Re: Problems with Multiple Websites using Multiple IP Addresses

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: aharris23 (aharris23_at_discussions.microsoft.com)
Date: 11/23/04 

Date: Mon, 22 Nov 2004 19:12:24 -0800

Heres the issue:

I have my default IIS website running Outlook Web Access - 192.168.0.1 SSL
443. I also have windows sharepoint services on two separate web sites that I
also would like secured with SSL.

How do I go about securing all of them with SSL and host headers? I'd have
to use different SSL ports? That's not ideal, as I would have to open more
ports on my firewall and it might become confusing.

"Ben Strackany" wrote:

> What you should instead do is use host headers. Search on google for
> multihomed IIS.
>
> All those DNS records are probably getting mapped to a single public IP,
> which means all traffic for all those domains ends up going to 192.168.0.1.
> So on those webs in IIS you should add another entry for the server bindings
> ("Advanced" button by IP Address in Web Site tab).
>
> For the "team" website, add 192.168.0.1 as the IP, 80 as the port, and
> team.mydomain.ca as the host header.
>
> For the "www" website, add 192.168.0.1 as the IP, 80 as the port, and
> www.mydomain.ca as the host header.
>
>
>
> --
> Ben Strackany
> www.developmentnow.com
>
> dn
>
>
> "aharris23" <aharris23@discussions.microsoft.com> wrote in message
> news:AD7C6862-B2DC-4FCB-9B5A-B7EFB8111466@microsoft.com...
> > Hey,
> >
> > I have several websites running on IIS 6.0 and have decided to convert the
> > setup over to use multiple IP addresses for several of the sites. I added
> the
> > IPs in the tcp/ip properties of the nic on the server, and selected the IP
> > from the dropdown list in IIS manager. I also have setup the appropriate
> host
> > headers.
> >
> > The problem I'm having is that when I go to view the websites, it returns
> > the default IIS page. Is there some extra DNS, firewall or NAT stuff I
> have
> > to take care of in order to get this working?
> >
> > To give an example:
> >
> > I have the domain mydomain.ca. My server name is SERVER1, the FQDN of the
> > server is SERVER1.mydomain.ca. I want to have several different web sites
> > with this domain, all with different IP addresses (team.mydomain.ca,
> > xyz.mydomain.ca) for SSL purposes.
> >
> > I have the default page running on 192.168.0.1, www.mydomain.ca running on
> > 192.168.0.5 and team.mydomain.ca running on 192.168.0.6. From the server,
> if
> > I go to 192.168.0.5 or 192.168.0.6 it returns the appropriate page. From
> an
> > external computer, if i attempt to access any of these pages it returns
> the
> > default web page. If i turn off the default page, it returns a 400 error.
> >
> > I have tried using the iplisten command of httpcfg that was described by
> > someone with a similar issue, but to no avail. If I run any of the other
> > pages off 192.168.0.1 it works appropriately.
> >
> > If it's a DNS issue, I don't understand how I would be able to direct www
> > and team records to go to 192.168.05 or 192.168.0.6. As far as my firewall
> > (Firebox x500) is concerned - it routes port 80 traffic to 192.168.0.1.
> >
> > Does anyone have any suggestions about what I am doing wrong?
>
>
>

Relevant Pages

  • Re: Mutliple sites needing to communicate over SSL on one IIS server
    ... it is not a limitation of IIS. ... The request (including the ... webserver) to find out what the host header is. ... "HTTP 1.1 Host Headers Are Not Supported When You Use SSL" ...
    (microsoft.public.inetserver.iis)
  • Re: SSL broken after Windows 2003 upgrade
    ... The svchost.exe you reference is "IIS". ... routes them to the appropriate w3wp.exe based on configuration from WAS ... WFetch can make both a normal SSL request as well as a Client-Certificate ...
    (microsoft.public.inetserver.iis)
  • Re: Multiple Sites running same code, w/SSL.
    ... This is a limitation in SSL, not IIS. ... Here is the problem -- Host header is a property of the HTTP request (it is ... the website and hence server certificate, is encrypted in the very thing ...
    (microsoft.public.inetserver.iis.security)
  • Re: Win2003 Upgrade Broke SSL?
    ... The reason I say that the upgrade did not break SSL is because IIS has no ... problems relating to port 443 being occupied suggests that you did something ...
    (microsoft.public.inetserver.iis)
  • Re: WCF webservice over SSL and without
    ... Based on your further description, you have setup the SSL correctly in IIS server, but encountered some problem visit the WCF service's metadata page, correct? ... \par> Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.webservices)