Solved

Access IIS site by IP and site ID?

Posted on 2012-03-21
6
354 Views
Last Modified: 2012-03-28
Is it possible to access many different sites on one server by IP address and pass in site id somehow in the url?

For instance, if I have mulitple sites, each given their own DNS name, I can access all by DNS without any issues.  However, I am on a dynamic IP and thus it cahgnes, some users are blocked from accessing sites hosting on a dynamic IP, so need to see if it is possible to access the site using the IP address itself and somehow redirect to the site they need to get to.

Thanks.
0
Comment
Question by:tighec
  • 3
  • 2
6 Comments
 
LVL 17

Expert Comment

by:Gaurav Singh
ID: 37748591
You can set up the Dynamic DNS with your ISP or Router whatever you are using , it will help you to resolve your issue

Refer http://howto.wired.com/wiki/Set_Up_Dynamic_DNS
0
 
LVL 2

Author Comment

by:tighec
ID: 37749288
That won't help, that is what I currently have.

Bottom line, if I know the IP address of the server, can I get to different sites that it hosts?
0
 

Expert Comment

by:JonHodgson
ID: 37755829
Firstly, let's be clear why you're having issues. The reason why your sites are inaccessible to some clients when the IP changes is related to your Dynamic DNS "TTL" (Time To Live). When your clients do a DNS lookup to resolve a hostname to your dynamic IP, the TTL specifies how long they should use that IP for, after which they should re-query the hostname again for a new IP. When the IP changes, the site will appear offline to your client until that TTL expires and they re-resolve the hostname. You might ask "why not have the TTL be 1 second?" -- that's not efficient, and would add latency to your requests, and load on the DNS server. Many DNS providers won't even let you set this for less than 15 minutes, and that's a lot of downtime.

Another challenge with the TTL is that the clients are not REQUIRED to honor it. In some organizations, they set standards where DNS lookups will only be repeated once per hour, regardless of the TTL. Further complicating things, some organizations and internet cafes and wireless hotspots have "proxy servers" that relay the client's request to the server, and sometimes those proxy servers don't honor the TTL. And the worst offenders of all, is that there are some cases where clients do a DNS lookup once, and never again.

So if your clients connect to your site via a dynamic IP, even after they get to the site the first time, after that whenever that IP changes, there's a good chance that some percentage of your clients will experience some amount of downtime. This is unfortunately, unavoidable.

Let's put this issue aside for a moment, and discuss the second part of your issue: If you know what the IP is, can you get to virtual servers using just the IP?

What you're trying to do is unfortunately not really optimal based on how the HTTP spec is designed. Before I suggest a better approach, I'll illustrate the (likely) only way you can accomplish this if all you utilize is your server running on a dynamic IP, and the challenges that approach would have for you.

If all your sites run under a single IP and port, you have to provide some sort of unique identifier so the HTTP server knows which content root to route you to.

HTTP 1.1 typically achieves this by using the HOST Header, which notes the hostname you typed into the browser as the unique identifier.

If you only use the ip, then you have to pass a unique identifier some other way, and you have to create logic on the server side to read that identifier and perform an http redirect for you.

For example,
http://1.2.3.4/default.aspx?site=site1
http://1.2.3.4/default.aspx?site=site2

You then need to write logic into /default.aspx to read the value of the "site" variable and redirect to some other URL accordingly:

(This is pseudo-code)
if (site="site1") {
     redirect to /site1/default.aspx
} elseif (site="site2") { {
     redirect to /site2/default.aspx
} else {
     redirect to /error/default.aspx
}

Open in new window


Of course, for this to work, all of the content in each site must be wholly contained in a unique top-level directory. My guess is your existing sites are not structured this way, so this method may not be practical.

The other obvious issue is that it's cumbersome to expect the user to have to type the /default.aspx?site=<site> syntax. That's not user friendly at all.

So if you combine the TTL issue, and the access-via-IP issue, you've got multiple strikes against you, and you really have to think out of the box.

If I was in your shoes, and had no other options, this is what I would do:

1. Create a "landing page" on a free website hoster, which would be up 24/7 with a static IP. I'd setup the DNS records for all of my sites to point to that IP.

2. The landing page would contain redirection logic to redirect requests to the dynamic IP of your server based on the hostname the user typed. You need to ensure that this page ALWAYS knows what your current dynamic IP is, possibly by having the page do a DNS lookup directly to your dynamic dns server every time it gets a request. This is pretty heavy-handed, but necessary if you want to minimize downtime.

3. Once the clients get redirected to your dynamic IP, they are talking to your server directly. This will work fine until the IP changes, at which point they'll still have the TTL related issues.

4. To minimize the downtime due to TTLs, set it as low as your DynDNS provider will allow.

Unfortunately, you're still going to get TTL-related downtime. It's unavoidable.

