[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 636
  • Last Modified:

IIS redirect strange behavior

I have redirection set up so that example.com is redirected to www.example.com. It is working for the most part but occasionally we detect that a connection is at www.example.com using the example.com header.

IIS7 on Windows Server 2008

web site #1
   bound to one IP address
   using host header www.example.com

web site #2
   bound to same IP address as web site #1
   using host header example.com
   has a different home directory than web site #1
   redirects to www.example.com

When we test, example.com always redirects to www.example.com. However, several times a day, the PHP script running on www.example.com detects that $_SERVER['HTTP_HOST'] is example.com (or sometimes the IP address).

How is this possible? Any ideas how I can configure IIS to reliably redirect every time?
0
cstobbe
Asked:
cstobbe
  • 4
  • 3
  • 2
  • +1
1 Solution
 
Pete_ZedCommented:
Why can't you configure the example.com site to point to the same directory as www.example.com? Is there code in your site the specfically requires www.example.com?

I have multiple web sites that use either www.example.com or example.com - all produce the same web site.
0
 
cstobbeAuthor Commented:
In IIS6, example.com and www.example.com can have the same home directory.

In IIS7, the redirection configuration is set in web.config. If both example.com and www.example.com are sharing the same home directory, they will both read their configuration from the same web.config file. example.com would redirect to www.example.com, but www.example.com would redirect to itself.
There are 2 solutions to this:
1) Use a different home directory, or
2) Configure redirection on a site by site basis by manually editing applicationHost.config.
0
 
Ted BouskillSenior Software DeveloperCommented:
Wait a minute, why can't one site use two different host headers without using a redirect?  Do you want to automatically flip http://example.com to http://www.example.com?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
meverestCommented:
hi,

how are you monitoring "but occasionally we detect that a connection is at www.example.com using the example.com header"?

are you aware that when the user tries to go to "http://example.com" that this is still a normal http request - you will still see hits on that server and access will still be logged.  The only difference between the redirect hit and a www.example.com hit will be that the former results in a 302 response, and the latter results in a 200 result (or error)

Cheers.
0
 
cstobbeAuthor Commented:
tedbilly,
We need a redirect because we do NOT want our visitors using example.com. We do this because of cookies. If the same user uses a mix of example.com and www.example.com it gets complicated because browsers make a distinction between the two. e.g. if we set a cookie at www.example.com and the visitor later returns to example.com, the browser is less likely to return the cookie.
Yes, we want to automatically flip http://example.com to http://www.example.com.

meverest,
"we detect that a connection is at www.example.com using the example.com header" because the underlying PHP script sees that $_SERVER['HTTP_HOST'] contains "example.com". This should not be possible. If an incoming connection has a "example.com" host header, it should use an entirely different web site with its own home directory.
Yes, I am aware how the sites work. Actually, requests to example.com get a 301 response.
0
 
cstobbeAuthor Commented:
I have found the cause of the problem. The pattern that I was missing until today is that all of the traffic that was slipping through the IIS redirection and meeting the PHP redirection was using HTTPS.

Here is the explanation.

example.com is listening on only port 80. www.example.com is listening on both port 80 and port 443.
- When a connection comes in to example.com:80, IIS sees the "example.com" host header and routes the connection to the "example.com" web site which redirects to www.example.com. Good.
- When a connection comes in to example.com:443, IIS does not look at the host header at all but it does see port 443 and routes the connection to www.example.com.

I don't think I can do redirection at the IIS level for HTTPS connections so the solution is probably to redirect at the web application level.

Thanks to those who submitted their comments.
0
 
Ted BouskillSenior Software DeveloperCommented:
I didn't get a chance to reply because I was waiting for the answer to my last question.  Doing it at the application level was what I would have recommended.
0
 
meverestCommented:
hmmm...  you actually never mentioned that there was https involved ;-)

>> I don't think I can do redirection at the IIS level for HTTPS connections so the solution is probably to redirect at the web application level.

You can if you use independent IP addresses for the two hostnames.

Cheers!
0
 
cstobbeAuthor Commented:
tedbilly,
I think there is probably less overhead if the redirection is done at the IIS level, which is why we prefer it. So we will compromise by having IIS redirect for HTTP and the application if it is HTTPS.

meverest,
I knew that the web site serviced both HTTP and HTTPS, but It never occurred to me until yesterday that HTTPS was the major contributor to this problem. The web app was generating a log but this did not include the protocol. I added more and more to the logging until finally I saw that EVERY log entry was HTTPS. Then the 150W light bulb lit.
Yes, I thought about separate IP addresses for each web site. That would work but it would be an awkward configuration -- separately configuring the firewall and DNS server in addition to IIS. I think we will settle for redirecting at the app level for HTTPS.
0
 
meverestCommented:
G'day,

yes, I understand why you didn't mention SSL - I admit that I probably would not have immediately suspected that either.

Cheers!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now