Learn how to a build a cloud-first strategyRegister Now


IIS accept request on all websites

Posted on 2012-08-23
Medium Priority
Last Modified: 2012-08-24
I have an IIS 6.0 server installed on the Windows 2003R2.
I have in dns the following written:
    name1.domain1.com   A
    name2.domain2.com   A

In my IIS i have one website with name name1.domain1.com, and I don't have another one for name2.domain2.com
And it doesn't matter what name I will type in  browser, IIS responds.
I thought that if the requet from browser is for website that does not exist, IIS will not open the page.
Could you expalin me why this happens, or give me any link to some good article which explain this.
Question by:dedri
  • 3
  • 2
LVL 16

Assisted Solution

by:Jon Brelie
Jon Brelie earned 2000 total points
ID: 38323889
In order to have IIS reject invalid host requests, you need to have host headers enabled.  Essentially, you tie specific domain headers to an IIS site.  Requests to the IIS service that don't match will fail.

Take a look at this article: http://www.visualwin.com/host-header/
LVL 10

Expert Comment

ID: 38323905

Are you using same A name IP address for both the different name ?

Author Comment

ID: 38324005
can I have a host header for SSL, in the article it is shown for only port 80(http)?
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

LVL 16

Accepted Solution

Jon Brelie earned 2000 total points
ID: 38324019
No.  In order to support SSL for different domains in IIS6,  you need to process requests on a different IP.

Add a secondary IP to your webserver NIC, and tie a different public IP to that one (nat).  Then in the header configuration, tell the site to listen on that specific IP.

Non-SSL sites can share IP space just fine, however.

Author Comment

ID: 38324368
10x ,Enphyniti, you really cleared it for me.

I have just one last question. I found a thread that even though host headers are set, IIS accept connection. In the answer is said that one of the site is thought as default web site and that's the reason. How to check if my web site is not the renamed default website?



We have a wildcard A-Record pointing to our IP and have a number of sites running on IIS 6 with host headers and have a a wildcard SSL certificate for the domain so that each site can run under SSL.

For example: https://A.foo.com https:/B.foo.com https:/C.foo.com

Everything is working well but I noticed that when we type a non existent subdomain, say D.foo.com, it redirects to A.foo.com. Any idea why that is or how I can change that? I think we may have set up the A.foo.com site before we applied the wildcard A-record with our domain provider and before we had set up the SSL cert.


### ANSWER##

The default configuration of the default web site in IIS is to not filter on host headers. This web site will receive any requests that do not match one of the other web sites.

In its default state IIS 6's default web site will receive all requests to the server (by IP address) whatever the host header contains.
LVL 16

Assisted Solution

by:Jon Brelie
Jon Brelie earned 2000 total points
ID: 38326658
Okay.  With SSL, IIS get's a little wonky.  If you have an ssl enabled site running on the same IP as all of your shared non-ssl sites, then that specific site is listening to port 443 for that IP and apparently bypasses the host header checks.  So, if you have this on a single IP:

ssl:          domainabc.com
no SSL:   otherdomain.com
no SSL:   yetanotherdomain.com

Any HTTPS requests for otherdomain.com, or yetanotherdomain.com will resolve to domainabc.com.  You must segregate your ssl enabled sites to use IPs other than the one your non ssl sites listen on.  NO site should be configured to listen on all interfaces.

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question