Discussion:
IIS 6.0 - no host header value - Are host header requests processe
(too old to reply)
asmizer
2007-11-07 16:23:00 UTC
Permalink
IIS 6.0, the site does not have a "host header value" it is the
"Default:None".

What happens when an initial get request does not contain the site header?
E.g The Get comes to my IP address but instead of askign for "mysite.com" it
contains "yoursite.com"? Given that mysite.com resolves to the requested IP
address and Yoursite.com does not resolve to the requested IP address.
Ken Schaefer
2007-11-08 03:56:39 UTC
Permalink
Post by asmizer
IIS 6.0, the site does not have a "host header value" it is the
"Default:None".
What happens when an initial get request does not contain the site header?
E.g The Get comes to my IP address but instead of askign for "mysite.com" it
contains "yoursite.com"? Given that mysite.com resolves to the requested IP
address and Yoursite.com does not resolve to the requested IP address.
If yoursite.com does not resolve to the IP address, why is the browser even
making the request to your webserver (except possibly to log spam in your
logfiles)

IIS will match incoming requests to sites from the most specific to the
least specific bindings.

If you have a site that listens on "all unassigned" and has no host header,
it will get all requests that can not be routed to a more specific site.

Cheers
Ken
asmizer
2007-11-08 13:10:01 UTC
Permalink
Post by Ken Schaefer
Post by asmizer
IIS 6.0, the site does not have a "host header value" it is the
"Default:None".
What happens when an initial get request does not contain the site header?
E.g The Get comes to my IP address but instead of askign for "mysite.com" it
contains "yoursite.com"? Given that mysite.com resolves to the requested IP
address and Yoursite.com does not resolve to the requested IP address.
If yoursite.com does not resolve to the IP address, why is the browser even
making the request to your webserver (except possibly to log spam in your
logfiles)
IIS will match incoming requests to sites from the most specific to the
least specific bindings.
If you have a site that listens on "all unassigned" and has no host header,
it will get all requests that can not be routed to a more specific site.
Cheers
Ken
The incomming packet is intentionaly malformed. Why? I assume it is an
attempt to probe for some vulnerability in the web server or to learn if the
server is configured for host header checking (an inteligence gathering
probe?).

So the incomming packet which is addressed by IP to the server has a host
header which will essenntially be ignored by the default IIS configuration.
Is it then safe to assume that IIS treats this connection request tha same as
if it had come in with mysite.com instead of yourstie.com? The server result
being to hand back the "default" home page for mysite.com?
Ken Schaefer
2007-11-11 01:12:58 UTC
Permalink
Hi,

The packets may not be malformed - it may be that the end client is using a
DNS server that is incorrectly configured (so that even though you are
hosting site1.com, the remote DNS has site2.com pointing to your IP address
rather than correct IP address).

In the case that a request comes in with a host header that matches none of
the websites on your machine, then IIS will look for a site that is
listening with no host header value *and* specifically bound to the IP
address that the request came in on.

If there is no matching site, then IIS will look for a site that has no host
header, and is listening on "all unassigned" IP addresses.

And then, if there are no matching sites, a 400 Bad Request will be sent
back to the client.

So the pattern would be (assuming all sites listening on port 80 - otherwise
we'd also need to add a check for the port being used):

Is there a site that matches Host Header + IP address?
Is there a site that maches IP address?
Is there a site that is listening on "all unassigned"?

Cheers
Ken
Post by asmizer
Post by Ken Schaefer
Post by asmizer
IIS 6.0, the site does not have a "host header value" it is the
"Default:None".
What happens when an initial get request does not contain the site header?
E.g The Get comes to my IP address but instead of askign for
"mysite.com"
it
contains "yoursite.com"? Given that mysite.com resolves to the
requested
IP
address and Yoursite.com does not resolve to the requested IP address.
If yoursite.com does not resolve to the IP address, why is the browser even
making the request to your webserver (except possibly to log spam in your
logfiles)
IIS will match incoming requests to sites from the most specific to the
least specific bindings.
If you have a site that listens on "all unassigned" and has no host header,
it will get all requests that can not be routed to a more specific site.
Cheers
Ken
The incomming packet is intentionaly malformed. Why? I assume it is an
attempt to probe for some vulnerability in the web server or to learn if the
server is configured for host header checking (an inteligence gathering
probe?).
So the incomming packet which is addressed by IP to the server has a host
header which will essenntially be ignored by the default IIS
configuration.
Is it then safe to assume that IIS treats this connection request tha same as
if it had come in with mysite.com instead of yourstie.com? The server result
being to hand back the "default" home page for mysite.com?
Loading...