5. However, the benefit of the always-on landing page, is if the user tries to go back to the original hostname if they lose connectivity, they'll immediately be given the new IP and be good to go again. But for this to work, the users need to be trained to perform that action when they lose connectivity. This is fine if you control the user community (eg. your employees), but impractical if your users are strangers on the wild-wide-web.

I think this combination will -minimize- (but not eliminate) downtime. It's not a perfect solution, but likely the best solution for the limitations of your configuration. This would be sufficient for friends hitting your personal sites, but not for professional sites that require 99.9% uptime.

I'm curious to see if anyone else has any better ideas, but I just don't see how you get around some downtime when the IP changes.

Good luck!

- Jon
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 2

Assisted Solution

by:tighec
tighec earned 0 total points
ID: 37755848
Wow, first off, let me say thanks for obvious amount of time that went into that response, not a typical one liner!
Here is the issue, more and more corporations are blocking access to "dynamic" addresses. X.dyndns.org for instance has worked for the last 3 years.  Suddenly more and more people are getting blocked from it... because it is a "dynamic" address.  The users of the site are < 100m, swho are capable of going to some dns lookup site to find the latest ip address of the dynamic host and thus know "where" the server is located.

But going to the ip address directly, takes them to the default page... not to a different site on the server, hence i was wondering if there is a way to say "ok, you guys know what you are doing , find the ip address and go to http://<ipaddress>?site=site1

So this begs the question, can you go to http://<ipaddress>?site=site6 or http://<ipaddress>?site=site15 or whatever site id is set up?

What I ended up doing was registereing a non 'dynamic' address last night to see if that would work and it looks like it does.  whatever.dyndns.org failed, but www.whatever.com works, using dyndns to keep the ip address up to date.  I undersand that there wil be downtime, but that isn't a big concern as tehre are only a handful of users.
0
 

Accepted Solution

by:
JonHodgson earned 500 total points
ID: 37757710
Now I understand that your issue specifically is corporations blocking HTTP access to sites in the dyndns.org domain. You registering your own whatever.com domain and having the IP of www resolve to your dynamic IP should absolutely solve the issue of corporations blocking you.

My recommendation is that you create unique hostnames for each of your sites under your singular whatever.com domain:
     Site1.whatever.com
     Site2.whatver.com
     Site3.whatver.com
This should work perfectly with the IIS virtual web sites you already have setup.


Getting back to the question whether you can use the IP with some unique URL identifier to have the landing page redirect you to a specific site. This will only work if you architect the sites in the way I previously described. All sites must share a single content directory, rather than being broken up into fully isolated sites in IIS. Each site would then be wholly contained in a unique root level subdirectory as I previously stated.

So the shared content directory would be

/<root>/s1/<site_1_content>
/<root>/s2/<site_2_content>
/<root>/s3/<site_3_content>

Your landing page would have the logic to say:
IF HTTP_HEADER("Host")="www.Site1.com" THEN redirect to /s1/
ELSEIF HTTP_HEADER("Host")="www.Site2.com" THEN redirect to /s2/
ELSEIF HTTP_HEADER("Host")="www.Site3.com" THEN redirect to /s3/
ELSE {
     # Handle direct-access via IP
      IF URL="/default.aspx?site=site1" THEN  redirect to /s1/
      ELSEIF URL="/default.aspx?site=site2" THEN  redirect to /s2/
      ELSEIF URL="/default.aspx?site=site2" THEN  redirect to /s3/
      ELSE redirect to /error/
}

With this solution you basically have 1 big site where all content is shared, but the landing page helps route people to the appropriate sub-directory for their domain.

Note that this offers NO isolation, meaning that even though under normal circumstances you'd only see URLs like this:
www.Site1.com/s1/<page>
www.Site2.com/s2/<page>
www.Site3.com/s3/<page>

A user could manually alter the URL and jump across sites:
www.Site1.com/s2/<page>
(using site 1 hostname to go to a site 2 content directory)

I currently do this with Apache (not IIS), and it's very simple to do by adding directives to the httpd.conf file which does the redirection for you at the core of the web server, and not in the code of the landing page.

In that same config, I also have apache detect if mis-matched URLs occur:
IF path=/s2/* AND host!=www.Site2.com THEN redirect to www.Site2.com/<path>
This always keeps the hostnames and content directories matched up, even if the user mucks with the URLs.

I wish I had a better answer for you, but virtual sites were not meant to be accessed by IP directly, so in order to do that you have to jump through some unfriendly hoops.

One last thought.
If all your sites don't have to be isolated, why don't you just create an index page on the default site that has a list of links to all of the sub-sites by IP? If a user ends up there, they can just click the one they want. But once again, for this to work, all sites must share a common content folder. There's no way around that when using IPs.
0
 
LVL 2

Author Closing Comment

by:tighec
ID: 37775674
Thanks.... will give you all the points just for the time, effort and explanations... much appreciated.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
This video discusses moving either the default database or any database to a new volume.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now