I am looking for feedback on this issue as well.

J

You can run php on an IIS server along with mySql.

Just like you can run Perl, you'd have to install the framework for PhP, but it's a quick install.

There might be alternatives to the paid version of the isapi_rewrite, but why are you adverse to paying for it? $70 for a significant piece of software is cheap. You're getting the language and the database for free, and it sounds like your friend will provide hosting for free.

Software developers need to support their families too.

Apache is the world’s most dominant web server and responds to security threats and patch needs swiftly. Microsoft Windows as a server is a bad idea in my opinion for the following examples:

A. Windows has very bad memory leaks and the OS bogs down after a while slowing up your server. Unlike a Nix apache server that you can run for months/even years with out a restart, plan on doing one at least (and I stress this is a pretty long time for a windows machine) once a week with anything M$ related...
B. Security risks like the devastating ISASPI buffer overflows that dropped a remote shell to its attacker (not that apache hasn’t had its share of overflows) are in far more abundance and very likely to appear in the future. Also when a critical overflow is found it is most likely to be followed by a malicious natured worm using this flaw to propagate itself around IIS servers; the code red worm is actually still bouncing around the MS update servers! lol.
C. In my opinion (having worked with IIS and apache on multiple platforms for several years) apache is far more configurable. Its configuration file offers you the ability to induce custom made commands and actions to be followed by the server to protect yourself or perform a certain task.
D. Speed wise apache is as fast as an HTTP server comes, although IIS has a little gain on it when running on windows since it runs as a system service and is more integrated with the OS. Apache on a nix OS will kick the **** out of IIS any day though.
E. Apache is free and better :)

Conclusion:

A nix run Apache web server is as reliable, stable, secure, and fast as they come. Even on a windows oriented platform id choose apache over IIS hands down.

Advice:

Disable ANY un-needed extensions on an IIS server, remove all shell executables (DOS), and close any services not used, and install the OS on a seperate partition from your server media and other misc files.

A. Windows has very bad memory leaks and the OS bogs down after a while slowing up your server ....

FUD.

++

A. Windows has very bad memory leaks and the OS bogs down after a while slowing up your server. Unlike a Nix apache server that you can run for months/even years with out a restart, plan on doing one at least (and I stress this is a pretty long time for a windows machine) once a week with anything M$ related...

Entirely untrue. The only time this happens is with somebody who has very little experience setting up and maintaining an OS without trying to add glitz and glamour (script kiddies making their machines as cool as can be), or loaded with test software. However this can also be true of *nix systems too.

B. Security risks like the devastating ISASPI buffer overflows that dropped a remote shell to its attacker (not that apache hasn’t had its share of overflows) are in far more abundance and very likely to appear in the future. Also when a critical overflow is found it is most likely to be followed by a malicious natured worm using this flaw to propagate itself around IIS servers; the code red worm is actually still bouncing around the MS update servers! lol.

Also untrue. Recent studies (links are escaping me at the moment, but a simple google will find them) show that *nix systems are suffering the most hits from malicious attacks on their systems.

C. In my opinion (having worked with IIS and apache on multiple platforms for several years) apache is far more configurable. Its configuration file offers you the ability to induce custom made commands and actions to be followed by the server to protect yourself or perform a certain task.

Whole heartedly agree. However a person who's just looking for a host for their site, and only does little more than maintain their MySQL database will see very little (if any) benefit.

D. Speed wise apache is as fast as an HTTP server comes, although IIS has a little gain on it when running on windows since it runs as a system service and is more integrated with the OS. Apache on a nix OS will kick the **** out of IIS any day though.
E. Apache is free and better

D. I haven't seen benchmarks on this, however I'd sooner give speed performance credit to the hardware its running on first.
E. While it's a matter of opinion, I'd have to say I prefer Apache myself. If for no other reason than the point that the end user is more capable of getting their hands dirty, and has more control over configuration and design. Again though, that's more of a benefit to the administrator and not so much Joe Webmaster.

Thanks DaScribbler! Nice to see someone defend IIS for a change. I'm very happy with it.

