IIS performance tuning
Custom Error Pages
Although this is quite simple to do, few people seem to take advantage of error page customization. Just select the “Custom Errors” tab in MMC and map each error, such as 404, to the appropriate HTML or ASP template.If you want an even easier solution — or if you want to let developers handle the mapping without giving them access to the MMC — use a product like CustomError.
Take a look at the MetaBase
If you think Apache is powerful because it has a config file, then take a look at the MetaBase. You can do just about anything you want with IIS by editing the MetaBase. For example, you can create virtual directories and servers; stop, start and pause Websites; and create, delete, enable and disable applications.
Add Spell Checking to Your URLs
Among the coolest of these is the ability to fix URL typos using a module called mod_speling.Well, thanks to Port80 Software, it now appears that IIS admins can do this trick too, using an ISAPI filter called URLSpellCheck. You can check it out right on their site, by trying URLs like www.urlspellcheck.com/fak.htm, www.urlspellcheck.com/faq1.htm — or any other simple typo you care to make.
Cleaning your URLs has all sorts of benefits — it can improve the security of your site, ease migration woes, and provide an extra layer of abstraction to your Web applications. Moving from ColdFusion to an ASP-based site, for example, is no big deal if you can remap the URLs.There are now literally a dozen versions of this type of product for IIS — many of them quite a bit easier to use than mod_rewrite, which tends to presume familiarity with regular _expression arcana. Check out, for example, IIS ReWrite or ISAPI ReWrite. So brag no more, Apache partisans!
Make your site cache-friendly, You can set expiration headers for different files or directories right from the MMC. Just right click on an item via the IIS MMC, flip to the “HTTP Headers” tab, and away you go. If you want to set cache control headers programmatically — or even better, let your site developers do it — use something like CacheRight. If you want to go further and add reverse proxy caching, particularly for generated content, use a product like XCache — which also throws in compression.
Take a look at XTune. Its performance-tuning wizards step you through the process of tuning your IIS environment, and make expert recommendations along the way.
Secure Your Server
First off, don’t advertise the fact that you run IIS by showing your HTTP server header. Remove or replace it. You can go further than this by removing unnecessary file extensions to more effectively camouflage your server environment, and scanning request URLs for signs of exploits.
The IIS world do have to patch our systems and make hotfixes. You really need to keep up with the patches. Microsoft is of course the definitive source, but if you can also use the highly-regarded www.cert.org. Simply search on “IIS”.