CYA: Securing IIS 6.0: Cover Your A** By Getting It Right the First Time

Configuring IP Address, TCP Port and Host-Header combinations

Introduced as part of HTTP v1.1, the host HTTP header allows multiple websites to be run on a single IP address using TCP port 80 only. Prior to this, each website required its own unique IP address, or had to be run on a non-standard (not port 80) TCP port.

By the Book

When an HTTP v1.1-compatible client makes a request to a Web server for a resource (for example, a web page, image or document), it includes the DNS or NetBIOS name (the host) of the website that it s requesting the resource from. The Web server (in this case IIS) examines the supplied host header to see if it matches any of those configured on the server. If there s a match, the normal request processing process occurs. If there s no match, IIS returns an HTTP 400 Bad Request error to the client browser.

When configuring websites, each website can have one or more combinations of IP address plus TCP port (this is typically port 80) plus host-header name. Each combination of IP address plus TCP port plus host header name is known as a website identity. Each website has at least 1 website identity, but can have more.

However, on a given Web server, each such identity must be unique. If they are not unique, when an HTTP request comes in, IIS will not know which website the request should be routed to.

Requests for a website identity that...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Domain Registration Services
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.