Coffeehouse Thread

33 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Apache and IIS

Back to Forum: Coffeehouse
  • User profile image
    StretchMan

    Just read the last report from Netcraft that says that IIS occupies only 22% of the market share of Web Servers... Apache with more than 60%!

    Hard to believe it's true... IIS 6.0 eats Apache in performance runnig ASP.NET!!!

    What do you think ?

  • User profile image
    Kaelan

    Most people don't want to run ASP.net.

    IIS still is at a disadvantage to Apache in price, too.

  • User profile image
    eagle

    UNIX had 100% of the Internet Servers 10 years ago, what happened?

  • User profile image
    Manip

    StretchMan wrote:
    Hard to believe it's true... IIS 6.0 eats Apache in performance runnig ASP.NET!!!


    ... That has to be the worst pro-IIS argument ever... It is like me saying - "Why is anyone using IIS when it doesn't run Apache Modules?"

  • User profile image
    Jeremy W

    The problem is that it's sites. Not servers. More IIS boxes are 1-site and 1-app boxes. For instance, GoDaddy parks 10,000 domains on one instance of Apache. In fact most domain companies park incredibly large numbers of domains on one server, which skews the results completely.

  • User profile image
    Mike Dimmick

    An interesting second-source is Port80 Software's Top 1000 Web Servers survey. This survey scans the web servers of the US Fortune 1000 companies - at the last count, back in June, 53.9% of these sites ran some version of IIS. I'm concerned that 5.1% still run IIS 4.0 on NT 4.0 on the public Internet!

    ISPs and blogs skew the figures heavily - both my ISP site and my blog site are hosted, and both have their own domain names. The blog runs Apache on Linux (it's BlogSpot) and the ISP site runs something called thttpd/1.00.disbu (Demon Internet Small Business Unit, maybe?) on Solaris 8. If I were self-hosting, I'd go with IIS 6.0 - I know it well, it's not had many vulnerabilities, and I'd want to use ASP.NET.

    But I don't think IIS and Apache are really competing in the same market. I wrote about this last December on my blog.

  • User profile image
    Mike Dimmick

    For whatever reason, C9 didn't want to show the link in my edit, so I'll post it here: Apache, IIS, competition.

    Alternatively it just doesn't like links to my blog. Try http://mikedimmick.blogspot.com/2003/12/apache-iis-competition.html.

  • User profile image
    Manip

    I think your right to an extent. Excluding all other servers -

    Web-Applications - IIS (PHP and Perl are too resource intensive)
     
    Static Pages - Apache (More hackable, can reduce the size of the server etc)

    Ease of use - IIS

    Cluster - Apache

    Speed [Static] - Both/Equal

    Customizability - Apache

    Inter-portability- Apache

  • User profile image
    manickernel

    Mike Dimmick wrote:

    An interesting second-source is Port80 Software's Top 1000 Web Servers survey.


    I found this a great source but was a little suspicious of the particular sample base they used. So I did a fair amount of going through and checking which sectors used what. Most critical financial services seem to use either Netscape or IBM and a few Sun. Many regular commerce sites will use those or IIS. What did suprise me is that when money starts to change hands not too many want to trust Apache/Linux...

  • User profile image
    Keskos

    Manip wrote:
    I think your right to an extent. Excluding all other servers -

    Web-Applications - IIS (PHP and Perl are too resource intensive)
     
    Static Pages - Apache (More hackable, can reduce the size of the server etc)

    Ease of use - IIS

    Cluster - Apache

    Speed [Static] - Both/Equal

    Customizability - Apache

    Inter-portability- Apache


    As a person who knows that Apache is GPLed let me correct some of them.

    Ease of use - IIS (out of the box, but there are also GUI tools for Apache)

    Static Pages - What is this for? Speed?

    Web-Applications - Apache or IIS (depends on what you use)
    -- perl : Apache (with mod_perl)
    -- php: Apache (more tested with)
    -- .net: IIS
    With Apache you can run almost any web app, including .net apps, with IIS you have less choice.

    Cluster : nothin what is this for? IIS and Apache can be both clustered

    Speed [Static] - IIS (Apache is a joke here)

    Customizability - Apache (IIS is a joke here)

    Inter-portability- What is this?

    Portability: Apache

    Addons: Apache (IIS is a joke here)

  • User profile image
    eagle

    Alex (aka keskos) you and you alone are the joke here! hehehe

  • User profile image
    Manip
  • User profile image
    Deviate_X

    Consider IIs 6 and Apache 2. It appears that Apache is considered (A++) more secure.
     Is this a myth or reality?
    
