IIS accept request on all websites

Posted on 2012-08-23
Last Modified: 2012-08-24
I have an IIS 6.0 server installed on the Windows 2003R2.
I have in dns the following written:   A   A

In my IIS i have one website with name, and I don't have another one for
And it doesn't matter what name I will type in  browser, IIS responds.
I thought that if the requet from browser is for website that does not exist, IIS will not open the page.
Could you expalin me why this happens, or give me any link to some good article which explain this.
Question by:dedri
    LVL 16

    Assisted Solution

    In order to have IIS reject invalid host requests, you need to have host headers enabled.  Essentially, you tie specific domain headers to an IIS site.  Requests to the IIS service that don't match will fail.

    Take a look at this article:
    LVL 10

    Expert Comment


    Are you using same A name IP address for both the different name ?

    Author Comment

    can I have a host header for SSL, in the article it is shown for only port 80(http)?
    LVL 16

    Accepted Solution

    No.  In order to support SSL for different domains in IIS6,  you need to process requests on a different IP.

    Add a secondary IP to your webserver NIC, and tie a different public IP to that one (nat).  Then in the header configuration, tell the site to listen on that specific IP.

    Non-SSL sites can share IP space just fine, however.

    Author Comment

    10x ,Enphyniti, you really cleared it for me.

    I have just one last question. I found a thread that even though host headers are set, IIS accept connection. In the answer is said that one of the site is thought as default web site and that's the reason. How to check if my web site is not the renamed default website?


    We have a wildcard A-Record pointing to our IP and have a number of sites running on IIS 6 with host headers and have a a wildcard SSL certificate for the domain so that each site can run under SSL.

    For example: https:/ https:/

    Everything is working well but I noticed that when we type a non existent subdomain, say, it redirects to Any idea why that is or how I can change that? I think we may have set up the site before we applied the wildcard A-record with our domain provider and before we had set up the SSL cert.


    ### ANSWER##

    The default configuration of the default web site in IIS is to not filter on host headers. This web site will receive any requests that do not match one of the other web sites.

    In its default state IIS 6's default web site will receive all requests to the server (by IP address) whatever the host header contains.
    ### END ANSWER
    LVL 16

    Assisted Solution

    Okay.  With SSL, IIS get's a little wonky.  If you have an ssl enabled site running on the same IP as all of your shared non-ssl sites, then that specific site is listening to port 443 for that IP and apparently bypasses the host header checks.  So, if you have this on a single IP:

    no SSL:
    no SSL:

    Any HTTPS requests for, or will resolve to  You must segregate your ssl enabled sites to use IPs other than the one your non ssl sites listen on.  NO site should be configured to listen on all interfaces.

    Featured Post

    Gigs: Get Your Project Delivered by an Expert

    Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

    Join & Write a Comment

    Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
    When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
    Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
    Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now