> There's nothing you can do on the one platform that you can't do on the > other, given enough effort. For example, in the case of IIS, you have > ASP/ASPX, with Apache you can use PHP or similar products. The major > difference is that with IIS, most of the functionality is built in to the > web server and is well documented- IIS is not a difficult platform to > operate by any means. With Apache and related tools, you generally end up > downloading and compiling your source for whatever modules you want to use. > This can be a challenge. Some things are easier to do on one platform or the > other, but in general, they can be considered comparable in terms of > functionality.
Why would you compile Apache if it comes with your distribution? For instance, I use RedHat linux. RedHat comes with Apache and a standard set of modules. If I need mod_perl support I just install the mod_perl rpm. I don't recompile apache and mod_perl. The only reason I compile Apache nowadays is for optimization. Can you do that with IIS? The Apache configuration tools are far behind anything from Microsoft. Admittely the httpd.conf file is very easy to learn, and once you learn it you'll love it. But the truth is we live in a GUI world and Apache needs a damn good gui. This task isn't easy at all though, but a lot of people are working on it. > Database access is available for both platforms. IIS can talk to any > database that can be accessed via ADO and/or ODBC. This includes SQL Server, > MySQL, and many others. Apache can do the same thing, although you may have > to do some tweaking to get a Unix boxen to talk with an MS-based database. I not sure where you heard that is hard to connect to MS-based databases from Unix. It's a completely false statement. First of, Apache doesn't control DB connections. The language like PHP or perl thats there domain. On the other hand, DB connections for Windows are handled by the operating system, which is bad design because if you have one rogue connection or one bad driver Windows crashes or IIS freezes. > There are generally going to be more security vulnerabilities found in IIS > than in Apache- there are a number of reasons for this, but the main one, I > believe, is that IIS is the big fat wet target that people are going to > shoot for. Apache is popular, but you're not going to get the same bang for > your buck if you're a blackhat by writing exploits for Apache. Also, since > it's open-source, the code for apache has been seen by many eyes, none of > whom have any particular reason to want to hide flaws in the code, which > could be argued to be the case for MS types working on the source for IIS. > HOWEVER, it should be noted that a properly maintained system can be secured > regardless of your platform. Wouldn't a big fat wet target be Apache because of it's on the majority of web servers(http://www.netcraft.com). > As an example, my IIS web servers were not vulnerable to Code Red or Nimda > before the original MS patch came out, because I configured them properly, > securing them at every possible point, removing unnecessary handlers, > changing settings, etc- all the things a good sysadmin is supposed to do and > so often doesn't. Of course I test and apply the patches as soon as they are > avaailable, but I don't rely on them to secure my system- that's my > responsibility. Both Apache and IIS can be properly secured, given the > appropriate effort. I admit security is really based on the sysadmin not the webserver. I blame Microsoft for horrible out of box security with there products. Some Linux distributions are also not so secure out of box, but you have a greater field of choice than with Microsoft. > Support- Don't get me wrong, Apache support is great from what I can tell. > There's a ton of info out there on it, from FAQs and HOWTOs to book-length > PDFs on installing, configuring and running Apache. But you generally gotta > find it, which can mean a lot of googling or emails to people who don't get > paid and therefore may not be as responsive to you as you'd like. > > With IIS, however, you have a single point of contact and have access to a > lot of support resources which are all easy to find and in a central > location. If you want to pay some dinero (usually not a major problem if > you're working for a company and not yerself), you can get an MS support > tech on the horn and help resolve your issues with the software. Apache > doesn't really have a similar facility. I'm guessing that some of the *nix > VAR resellers (like Red Hat, for example) provide a similar service, so you > could probably go that route with a unix-based system. A lot depends on > whether you paid for your platform or not. I hate when people bash open source projects because of there lack of support. Apache has excellent support from many companies including many different distributions. If money is a issue there are many Apache volunteer mailing lists giving Apache support. Support used to be a issue with Linux and open source products, now it rarely is. -Jason Yates -Jason