    From http://www.securityfocus.com/bid/vendor/
    
    Microsoft IIS 6.0:
    
    2003-07 22:  Microsoft Multiple IIS 6.0 Web Admin Vulnerabilities 
    
    
    Apache 2.0:
    
    2004-09-13:  Apache Connection Blocking Denial Of Service Vulnerability 
    2004-09-13:  Apache Error Log Escape Sequence Injection Vulnerability 
    2004-09-07:  Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability 
    2004-08-10:  Multiple Vendor HTTP Response Splitting Vulnerability 
    2004-07-23:  Apache mod_userdir Module Information Disclosure Vulnerability 
    2004-05-05:  Apache Web Server Multiple Module Local Buffer Overflow Vulnerability 
    2004-05-05:  Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness 
    2004-04-24:  Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability 
    2004-04-07:  Apache Chunked-Encoding Memory Corruption Vulnerability 
    2004-03-25:  Apache mod_disk_cache Module Client Authentication Credential Storage Weakness 
    2004-03-15:  Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness 
    2004-02-24:  Apache Cygwin Directory Traversal Vulnerability 
    2004-02-07:  Apache mod_php Global Variables Information Disclosure Weakness 
    2004-01-27:  Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability 
    2003-12-26:  Apache mod_php Module File Descriptor Leakage Vulnerability 
    2003-10-29:  Apache Web Server Prefork MPM Denial Of Service Vulnerability 
    2003-10-25:  Apache2 MOD_CGI STDERR Denial Of Service Vulnerability 
    2003-09-10:  Apache Server Side Include Cross Site Scripting Vulnerability 
    2003-09-05:  Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability 
    2003-09-04:  Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability 
    2003-05-06:  OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability 
    2003-03-06:  Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability 
    2002-11-05:  Apache /tmp File Race Vulnerability 
    2002-09-27:  Apache 2 mod_dav Denial Of Service Vulnerability 
    2002-08-16:  Apache 2.0 CGI Path Disclosure Vulnerability 
    2002-08-16:  Apache 2.0 Path Disclosure Vulnerability 
    2002-08-16:  Apache 2.0 Encoded Backslash Directory Traversal Vulnerability 
    2002-07-17:  Apache httpd 2.0 CGI Error Path Disclosure Vulnerability 
    

  • User profile image
    Manip

    That is an unfair comparison. IIS is based off an old code base so most of the bugs have been found and removed; Apache 2.0 is brand new and people are still finding them. Try  comparing it to 1.3.xx, that would be a lot more fair.

    I would also like to point out that SOME of the above are third party modules (e.g. mod_php) and have nothing to do with the server.

  • User profile image
    StretchMan

    Manip!

    Man... This is not "ProIIS" argument", it's commun sense! I'm in charge of managing + developing for a big site, I've been put in charge and did not had the choice of server... they said "Use the Apache thing with CGI/Perl - PHP under Unix"!

    I did it, developing for this thing is slow, running it is slow, we had to put a super server! We use tools and developing techniques that was cool 15 yeasrs ago! Try debugging Perl... try tracing it!!!

    Now, 4 years later I finally got the ok to at least port a few apps on the IIS 6.0 server... man... the thing does rings around Apache, you can deal with cache in a way you can't even dream in Apache!

    Run a site Unix/Apache/PHP, port it to IIS 6.0 in ASP.NET and see the difference!!!

    My point was that I can hardly believe that 3 years ago, on netcraft, it was said that IIS had around 40% of the market, now it around 22%. I would have like to have some info on wath the ... you think of Netcraft, are they really impartial ?

    Not the crap you said man... thanks a lot!

  • User profile image
    Manip

    Did you ever consider that your problems with Apache might be caused more by your inexperience? That might be why you found the clicky clicky IIS tools more to your liking.

  • User profile image
    StretchMan

    From a student... you seems to know a lot!

    Please, be my guru! *!

  • User profile image
    Manip

    It is a fair point to make. I could say Mac sucks and Windows is a 'super-system' because I simply am able to use Windows to better effect. The results and productivity I would get from a Windows system would be a reflection of my experience with it; therefore we can assume that if your inexperienced with Apache would lead to poor productivity and implementation and knowing IIS well you would get better results with IIS.


     

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.