# My web server project



## fitter_happier (Feb 16, 2009)

Hi there. I really need a point in the right direction here as I have been procrasonating on this for a while due to not knowing what to do. For my honours dissertation I am comparing web servers "Apache" and "IIS" mesuring performance and security. There are also other objectives such as finding trends in the global market for the more dominant web server for different types of websites (I.E., I've found that Apache is used a lot more in the Finacial sector for secure bank related sites) However, I really need to start working on my main objective. I cannot compare these 2 web servers if I cannot create a baseline configuration. As they both differ greatly in their configuration methods. I have 2 books "Apache Essentials" and "The Complete reference IIS 6" but I'm still not sure how to configure both of these so they have the same level of security/performance. One of my solutions although I am not entirely sure about this, is to find a third party tool that will allow me to set up Apache through a GUI. At least then it makes things simpler. So can anybody give me a hint as to how I can try and set up these web servers so that all testing will be fair?


----------



## fitter_happier (Feb 16, 2009)

No suggestions? I really want to move on from this baseline config. I know it's not going to be perfect. I mean, how can a 4th year student with little prior knowlege of these 2 web servers configure them to be 100% equal? I did my best however to make sure they were roughly set up similar. Apache has soooooo many modules that can be loaded, or are enabled and the amount of configuration options seems a lot more than the IIS 6.0 web server options. I've made sure bandwith throttling is disabled for both servers (in apache, you can't even set it up without putting in the module yourself) so that's fine, I've set the time out values to 120 seconds in both web servers, also no SSL runnin on either server. HTTP KEEP ALIVE is enabled on both. I've also commented out a few modules in Apache that I don't feel are needed in the baseline configuration. These are mod_actions, mod_alias, mod_cgi, mod, env, mod_setenvif

Other than what I've done, is there anything else anyone can think of? There isn't a whole lot of performance configurations in IIS web server anyway. I'm still to look at the security side of things but like I said, I have no SSL running and using port 80 for both. And I can't think of anything else. I will need to move on to try and finish this dissertation as I only have about 1 month and a half left and I will need to start measuring the performance of them, making comparions, and then using Denial of Service Attacks to see how security is affected by firstly the baseline config. I made, and then how it changes when I change certain server options, or load in modules etc.

Help very much appreciated, thanks.


----------



## wmorri (May 29, 2008)

Hi,

What version of Apache are you using? Are you using the mod_ssl too or no as you mentioned. I would recommend that you look at the Apache Documentation for more help with Apache. I know that it is a lot of technical reading but there is some good information in there. 

As for IIS 6.0, I don't know that much about it. I might recommend that you have a look at the forum for 6.0. They might have some good information.

Cheers!


----------