Ha-ha, windows does have very bad memory leaks. Most programs that are run in windows do not return the entire allocated RAM space they used. Thus they rob space from other applications. Try this: Transfer about 4 or 5 gigabytes at standard 10/100 network speed worth of files on and off of your hard disk to and from another location running windows, see if you need a restart and notice any system speed degrading :). After you do that do the same with a Linux OS, notice your OS doesn’t bog down and require a restart eh? Also I never indicated that Linux did not leak memory, I just said windows was far worse at it. Second yes recent results show that Linux systems were the most compromised, but their is no result data that can clearly put Linux in that more insecure category. Here are a few of my focal points on these such "results":

A. Yes Linux was in fact attacked more and experiences more breakins, but why? Linux/Unix servers run the majority of the servers on the net. Even the one we are on right now is an (out dated) Apache server that resides on a nix OS :). So to say Linux was attacked more may be so because it is the dominant OS of choice for many servers even if the rest of the network environment is windows oriented...

B. Out of those "successful attacks" what was the degree of the malicious intrusion? A successful attack can simply be some kiddies running a DDoS attack against the OS. For those of you who are familiar with Denial of service attacks their comes a point where the attack scale is so great no OS no matter how secure it is can handle the brunt of it. The successful attack may have been so simple as well; maybe it shouldn’t have been included in the results?

C. Did all the systems monitored have the same security officer? Was this officer any where near skilled enough
to be running them? Many kiddies run Linux systems and are new to the community, thus they do not know how to stop and turn off some services, nor do they know how to make the right configurations... No system is ever "un-hackable" but a server is only as secure as its operators knowledge reaches... Security is not a default setting so we would also need the statistics of the administrator skill level for ALL the systems :).

D. What operating system has been beat to hell and brought to its knees by these little kiddie worms flowing around the internet? How many virri and worms have been released in the last few months? lol, the linux/unix community laughs every time one shows up.
What has Mr.Billy Gates been rambling on about this month, that new "service pack 2 security" stuff eh?

E. Not every server has the same services that can be accessed by the public, so let’s take into consideration that nix based systems are the majority OSs used for servers. For the results to be accurate every attacked server would have to have the same services opened, configured the SAME WAY with the IDENTICAL user and password lists applied to them, and be the same version. Many breaches can be caused due to clients using the server as well. Brute forces against a server and recovering weak passwords are also
a result of a client at fault and a successful attack... As well as poorly written CGI/PHP scripts by the users...

F. Our attackers motives and skill level would have had to been the same as well, how are we to assume each attacker was out just to break into the system? To say that is extremely inaccurate. Hackers compete (especially the kiddies) to see who can break into the "most secure" environment to show off. Linux/UNIX systems are also better for hacking because of the many tools readily available for it and its spoofing ability. So maybe our nix systems were compromised in many cases not because they couldn’t get into the windows ones, but because they didn't want to? Maybe our linux/unix based server is just a prime target, just like someone would prefer a corvette over a station wagon...

Looking back to high school we all learned (well some of us I guess) that to come up with accurate results during an experiment each item that we are trying to retrieve this data from while using our environment variable must be equal to each other. If one of our items is not equal to the other this throws off the entire data curve when using our "malicious intrusion" variable. The things that I have listed above (and im sure more that I have forgot to mention) bring up to many individual variables in comparison with the use of each OS and how they were applied in the result gathering process; because of this the results I pulled up from these articles should be deemed inconclusive..... They do not have enough equal experiment statistics to capture accurate results and write an article indicating so...

As for speed results apache conducted an equal environment situation with identical hardware make up with several servers, Apache did come out on top as the fastest server out there (probably why apache is on three quarters of the servers in existence globally). I also base this on personal tests that I have run and from experience with Novel, IIS, Abyss, and Apache services...

Ahhh yes and I also forgot to point out on my original post the fragmentation issues of windows....

o_O?

This is a black hole. Choose: vanilla or chocolate.

I choose Rocky Road. I choose IIS.

