Member Avatar for azza85

Hi All,

I am a software developer and am trying to get my head around how Host Headers work.

When a Host Header is setup for a domain in the format *.domainname.com, e.g. "test.domainname.com", I can navigate to the site by typing in the address including the Host Header information.

However, in IIS if I setup a "binding" for a site, e.g. "http:192.168.1.1:80:test", what is the difference between this and my previous example? I cannot navigate to the address by using "test.domainname.com", I REQUIRE a DNS entry, since the HOST information is part of the http request.

I'm just a little confused as why I can't bypass the DNS entry by typing the IP (and directory) directly into the address bar, what magic does the DNS entry do that I can't do manually? Is it because the DNS server looks at the HOST information in the http request?

Any help/advice in aiding me to understand this would be great!

Many thanks in advance,

AJ

  • 3 Contributors
  • 5 Replies
  • 196 Views
  • 10 Hours Discussion Span
  • Latest Post Latest Post by sknake

Recommended Answers

All 5 Replies

Member Avatar for sknake

I don't understand what you're asking. Yes the URL you provide in the address bar is part of the HTTP header.

Example 1 using IP:

Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 1.1.4322)
Accept-Encoding: gzip, deflate
Host: 10.2.1.222
Connection: Keep-Alive

Example 2 using IP:

Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 1.1.4322)
Accept-Encoding: gzip, deflate
Host: www.apexsoftware.com
Connection: Keep-Alive

Also by default one site in IIS has a wildcard to accept all traffic so any host headers not specified will the default site.

Also the "binding" you posted for IIS looks wrong. In IIS it asks you to provide the host information and that is all. That being said you should specify
"test.hostname.com" and "192.168.1.1", leave off the http:. The PORT is embedded in the HOST HEADER if it is not 80. If the port is :80 then IE does not include it, even if specified in the address bar.

Member Avatar for gbarnas

Take a look at the web server configuration whitepaper on my web site. It might help explain things a bit. It's an excerpt from an IIS Admin class that I wrote a few years back.

Basically, IIS routes traffic from most-specific to least specific delivery address. A web instance bound to an IP address AND a host header is more specific than an instance bound to the same IP without a host header. If HTTP traffic arrives with no matching host header and/or IP (or the corresponding web instance is down) then the traffic is delivered to the next most specific siet, or the Default web site. This is why it's not a good practice for the default web site to be used to host production sites. It's also not a good idea to mix sites with and without host headers on the same IP address.

We use 17 IPs on our production web servers - one for the server itself (management) and 16 IPs for an assortment of dedicated HTTP/HTTPS (no host header) and shared (HTTP-only, host header) instances.

Keep in mind that using host headers prevents you from employing SSL security. Since the cert is bound to a specific site instance, the IIS server can't read the host header from the encrypted packet to determine the site to deliver it to.

Glenn

Member Avatar for azza85

Hello,

Firstly, thanks to both of you for the responses. I have had a quick read over the link you sent Gbarnas, and it makes sense to me.

I believe my confusion might be coming from the fact that I am trying to work backwards from an existing IIS website that has been setup. At the moment I don't have access to the DNS information, but it has been setup previously by the IT team.

Perhaps if I explain the current setup it might help:

I have access to a Windows 2008 server running IIS 7. One of the existing sites has a Binding of - "http:192.168.1.1:80:mysite" (I've replaced the IP addresses for security reasons).

The way I am used to Host Headers, I believe that I should be able to access the site using "mysite.domainname.com", but this isn't working for me. If I click "Browse" on the virtual site, Internet Explorer opens with the address "http://mysite" and looks fine. What my real question is is... what should the direct address to this site be if the binding is as I have displayed (accessing it from a different computer in the network)?

I'm guessing this is a different type of Host Header from what I am used to.

Many thanks again...

AJ

Member Avatar for sknake

> The way I am used to Host Headers, I believe that I should be able to access the site using "mysite.domainname.com", but this isn't working for me

You should be able to access your site with the mysite.domain.com IF you have a host header set up on the site in IIS. Just because mysite.domain.com resolves to 1.2.3.4 doesn't mean that someone browsing to http://mysite.domain.com will be automatically sent to the site having 1.2.3.4 bound on it, you should bind whatever you want the user to browse to.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.