Link to home
Start Free TrialLog in
Avatar of VENUS1121
VENUS1121

asked on

What is the best value for the 'sethostname' given that multiple websites will use this same value?

A recent security audit concluded that IIs v6 was revealing our internal IP address when host header isn't set as described in http://support.microsoft.com/kb/834141.  I am not able to use the usehostname to fix the issue since this reveals an internal host name so I must use the sethostname property instead.  I have multiple websites running in IIs which are constantly changing so I do not want to set  the sethostname value per website (site identifier).  Instead, I would like to use a generic value that would work for all the websites.  Does anyone have any experience with this setting?  Is there a 'best practice' in this scenario?  My initial thought was to set it to the value 'nohostheaderfound' !
Avatar of meverest
meverest
Flag of Australia image

My understanding of that option is that it will only show up when there is no host header provided in the request header, and so it should never show up unless someone is attempting to access using the direct IP address - therefore, setting to 'nohostheaderfound' is a reasonable suggestion.

Cheers.
Avatar of VENUS1121
VENUS1121

ASKER

Thank you!  I can change the host headers easily from the IIs admin but in testing this I've discovered that some of my websites crash when a value exists for the default host header.  Doesn't matter whether the value is 'nohostheaderfound' or the domain name of the site itself.  I am investigating further now and update with more information.  Do you have any thoughts on this?
SOLUTION
Avatar of meverest
meverest
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
meaning they stop browsing altogether.  Yes, I can repeat this issue by accessing the default site.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial