Welcome to WebmasterWorld Guest from 54.160.221.82

Forum Moderators: ocean10000

Message Too Old, No Replies

External URL

     
6:52 am on May 15, 2014 (gmt 0)

Preferred Member

5+ Year Member

joined:Mar 30, 2006
posts: 399
votes: 0


I have configured host header values in my iis
for www.example.com and example.com

However an external website is able to point to my ip and present the same page.

How can I stop the external url accessing my ip address
6:27 pm on May 15, 2014 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3091
votes: 2


Do you mean something like http://nnn.nnn.nnn.nnn?

If someone can get your web site using just an IP then the server's security is set up incorrectly (I forget the method for correcting this: it's usually preset).

The IIS record should include ONLY those domains and/or subdomains that should invoke the web site and MUST be set to a specific IP which must also be present in the domains DNS record.

If a specific IP is not selected for the domain in IIS (eg if it's set to All Unassigned) then any IP directed at that server may access the site. If there are several domains using a single IP (most common scenario) then all the domains must be specified correctly in IIS.

Is it possible another IIS record is set up for the IP? Have you disabled the "default" site?

[edited by: phranque at 5:21 am (utc) on May 17, 2014]
[edit reason] unlinked url [/edit]

3:08 am on May 17, 2014 (gmt 0)

Preferred Member

5+ Year Member

joined:Mar 30, 2006
posts: 399
votes: 0


the default site has been stopped.
Only example.com and www.example.com are being included as the host header value.

Still an external website is able to point to that ip and deliver the contents
5:20 am on May 17, 2014 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10542
votes: 8


However an external website is able to point to my ip and present the same page.

How can I stop the external url accessing my ip address

if you have a hostname canonicalization redirect in place then any request your server gets for a hostname that isn't yours would have a 301 response to the canonical url.
7:12 pm on May 17, 2014 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3091
votes: 2


dukelips - are you sure it's being targetted at the IP?

I often log hits from scraper/robots on my IPs (instead of a proper URL) and I reject those attempts. There is little you can do to prevent an IP access but IIS should not deliver a page for it (other than an error code with appropriate error code).

Is this a common occurrence? I would expect no more than a few dozen hits a week using an IP instead of a proper URL. If it is more frewquent then look into your hosting company assigning your IP accidentally to another web site.

Also, of course, what happens when YOU access the web site by IP? I would expect, as I said above, you would get an error page.

And find out the IP that is sourcing the access attempt, then follow up on that. If it's a server farm then take appropriate blocking measures (eg in IIS).
7:36 am on May 19, 2014 (gmt 0)

Preferred Member

5+ Year Member

joined:Mar 30, 2006
posts: 399
votes: 0


thanks for your help.
The issue is with the ip address allowed to deliver the page and a miscreant has been using it.
8:41 am on May 19, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 21, 2003
posts: 824
votes: 0


Use a different home directory for the default website
8:57 am on May 19, 2014 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10542
votes: 8


The issue is with the ip address allowed to deliver the page

the issue is with requests for IP addresses not being redirected to the canonical hostname.
4:02 pm on May 19, 2014 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month

joined:Apr 9, 2011
posts:12696
votes: 244


the issue is with requests for IP addresses not being redirected to the canonical hostname.

Keep saying it, phranque, eventually they'll listen ;)

How can I stop the external url accessing my ip address

You can't stop them requesting it. (Same principle as for the vilest Ukrainin robot that has been getting nothing but 403s for the past five years. At most you can stop them at a firewall.) You can only stop them from getting content.

At the outset you said
www.example.com and example.com

But you're not serving content wantonly from both forms. (Uh.... are you?) Requests for the wrong one are redirected to the right one. (Uh.... aren't they?)

Details of wording will depend on your server. But the underlying pattern is always: Look at "Host:" field in request header. If it is anything other than your one preferred name, forcibly redirect them to the preferred name. Depending on your site and your target audience, you may or may not make an exception for requests that are missing the "Host:" line altogether. (HTTP 1.0 and/or antiquated browsers.) But the first step is to deal with the request header.

Now, if your unwanted visitors are human, they will still end up on your site, because their browsers will redirect them. But at least you'll get the credit, and search engines will know what's going on.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members