homepage Welcome to WebmasterWorld Guest from 54.167.144.202
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Microsoft / Microsoft IIS Web Server and ASP.NET
Forum Library, Charter, Moderators: ocean10000

Microsoft IIS Web Server and ASP.NET Forum

    
External URL
dukelips

5+ Year Member



 
Msg#: 4671181 posted 6:52 am on May 15, 2014 (gmt 0)

I have configured host header values in my iis
for www.example.com and example.com

However an external website is able to point to my ip and present the same page.

How can I stop the external url accessing my ip address

 

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4671181 posted 6:27 pm on May 15, 2014 (gmt 0)

Do you mean something like http://nnn.nnn.nnn.nnn?

If someone can get your web site using just an IP then the server's security is set up incorrectly (I forget the method for correcting this: it's usually preset).

The IIS record should include ONLY those domains and/or subdomains that should invoke the web site and MUST be set to a specific IP which must also be present in the domains DNS record.

If a specific IP is not selected for the domain in IIS (eg if it's set to All Unassigned) then any IP directed at that server may access the site. If there are several domains using a single IP (most common scenario) then all the domains must be specified correctly in IIS.

Is it possible another IIS record is set up for the IP? Have you disabled the "default" site?

[edited by: phranque at 5:21 am (utc) on May 17, 2014]
[edit reason] unlinked url [/edit]

dukelips

5+ Year Member



 
Msg#: 4671181 posted 3:08 am on May 17, 2014 (gmt 0)

the default site has been stopped.
Only example.com and www.example.com are being included as the host header value.

Still an external website is able to point to that ip and deliver the contents

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4671181 posted 5:20 am on May 17, 2014 (gmt 0)

However an external website is able to point to my ip and present the same page.

How can I stop the external url accessing my ip address

if you have a hostname canonicalization redirect in place then any request your server gets for a hostname that isn't yours would have a 301 response to the canonical url.

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4671181 posted 7:12 pm on May 17, 2014 (gmt 0)

dukelips - are you sure it's being targetted at the IP?

I often log hits from scraper/robots on my IPs (instead of a proper URL) and I reject those attempts. There is little you can do to prevent an IP access but IIS should not deliver a page for it (other than an error code with appropriate error code).

Is this a common occurrence? I would expect no more than a few dozen hits a week using an IP instead of a proper URL. If it is more frewquent then look into your hosting company assigning your IP accidentally to another web site.

Also, of course, what happens when YOU access the web site by IP? I would expect, as I said above, you would get an error page.

And find out the IP that is sourcing the access attempt, then follow up on that. If it's a server farm then take appropriate blocking measures (eg in IIS).

dukelips

5+ Year Member



 
Msg#: 4671181 posted 7:36 am on May 19, 2014 (gmt 0)

thanks for your help.
The issue is with the ip address allowed to deliver the page and a miscreant has been using it.

gpmgroup

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4671181 posted 8:41 am on May 19, 2014 (gmt 0)

Use a different home directory for the default website

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4671181 posted 8:57 am on May 19, 2014 (gmt 0)

The issue is with the ip address allowed to deliver the page

the issue is with requests for IP addresses not being redirected to the canonical hostname.

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4671181 posted 4:02 pm on May 19, 2014 (gmt 0)

the issue is with requests for IP addresses not being redirected to the canonical hostname.

Keep saying it, phranque, eventually they'll listen ;)

How can I stop the external url accessing my ip address

You can't stop them requesting it. (Same principle as for the vilest Ukrainin robot that has been getting nothing but 403s for the past five years. At most you can stop them at a firewall.) You can only stop them from getting content.

At the outset you said
www.example.com and example.com

But you're not serving content wantonly from both forms. (Uh.... are you?) Requests for the wrong one are redirected to the right one. (Uh.... aren't they?)

Details of wording will depend on your server. But the underlying pattern is always: Look at "Host:" field in request header. If it is anything other than your one preferred name, forcibly redirect them to the preferred name. Depending on your site and your target audience, you may or may not make an exception for requests that are missing the "Host:" line altogether. (HTTP 1.0 and/or antiquated browsers.) But the first step is to deal with the request header.

Now, if your unwanted visitors are human, they will still end up on your site, because their browsers will redirect them. But at least you'll get the credit, and search engines will know what's going on.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft IIS Web Server and ASP.NET
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved