Make IIS site public without exposing other sites

Posted on 2011-10-31
Medium Priority
Last Modified: 2012-05-12
I have a few sites on IIS6, id like to make one (and only one) of them accessible via external url(ie public domain, www, accessible to all internets), now the problem might be is

i have about 5 sites set up with host headers, all on port 80
if i enable port forwarding for port 80 for the server's external ip address, will I also allow to access to all the sites, on IIS6, not only that one particular site?
Question by:Anti-Mhz
  • 3
  • 2
LVL 18

Accepted Solution

LesterClayton earned 500 total points
ID: 37059718
Indeed.  If you allow port forwarding, you do it by IP and it has no knowledge of host headers.  It will therefore forward all requests to the web server.

If the outside world can't RESOLVE the host header URL's of the 4 other sites, they can't request them, unless they're starting to do some hacking.  Technically however it would be possible to visit all 5 websites if the client knew about all the hosts which were available, because he could use his own host files to fake the URI request to the host, assuming they're not resolvable via DNS.

Author Comment

ID: 37059822
that would recquire outside world/hacker to have knowledge of the names of the other host headers, no?
even to create own hosts file like
hostheader  ip address
LVL 18

Expert Comment

ID: 37059826
Yes, they would need knowledge - you can't just request to an IIS web site "Hey, what sites do you host (wink)".  :)  So, in essense, it's not too much of a risk.

Author Comment

ID: 37104829
hmm is there another step to make IIS site public?

i have setup port forwarding at the isp/switch level

tcp             80                     10.0.1.X            publicipaddress

where X is the local server ip and public ip address is the ip address provided  

at the IIS level i have set
port 80 , ip address of the server 10.0.1.X , no host header (for test purposes)

Home directory has read/log/index access

default content page is enabled and  has index.php which is what the home page should be looking for.

Directory security page is left untouched

ive tried accessing via ip directly through web browser and through a web proxy gateway - the resource requested not found

Author Comment

ID: 37104833
i have setup port forwarding at the isp/switch level

tcp             80                     10.0.1.X            publicipaddress

my isp manages my switch. yeah its one of those. so that should work as i have it working fine in different configurations.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses
Course of the Month14 days, 2 hours left to enroll

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question