Re: IIS 6.0 - no host header value - Are host header requests proc



Hi,

The packets may not be malformed - it may be that the end client is using a DNS server that is incorrectly configured (so that even though you are hosting site1.com, the remote DNS has site2.com pointing to your IP address rather than correct IP address).

In the case that a request comes in with a host header that matches none of the websites on your machine, then IIS will look for a site that is listening with no host header value *and* specifically bound to the IP address that the request came in on.

If there is no matching site, then IIS will look for a site that has no host header, and is listening on "all unassigned" IP addresses.

And then, if there are no matching sites, a 400 Bad Request will be sent back to the client.

So the pattern would be (assuming all sites listening on port 80 - otherwise we'd also need to add a check for the port being used):

Is there a site that matches Host Header + IP address?
Is there a site that maches IP address?
Is there a site that is listening on "all unassigned"?

Cheers
Ken

"asmizer" <asmizer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:794BB815-30BA-480F-BDE7-8244D454AFB5@xxxxxxxxxxxxxxxx


"Ken Schaefer" wrote:

"asmizer" <asmizer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8D0A3C8F-472A-4382-AE0D-A0CAAB1088F9@xxxxxxxxxxxxxxxx
> IIS 6.0, the site does not have a "host header value" it is the
> "Default:None".
>
> What happens when an initial get request does not contain the site > header?
> E.g The Get comes to my IP address but instead of askign for > "mysite.com"
> it
> contains "yoursite.com"? Given that mysite.com resolves to the > requested
> IP
> address and Yoursite.com does not resolve to the requested IP address.

If yoursite.com does not resolve to the IP address, why is the browser even
making the request to your webserver (except possibly to log spam in your
logfiles)

IIS will match incoming requests to sites from the most specific to the
least specific bindings.

If you have a site that listens on "all unassigned" and has no host header,
it will get all requests that can not be routed to a more specific site.

Cheers
Ken



The incomming packet is intentionaly malformed. Why? I assume it is an
attempt to probe for some vulnerability in the web server or to learn if the
server is configured for host header checking (an inteligence gathering
probe?).

So the incomming packet which is addressed by IP to the server has a host
header which will essenntially be ignored by the default IIS configuration.
Is it then safe to assume that IIS treats this connection request tha same as
if it had come in with mysite.com instead of yourstie.com? The server result
being to hand back the "default" home page for mysite.com?

.



Relevant Pages

  • Re: Page Cannot Be Displayed Errors
    ... In WFetch, for Advanced Request, change to "Add Headers" and write: ... > directly on the web server, ... >>> Where can I get the IIS 6.0 Resource Kit, and how do I use WFetch? ...
    (microsoft.public.inetserver.iis)
  • Re: Performance question (IIS 6)
    ... The delay on the first request is due to interaction between IIS process ... You can do this yourself by making a request to the necessary application ... Turn off all the application pool recycling parameters except maybe the ... until you reboot the server. ...
    (microsoft.public.inetserver.iis)
  • Re: Page Cannot Be Displayed Errors
    ... not IIS, but something else. ... >>> directly on the web server, ... >>>>> I have done some additional checking in the logs. ... >>>>> either the request isn't even getting to IIS at this point, ...
    (microsoft.public.inetserver.iis)
  • Re: Page Cannot Be Displayed Errors
    ... "Jesse" wrote in message ... >> In WFetch, for Advanced Request, change to "Add Headers" and write: ... >>> directly on the web server, ... >>>>> Where can I get the IIS 6.0 Resource Kit, and how do I use WFetch? ...
    (microsoft.public.inetserver.iis)
  • Re: DNS or IIS issue?
    ... the advanced tab in IIS than the CNAME in DNS. ... your server administrator." ... >>default Host header value and created a new one with the ...
    (microsoft.public.inetserver.iis)