Works for me. Works fine. Depends on the server and the server OS. The most recent version of IIS running on Win2K is a lot more stable than earlier versions. I haven't had to run a reboot. Not the same under earlier versions of the MS server OS.

I don't love MS. I just use it and it works.

Since we are all up on articles skim through this one... This person has some excellent points as well on the Apache vs IIS war that will always rage on.

[link] Apache vs IIS
[freephile.com...]

[link] The ISAPI Critical exploit I was talking about
[internetnews.com...]

If you're gonna pull out an article...don't pull out one dating back to 2001. It's old old news, since rendered obsolete.

As for the article comparing IIs to Apache... all it does is tout Apache's flexibility, and harps repeatedly that it's free. There's actually no real information to be gleaned, and the objectivity is severely lacking. Nothing specific about performance. What little is actually mentioned is a generalized kudos to Apache, yet mentions absolutely nothing about why IIs is lacking (except for the fact that it costs $$$)

Don't get me wrong. I prefer Apache myself, however I don't base it on the 'Microsoft is the evil tyrant' reputation which runs rampant. IIs is a very capable web server. It has a LOT more support than that article insinuates, and doesn't cost all that much money. It insinuates that the moment a newer version comes out, or new features added, you're stuck with a licensed old version which will cost $$$ to replace...which simply is not true.

The article was pulled from 2001 is because that’s when the exploit I was talking about showed up..... ISAPI.......? I mean of course its going to be old, were did I say it was near new? It was just used as an example, for people that did not know about ISAPI; I provided that link for reference to this line in my post "The ISAPI Critical exploit I was talking about" lol. I used the ISAPI exploit because it was a major security breach for many people, over half the IIS servers on the internet... If you would like IIS/Windows exploits up to date just watch the news :)

By the way if you use the links mentioned in the text of that article about Apache it does give some further documents to back up what he is saying. That article was also provided I believe as I said word for word in my last post "This person has some excellent points as well on the Apache vs. IIS war that will always rage on." Show me where I said he had accurate information to point this claim? I just said this person had some additional points and views worth taking a look at...

Don't get me wrong I loooooooooooove IIS/windows for my own reasons as well :)! I think the entire world should be run by MS Windows/IIS lol. I secure servers/networks and construct them for a living, makes me all the richer. :) But as for the 4U servers that I have under my personal wing for hosting and such, nix and Apache!

I swear that this thread was about url rewrites on an IIS server. Yes you can purchase a component that will allow you to accomplish what mod_rewrite can do, but if you are on a virtual environment through a hosting company, you can perform this task quite easily enough with a 404 page. I have done it and it works flawlessly. :)

\Mac

If Windows has such bad memory leaks, then why have I had multiple servers (W2K and later) running for months, in one case, 1.5 years, with no crashes or slowdowns?
Like has been said, it's NOT perfect, but certainly if setup properly, W2K and later OS's are able to run for months on end.
I've had the servers doing so at home to prove it.
Again, as was already said - it's all in how you configure, the version, service pack level and what you run on it.
A basic server with IIS and no crap installed on it (no freeware, unstable shareware, etc, and no kids playing games at the server console will run for a good long time.
Granted, it may not always be the OS/server of choice, but I abhore blanket "MS is bad" statements.
A friend in NYC has had a news server hosting some private newsgroups for our anti-virus and support groups as well as hosting his personal site, a US Marine group site and his development site running for months. I can only recall one time in the last 12 months he's had to reboot it.
I also have a couple of sites with an ISP who runs ONLY MS based servers - he's not had issues. The servers are stable. He's a professional.......... knows exactly how to set them to run stable. His servers have never been hacked nor had any security issues. He DOES keep them as current as possible.

Hackers and virus writers go after the most popular and most common, they don't choose the "easiest", they look for big targets and great impact.

Use what you want, what you KNOW, and what you feel comfortable with, this isn't a religious argument like TOO many "my os is better than your os" or "my word processor is superior to yours" discussions turn into.

Shadows Papa
(former corporate anti-virus administrator for a large financial company)