An IIS module is a component loaded by Microsoft Internet Information Services (IIS) to extend how the server handles HTTP requests. Modules can inspect requests, modify headers or content, enforce authentication, log activity, or redirect traffic before the response reaches the client. Because they run inside the request-processing path, they have deep access to web traffic and server behavior.
That makes IIS modules important in both defense and attack. Administrators use legitimate modules for filtering, performance, and security controls, but attackers can abuse or replace them to hide inside the web server, redirect selected users, or alter responses while the site still looks normal to many visitors. Defenders should inventory installed modules, compare them with a known-good baseline, and watch for unexpected DLLs, configuration changes, or selective behavior that differs by client, region, or user agent.