Re: IIS 5 Host Headers not working

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 09/09/04 

Date: Thu, 9 Sep 2004 14:33:35 +1000

Session Management should have nothing to do with Host-Headers.

When a client makes a request to a server, it sends a HTTP header called
"Host", like so:

GET /default.aspx HTTP/1.1
host: www.microsoft.com
....other headers go here (eg referer: or user-agent:)

The webserver uses the "host" header to work out which site the request
should be routed to.

Cheers
Ken

"Shane Mann" <smann@lhwh.com> wrote in message
news:ubKjrHilEHA.1152@TK2MSFTNGP11.phx.gbl...
> Okay foks, update.
>
> It just hit me, and I feel so stupid for not mentioning this. Coldfusion
> is
> running on the server. 1 of the 2 that work concurrently is actually an
> ASP
> site so session management is independent.
> This has to have something to do with it. I'm gonna broaden my search to
> encompass those ideals. Could this be a race condition in IIS5 when
> dealing
> with Coldfusion session management?
> It seems http host headers should have precedence. I'll dig some more. Let
> me know if you have any ideas.
>
> Thanks Again,
> Shane
>
> "Shane Mann" <smann@lhwh.com> wrote in message
> news:uZZUg1dlEHA.1936@TK2MSFTNGP12.phx.gbl...
>> Dear Helpful Souls,
>>
>> I have been banging my head on this one for around 8 hours now. I have a
>> IIS5 server sitting on 1 ip address.
>> There are 5 web sites configured on this server ( the default and 4
>> others ). All are using host headers; each
>> having a unique host header for each site. 3 of them work concurrently
> (the
>> default and 2 others). I mean,
>> I can send requests for any of those 3 in any order during a 5 min
> interval
>> and access all concurrently.
>> However, there are 3 sites that seem to want to "fight" for precedence. 1
> of
>> this "fighting" trio (the one loaded first),
>> will work concurrently in the afformentioned "concurrent" group while the
>> other two of the "fighting" trio don't
>> load properly if you try to visit them after first visiting the other.
>>
>> A figure may help to show the problem.
>>
>> Site 1 ----- Works regardless of which loads first or whatever
>> (concurrent group)
>>
>> Site 2 ----- Works regardless of which loads first or whatever
>> (concurrent group)
>>
>> Site 3 ----- This will work with the other two if it is loaded before
> the
>> others in this "fighting" group.
>>
>> Site 4 ----- This will work with the other two if it is loaded before
> the
>> others in this "fighting" group.
>>
>> Site 5 ----- This will work with the other two if it is loaded before
> the
>> others in this "fighting" group.
>>
>> So essentially 2 of the sites wont be accessible at any time if you
> connect
>> to 1 of the 3 that like to "fight" first.
>> Of course, after a 5 min ( or so I think) timeout they work. So I was
>> thinking this is a keep-alive issue.
>> I checked the Microsoft Knowledge Database and found a suggestion for
> being
>> updated to SP4 on Win2k
>> to fix this. We are up to date. I even went so far as to disable
> keep-alives
>> and connect timeout in each of the
>> sites just to figure this out. Nothing changed. For some reason, 3 of
> these
>> sites get confused and IIS5 sends
>> the request to the wrong Web Site.
>>
>> All of the sites are configured identically. Using unique http host
> headers,
>> all unassigned, and port 80.
>> Maybe I'm just missing something.
>>
>> If this isn't clear or anyone can help please let me know for it would be
>> much appreciated. I'll be
>> searching for more clues until then.
>>
>> Thanks For Your Time,
>> Shane
>>
>>
>
>

Relevant Pages

  • Write-up by Amit Klein: "Forging HTTP request headers with Flash"
    ... Forging HTTP request headers with Flash ... A similar syntax will send POST request (with the same header, ...
    (Bugtraq)
  • experiment supports concept of using host header names as securit y layer
    ... ISAPI filters can't evaluate a request until a virtual site has been ... selected and its set of running ISAPI filters has become known to the IIS ... As a quick experiment in using a host header name as a security device, ...
    (Focus-Microsoft)
  • Re: 400 - Bad requests under II6
    ... Your client is not sending Host: header, ... You configured a website on the server to only respond to a certain Host: ... header -- so the first request to port 80 works ...
    (microsoft.public.inetserver.iis)
  • Re: using stream_context_create to make valid HTTP request headers
    ... While I do have the website's permission to fetch the feed, their host ... My script should now be making a valid request ... ... The User-Agent header should refer to the version of the software ... why do both of these headers refer to MYSITE? ...
    (comp.lang.php)
  • Re: that preload swf files question again ...
    ... download the swf files. ... As you back-tracked through the HTTP specification from the 206 response to the Range and If-Range headers you will have noticed that this sample of the HTTP traffic was too far down stream of be informative. ... The request that Firefox initially decided not to cache was the first one it made to the server; the one with the 200 response. ... When I make that request the only header returned that is likely to have an impact on the cache-ability of the resource was the Last-Modified header. ...
    (comp.lang.javascript)
Loading