Re: cs-host, host header and destination
From: Kristofer Gafvert (kgafvert_at_NEWSilopia.com)
Date: 03/07/04
- Next message: nick: "some winXP questions?"
- Previous message: Ken Schaefer: "Re: Windows Server 2003 & IIS on Windows Server 2000"
- In reply to: Paul: "Re: cs-host, host header and destination"
- Next in thread: Paul: "Re: cs-host, host header and destination"
- Reply: Paul: "Re: cs-host, host header and destination"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 7 Mar 2004 11:55:22 +0100
As far as i know, what the user typed to get to your server is not logged.
That is simply not important for the webserver. The request got there, and
the webserver should respond in one or another way. Remember that the
commnnication is always done using an IP. If the user typed a domain name,
that name must first be resolved to an IP.
To setup Host Headers:
"HOW TO: Use Host Header Names to Host Multiple Sites from One IP Address in
IIS 5.0"
http://support.microsoft.com/default.aspx?scid=kb;en-us;190008
"HOW TO: Use Host Header Names to Configure Multiple Web Sites in Internet
Information Services 5.0"
http://support.microsoft.com/default.aspx?scid=kb;en-us;308163
-- Regards, Kristofer Gafvert - IIS MVP Reply to newsgroup only. Remove NEWS if you must reply by email, but please do not. www.ilopia.com - FAQ and Tutorials for Windows Server 2003 "Paul" <nobody@devnull.spamcop.net> wrote in message news:9fednZD3hZ4G59fdRVn-jA@adelphia.com... > Hi Kristofer, > That is a great explanation and it raises a new question. First, I was more > looking for how, in the example you gave "telnet server.com 80 <enter>", > that "server.com" was passed as the destination and what the area of the > packet (if that is the correct term) was called and more specificly what the > name of the field is called. Also if this information or field is avalable > to be included in the IIS logs. > > The page at the URL you gave here has this in it: > > >We connected to the server www.ilopia.com on port 80, which was looked up > to be 217.208.8.97. >We then sent a request for the page index.html and the > Host Header information was >www.microsoft.com. The webserver does not care > if the domain name www.microsoft.com is looked >up to be the same IP as the > webserver. What the webserver only care about is that there was a >request > for this Host, so it is either on the WebServer, or not. It does not try to > look it up in any way, >using external resources. And since I have a Host > Header for www.microsoft.com on this server, the >client got back a page! > > It says "since I have a Host Header for www.microsoft.com on this server" > and I was wondering where and how that was set in IIS. > > Thanks, > Paul Coleman > > "Kristofer Gafvert" <kgafvert@NEWSilopia.com> wrote in message > news:OJU6IX8AEHA.628@TK2MSFTNGP10.phx.gbl... > > Hello, > > > > See if this can help you understand: > > > > http://www.ilopia.com/temp/clientToServer.html > > > > What i think that you are looking for is information about how the > > communication between a webbrowser and client is done, and then how that > > request is handled by the server, and the response back. So keywords would > > be: > > > > communication webserver client webbrowers > > > > I have however not found much information about this in any IIS books (but > i > > haven't looked that hard for it either). I think that this is covered more > > by programming books, since it is of more value to programmers to know how > > this is done. > > > > -- > > Regards, > > Kristofer Gafvert - IIS MVP > > Reply to newsgroup only. Remove NEWS if you must reply by email, but > please > > do not. > > www.ilopia.com - FAQ and Tutorials for Windows Server 2003 > > > > > > "Paul" <nobody@devnull.spamcop.net> wrote in message > > news:KIqdnQs31qzPqNfd4p2dnA@adelphia.com... > > > Hi Kristofer, > > > This reflects what I am seeing in the logs, thanks for showing me how it > > > could be done. I can understand why someone would want to cloak their > > > sending information, I just can't imagine why anyone would want to cloak > > the > > > destination. The resources they where after where questionable, so it > > > raised my concerns as to what was happening. Just so I can try to > > > understand how it actually does get routed, could you provide me with > some > > > keywords, like what the area and/or field is called so I can do a search > > and > > > find out how it does work. You can explain it here if you would like, I > > > seem to be able to understand the way you explain things. > > > Thanks, > > > Paul Coleman > > > > > > > > > > > > > > > "Kristofer Gafvert" <kgafvert@NEWSilopia.com> wrote in message > > > news:O1dEShuAEHA.576@TK2MSFTNGP11.phx.gbl... > > > > Okay, let me explain this a bit, and this might be why you see this. > > > > > > > > The CS-Host field is sent by the client. It is possible for the client > > to > > > > fake this (for privacy for example, not that this is dangerous to give > > > > out...). If the server is configured with host headers only, i dont > > think > > > > that this is possible (but not completely sure). > > > > > > > > So, let's try this with telnet. server.com is any way to make a > > connection > > > > to the server (domain name, or IP) > > > > > > > > telnet server.com 80 <enter> > > > > GET /default.html HTTP/1.1 <enter> > > > > Host: fakeHost.com <enter> > > > > <enter><enter> > > > > > > > > Now, if you look in the log file (wait until this is logged), you will > > see > > > > someone "accessing the site" using fakeHost.com. This is not really > > true, > > > > the client just sended the Host fakeHost.com > > > > > > > > Everything in the logfile starting with CS is something sent from the > > > > client, to the server. This information can be faked, and the referer > is > > > the > > > > most common faked header. If you see these strange Host together with > a > > > > strange referer, then it is almost for sure that an add-in for the > > client > > > > did this. > > > > > > > > If the client did not send a Host, nothing is logged (except for the > > dash > > > > (-)) in the logfile. > > > > > > > > Does this explain what you are seeing? It sounds that this doesn't > > happen > > > > too often, so i do not think that something is wrong with IIS. > > > > > > > > So, to sum up: > > > > > > > > CS-Host does not necessary have to have something to do with the > actual > > > > host. It is just the Host field sent by the client, to the server (and > > > there > > > > were already a connection to the server when this information was > sent). > > > > > > > > > > > > -- > > > > Regards, > > > > Kristofer Gafvert - IIS MVP > > > > Reply to newsgroup only. Remove NEWS if you must reply by email, but > > > please > > > > do not. > > > > www.ilopia.com - FAQ and Tutorials for Windows Server 2003 > > > > > > > > > > > > "Paul" <nobody@devnull.spamcop.net> wrote in message > > > > news:nfGdnSA6Udmo_trdRVn-vw@adelphia.com... > > > > > Hi, > > > > > I have always thought that the destination for a request was > > determined > > > by > > > > > the contents of the host header and thus the cs-host field in the > > logs. > > > I > > > > > expected to see either my websites IP address or a domain name that > > > > resolved > > > > > to my IP address. I have been seeing both domain names that do not > > > > resolve > > > > > to my IP address as well as NULL values in this field a small > > percentage > > > > of > > > > > the time. If this means that this field does not determine the > > > > destination, > > > > > how is a request routed to my website? What is this called so I > can > > do > > > a > > > > > search and find out more about how requests get routed to my > website? > > > > > I do not own the web server, I use a web presents provider. They > > either > > > > do > > > > > not understand the question, don't know the answer or are > deliberately > > > not > > > > > telling me for some reason. > > > > > If I am using the wrong terminology or if there is a better > > terminology > > > I > > > > > should be using, I would be grateful if you would provide that as > > well. > > > > > Thanks, > > > > > Paul Coleman > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: nick: "some winXP questions?"
- Previous message: Ken Schaefer: "Re: Windows Server 2003 & IIS on Windows Server 2000"
- In reply to: Paul: "Re: cs-host, host header and destination"
- Next in thread: Paul: "Re: cs-host, host header and destination"
- Reply: Paul: "Re: cs-host, host header and destination"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
