Apache and IIS

Just read the last report from Netcraft that says that IIS occupies only 22% of the market share of Web Servers... Apache with more than 60%!

Hard to believe it's true... IIS 6.0 eats Apache in performance runnig ASP.NET!!!

What do you think ?

Most people don't want to run ASP.net.

IIS still is at a disadvantage to Apache in price, too.

UNIX had 100% of the Internet Servers 10 years ago, what happened?

StretchMan wrote:

Hard to believe it's true... IIS 6.0 eats Apache in performance runnig ASP.NET!!!

... That has to be the worst pro-IIS argument ever... It is like me saying - "Why is anyone using IIS when it doesn't run Apache Modules?"

The problem is that it's sites. Not servers. More IIS boxes are 1-site and 1-app boxes. For instance, GoDaddy parks 10,000 domains on one instance of Apache. In fact most domain companies park incredibly large numbers of domains on one server, which skews the results completely.

An interesting second-source is Port80 Software's Top 1000 Web Servers survey. This survey scans the web servers of the US Fortune 1000 companies - at the last count, back in June, 53.9% of these sites ran some version of IIS. I'm concerned that 5.1% still run IIS 4.0 on NT 4.0 on the public Internet!

ISPs and blogs skew the figures heavily - both my ISP site and my blog site are hosted, and both have their own domain names. The blog runs Apache on Linux (it's BlogSpot) and the ISP site runs something called thttpd/1.00.disbu (Demon Internet Small Business Unit, maybe?) on Solaris 8. If I were self-hosting, I'd go with IIS 6.0 - I know it well, it's not had many vulnerabilities, and I'd want to use ASP.NET.

But I don't think IIS and Apache are really competing in the same market. I wrote about this last December on my blog.

For whatever reason, C9 didn't want to show the link in my edit, so I'll post it here: Apache, IIS, competition.

Alternatively it just doesn't like links to my blog. Try http://mikedimmick.blogspot.com/2003/12/apache-iis-competition.html.

Mike Dimmick wrote:

An interesting second-source is Port80 Software's Top 1000 Web Servers survey.

I found this a great source but was a little suspicious of the particular sample base they used. So I did a fair amount of going through and checking which sectors used what. Most critical financial services seem to use either Netscape or IBM and a few Sun. Many regular commerce sites will use those or IIS. What did suprise me is that when money starts to change hands not too many want to trust Apache/Linux...

Manip wrote:

I think your right to an extent. Excluding all other servers -

Web-Applications - IIS (PHP and Perl are too resource intensive)
 
Static Pages - Apache (More hackable, can reduce the size of the server etc)

Ease of use - IIS

Cluster - Apache

Speed [Static] - Both/Equal

Customizability - Apache

Inter-portability- Apache

As a person who knows that Apache is GPLed let me correct some of them.

Ease of use - IIS (out of the box, but there are also GUI tools for Apache)

Static Pages - What is this for? Speed?

Web-Applications - Apache or IIS (depends on what you use)
-- perl : Apache (with mod_perl)
-- php: Apache (more tested with)
-- .net: IIS
With Apache you can run almost any web app, including .net apps, with IIS you have less choice.

Cluster : nothin what is this for? IIS and Apache can be both clustered

Speed [Static] - IIS (Apache is a joke here)

Customizability - Apache (IIS is a joke here)

Inter-portability- What is this?

Portability: Apache

Addons: Apache (IIS is a joke here)

Alex (aka keskos) you and you alone are the joke here! hehehe

Keskos you know less than my mum.

Howstuffworks "How Internet Infrastructure Works"

Howstuffworks "How Internet Cookies Work"

Howstuffworks "How Web Servers Work"

Howstuffworks "How Internet Search Engines Work"

Howstuffworks "How Firewalls Work"

Howstuffworks "How Cable Modems Work"

Howstuffworks "How Home Networking Works"

Howstuffworks "Introduction to TCP/IP Concepts"

Consider IIs 6 and Apache 2. It appears that Apache is considered (A++) more secure.
 Is this a myth or reality?

From http://www.securityfocus.com/bid/vendor/

Microsoft IIS 6.0:

2003-07 22:  Microsoft Multiple IIS 6.0 Web Admin Vulnerabilities 


Apache 2.0:

2004-09-13:  Apache Connection Blocking Denial Of Service Vulnerability 
2004-09-13:  Apache Error Log Escape Sequence Injection Vulnerability 
2004-09-07:  Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability 
2004-08-10:  Multiple Vendor HTTP Response Splitting Vulnerability 
2004-07-23:  Apache mod_userdir Module Information Disclosure Vulnerability 
2004-05-05:  Apache Web Server Multiple Module Local Buffer Overflow Vulnerability 
2004-05-05:  Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness 
2004-04-24:  Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability 
2004-04-07:  Apache Chunked-Encoding Memory Corruption Vulnerability 
2004-03-25:  Apache mod_disk_cache Module Client Authentication Credential Storage Weakness 
2004-03-15:  Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness 
2004-02-24:  Apache Cygwin Directory Traversal Vulnerability 
2004-02-07:  Apache mod_php Global Variables Information Disclosure Weakness 
2004-01-27:  Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability 
2003-12-26:  Apache mod_php Module File Descriptor Leakage Vulnerability 
2003-10-29:  Apache Web Server Prefork MPM Denial Of Service Vulnerability 
2003-10-25:  Apache2 MOD_CGI STDERR Denial Of Service Vulnerability 
2003-09-10:  Apache Server Side Include Cross Site Scripting Vulnerability 
2003-09-05:  Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability 
2003-09-04:  Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability 
2003-05-06:  OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability 
2003-03-06:  Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability 
2002-11-05:  Apache /tmp File Race Vulnerability 
2002-09-27:  Apache 2 mod_dav Denial Of Service Vulnerability 
2002-08-16:  Apache 2.0 CGI Path Disclosure Vulnerability 
2002-08-16:  Apache 2.0 Path Disclosure Vulnerability 
2002-08-16:  Apache 2.0 Encoded Backslash Directory Traversal Vulnerability 
2002-07-17:  Apache httpd 2.0 CGI Error Path Disclosure Vulnerability 

Manip!

Man... This is not "ProIIS" argument", it's commun sense! I'm in charge of managing + developing for a big site, I've been put in charge and did not had the choice of server... they said "Use the Apache thing with CGI/Perl - PHP under Unix"!

I did it, developing for this thing is slow, running it is slow, we had to put a super server! We use tools and developing techniques that was cool 15 yeasrs ago! Try debugging Perl... try tracing it!!!

Now, 4 years later I finally got the ok to at least port a few apps on the IIS 6.0 server... man... the thing does rings around Apache, you can deal with cache in a way you can't even dream in Apache!

Run a site Unix/Apache/PHP, port it to IIS 6.0 in ASP.NET and see the difference!!!

My point was that I can hardly believe that 3 years ago, on netcraft, it was said that IIS had around 40% of the market, now it around 22%. I would have like to have some info on wath the ... you think of Netcraft, are they really impartial ?

Not the crap you said man... thanks a lot!

From a student... you seems to know a lot!

Please, be my guru! *!

It is a fair point to make. I could say Mac sucks and Windows is a 'super-system' because I simply am able to use Windows to better effect. The results and productivity I would get from a Windows system would be a reflection of my experience with it; therefore we can assume that if your inexperienced with Apache would lead to poor productivity and implementation and knowing IIS well you would get better results with IIS.