That's by design. The <modules>
section of system.webServer essentially defines IIS itself. If you <clear />
, you won't be left with anything. In applicationHost.config, you should have something like this:
<modules>
<add name="HttpCacheModule" lockItem="true" />
<add name="DynamicCompressionModule" lockItem="true" />
<add name="StaticCompressionModule" lockItem="true" />
<add name="DefaultDocumentModule" lockItem="true" />
<add name="DirectoryListingModule" lockItem="true" />
<add name="IsapiFilterModule" lockItem="true" />
<add name="ProtocolSupportModule" lockItem="true" />
<add name="HttpRedirectionModule" lockItem="true" />
<add name="StaticFileModule" lockItem="true" />
...
Notice the lockItem properties. Because there are 1 or more lock items, will throw a lock violation.
So, you either need to specifically remove just the items that you don't want from web.config, or if you really need to clear them all and add back your own, then in applicationHost.config remove the lockItem="true" on each of those elements, and make sure to add enough of them back so that your web server will actually work.
Edit
(Appended further information from Daniel, per his request. (Scott))
Here is what I did based on what Scott said:
Opened applicationHost.config in %windir%\system32\inetsrv\config. Note that in 64 bit Windows Server 2008, you'll need to edit the file with a 64 bit editor (the native Notepad will do, but Notepad++ won't be able to find the file). See here for more information about this.
In the <system.webServer>
element, change the lockItem attribute on all modules to false.
In my web application's web.config file, was then able to do the following:
<system.webServer>
<modules>
<clear />
</modules>
</system.webServer>
Of course, as Scott points out, this means there's no web server left, so here is the minimum set of modules I needed to get my stuff running again (YMMV):
<add name="HttpRedirectionModule" lockItem="false" />
<add name="StaticFileModule" lockItem="false" />
<add name="CustomLoggingModule" lockItem="false" />
<add name="CustomErrorModule" lockItem="false" />
<add name="IsapiModule" lockItem="false" />
<add name="AnonymousAuthenticationModule" lockItem="false" />
Also, for anyone interested, here's the backstory as to why I'm doing this.
Best Answer
IIS6 and IIS7 use distinct parts of the
web.config
file in order to specify site configuration.For example, IIS6 uses the
system.web
section, whereas IIS7 uses thesystem.webServer
section. But, it's not so simple as changing that one element because the underlying children are also different.Some key changes:
<httpModules>
and<httpHandlers>
have been renamed to<modules>
and<handlers>
, respectively.accessPolicy
attribute. This value depends on your handlers, so use the ones that are right for you.These suggestions and more information can be found in this posting: Use a Single Web.Config for IIS6 and IIS7