my work / projects.
I personally view web servers – and any other server software – as tools. Just as a mechanic has different tools for his work, so does a server administrator have different tools at his disposal. If you feel Apache gets the job done, use Apache. If IIS gets the job done, use IIS.
Posted in Internet and Servers, Software