homepage Welcome to WebmasterWorld Guest from 54.197.94.241
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Microsoft / Microsoft IIS Web Server and ASP.NET
Forum Library, Charter, Moderators: ocean10000

Microsoft IIS Web Server and ASP.NET Forum

    
External URL
dukelips




msg:4671183
 6:52 am on May 15, 2014 (gmt 0)

I have configured host header values in my iis
for www.example.com and example.com

However an external website is able to point to my ip and present the same page.

How can I stop the external url accessing my ip address

 

dstiles




msg:4671337
 6:27 pm on May 15, 2014 (gmt 0)

Do you mean something like http://nnn.nnn.nnn.nnn?

If someone can get your web site using just an IP then the server's security is set up incorrectly (I forget the method for correcting this: it's usually preset).

The IIS record should include ONLY those domains and/or subdomains that should invoke the web site and MUST be set to a specific IP which must also be present in the domains DNS record.

If a specific IP is not selected for the domain in IIS (eg if it's set to All Unassigned) then any IP directed at that server may access the site. If there are several domains using a single IP (most common scenario) then all the domains must be specified correctly in IIS.

Is it possible another IIS record is set up for the IP? Have you disabled the "default" site?

[edited by: phranque at 5:21 am (utc) on May 17, 2014]
[edit reason] unlinked url [/edit]

dukelips




msg:4671825
 3:08 am on May 17, 2014 (gmt 0)

the default site has been stopped.
Only example.com and www.example.com are being included as the host header value.

Still an external website is able to point to that ip and deliver the contents

phranque




msg:4671832
 5:20 am on May 17, 2014 (gmt 0)

However an external website is able to point to my ip and present the same page.

How can I stop the external url accessing my ip address

if you have a hostname canonicalization redirect in place then any request your server gets for a hostname that isn't yours would have a 301 response to the canonical url.

dstiles




msg:4671940
 7:12 pm on May 17, 2014 (gmt 0)

dukelips - are you sure it's being targetted at the IP?

I often log hits from scraper/robots on my IPs (instead of a proper URL) and I reject those attempts. There is little you can do to prevent an IP access but IIS should not deliver a page for it (other than an error code with appropriate error code).

Is this a common occurrence? I would expect no more than a few dozen hits a week using an IP instead of a proper URL. If it is more frewquent then look into your hosting company assigning your IP accidentally to another web site.

Also, of course, what happens when YOU access the web site by IP? I would expect, as I said above, you would get an error page.

And find out the IP that is sourcing the access attempt, then follow up on that. If it's a server farm then take appropriate blocking measures (eg in IIS).

dukelips




msg:4672177
 7:36 am on May 19, 2014 (gmt 0)

thanks for your help.
The issue is with the ip address allowed to deliver the page and a miscreant has been using it.

gpmgroup




msg:4672189
 8:41 am on May 19, 2014 (gmt 0)

Use a different home directory for the default website

phranque




msg:4672192
 8:57 am on May 19, 2014 (gmt 0)

The issue is with the ip address allowed to deliver the page

the issue is with requests for IP addresses not being redirected to the canonical hostname.

lucy24




msg:4672286
 4:02 pm on May 19, 2014 (gmt 0)

the issue is with requests for IP addresses not being redirected to the canonical hostname.

Keep saying it, phranque, eventually they'll listen ;)

How can I stop the external url accessing my ip address

You can't stop them requesting it. (Same principle as for the vilest Ukrainin robot that has been getting nothing but 403s for the past five years. At most you can stop them at a firewall.) You can only stop them from getting content.

At the outset you said
www.example.com and example.com

But you're not serving content wantonly from both forms. (Uh.... are you?) Requests for the wrong one are redirected to the right one. (Uh.... aren't they?)

Details of wording will depend on your server. But the underlying pattern is always: Look at "Host:" field in request header. If it is anything other than your one preferred name, forcibly redirect them to the preferred name. Depending on your site and your target audience, you may or may not make an exception for requests that are missing the "Host:" line altogether. (HTTP 1.0 and/or antiquated browsers.) But the first step is to deal with the request header.

Now, if your unwanted visitors are human, they will still end up on your site, because their browsers will redirect them. But at least you'll get the credit, and search engines will know what's going on.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft IIS Web Server and ASP.NET
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved