The Default Website is what its name says, a convenience website that is created when IIS is installed. It can be deleted and replaced by new websites, but its advantage is that it will work "out-of-the-box" with all definitions and permissions already taken care of. Getting the folder and file permissions right is perhaps the biggest headache when creating a new website.
Here is a screenshot of the attributes of the default website :
The important attributes above are :
Application pool : Each such pool is nothing else than an instance of w3wp.exe, one per pool (IIS will start more than one under a heavy load). It runs here under the user account named DefaultAppPool, which was already given the minimum required permissions on the folders of the website.
Physical Path : This is the folder which will contain all the files of the website (except for files in virtual folders). Default is C:\inetpub\wwwroot
.
Bindings : The important one is http:*.80
, meaning the HTTP protocol on port 80. The others are used for example for handling WCF services, and depend on your Windows configuration. It's important to note that port 80 cannot be assigned to another site as long as it's assigned to this one. The full syntax for an entry is protocol/IP_address:port:host_header
, where unspecified items are taken to mean "all", so that this default means "all IP addresses and domain names and hosts".
How this works
IIS listens on all the specified ports for requests employing a URL of the general format:
protocol://[username:password@]domain[:port]/path/file[?parameters]
The request is then forwarded to the (one) site that handles the specified combination of protocol, domain and port. Unspecified elements have their defaults, or the browser may in some cases ask for missing elements such as username and password.
A path, if specified, is generally appended to the Physical Path in a purely textual manner. For example, the URL http://domain/path/file
is translated for the Default website to C:\inetpub\wwwroot\path\file
. If the path-name starts with the name of a virtual directory that points to another folder, say D:\myWWWroot
, the preceding part of the folder path is replaced, so that the file specification will become D:\myWWWroot\remainder-of-path\file
.
Why the Default Website exists
The reason for its existence is simply because there are too many details one has to get right when creating in IIS a website from scratch.
I already touched upon the file and folder permissions, which are the main reason why one may get the infamous "HTTP Error 404.0 - Not Found" message, when one can swear that the specified file exists. This arrives when the user account for the application pool is missing permissions on some folder in the generated physical path.
The Default Website takes over and answers all HTTP requests arriving over port 80 to all IP addresses assigned to the computer where it is installed, translating all HTTP URLs to a physical path to a file inside C:\inetpub\wwwroot
.
It's by far much easier to start with the Default Website, modifying its attributes as needed, rather than create everything from scratch, and especially if one has little experience with IIS 7+. The fact that all required user accounts and the permissions on C:\inetpub
are predefined may prevent a lot of puzzled head-scratching.
This is also important for security, because by default IIS is pretty invulnerable to hacking. Vulnerabilities are created when the defaults are carelessly modified, or when vulnerable add-on products are added.