The UK Home Automation Archive

Archive Home
Group Home
Search Archive


Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OT] IIS, domains, routers and host headers



Paul Gale wrote:

> Thanks Doogie - that made good sense :-)

Phew :)

> One question though - what happens if I have two web sites setup with
ClientSite1 and ClientSite2 and ClientSite1 is mapped through the router
(domain of say ClientSite1.mydomain.com with a public IP address of course)
- the router forwards traffic for port 80 to the internal server on
192.168.0.1 - but ClientSite2 doesn't have a separate mapping or public
domain/IP etc. Is there any way of getting to ClientSite2 from the Internet
- how secure is it then? (Where does IIS get the header info from - browser
URL box???)
> Did that question make sense?

Yip.....

IIS takes the host header info from what's entered into the browser; it
is possible therefore in the scenario you've described, for someone to
put the corresponding host header name into their hosts file for
ClientSite2, pointing it at ClientSite1's external IP address, and get
served ClientSite2.

You can of course make this more "secure" by using multiple IP
addresses
internally as mentioned by someone else, the use of that externally
depends on how many external IPs you have. You can also implement things
like windows authentication etc to request logins.

--
Doogie



Home | Main Index | Thread Index

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.