Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [host-headers]

The Host header is an HTTP header needed when multiple sites share a single IP address. See also http-headers.

The Host header is an HTTP header needed when multiple sites share a single IP address.

The Host header was first introduced as an optional header in HTTP/1.0. In HTTP/1.1 the header was changed from optional to mandatory.

See also and .

38 questions
7
votes
2 answers

Configure HAProxy to include host headers for different backends

I am exploring the use of HAProxy as a balancer in front of a set of web apis that run on IIS. node1.myapp.mycompany.com node2.myapp.mycomapny.com We are currently using Host Headers to correctly resolve the right web application on IIS. For…
Matt
  • 3,171
  • 9
  • 28
  • 33
7
votes
2 answers

Is the Host: header required over SSL?

Is the Host: header required over SSL even if the request is not HTTP/1.1? So, if a client connects over SSL, and sends the following request: GET / HTTP/1.0 Should the web server throw a bad request due to the missing Host: header? Should the web…
ImBoredAllTheTime
  • 95
  • 2
  • 8
4
votes
1 answer

IIS HTTPS Host Headers

In IIS I need to map www.example.com and example.com to use a specific SSL certificate. I have tried using appcmd and editing applicationHost.config but I don't see how to tie each host-header to a specific certificate. If I add the bindings in the…
Josh M.
  • 667
  • 8
  • 21
3
votes
1 answer

Interesting IIS weird 404 for files that exist, but only for a specific host header

So, I have a site with 2 host headers: header1.example.com header2.example.com In this site, I have a virtual directory called Foo and it has various sub-directories 1, 2, 3 & 4 that have various style sheets. A page references these style sheets…
Adam
  • 205
  • 4
  • 14
2
votes
1 answer

Publish different sites using a single IP and pfSense - Squid

I'm fairly new to pfSense, so bear with me please. To summarize, I have: A network with split DNS enabled. A single IIS web server with a single IP, different sites running using different host header binding over port 80, all sites working fine…
Noor Khaldi
  • 3,829
  • 3
  • 18
  • 28
2
votes
2 answers

Host Header Attack with reverse proxies

So I was tasked with researching a problem that was identified by an Acunetix web security scan. Here are the details about the scan: Host_header_attack Automated Detection of Host Header Attacks I can't post more than two links yet as I don't have…
Tom17
  • 333
  • 3
  • 6
2
votes
1 answer

IIS7.5 host headers multiple sites on localhost

I have troubles with IIS7 host headers. I'd like to create a domain for managing mysql with phpmyadmin. I tried to configure with these settings without success. The browser displays the localhost instead of the phpmyadmin page. Can anybody tell…
inf3rno
  • 398
  • 2
  • 4
  • 17
1
vote
2 answers

How can I remove the default host header for SSL requests in IIS6

I have multiple sites setup on IIS 6 with host headers. One of those sites has an SSL certificate installed. So now if any of the non-SSL-enabled sites is requested with HTTPS it loads the SSL-enabled site and gives a security warning. How can I…
Mike L
  • 669
  • 1
  • 6
  • 11
1
vote
1 answer

Authentication of users via IE when using "host header value"

I'm trying to set multiple web sites up in an IIS 6. I've got a working virtual site residing under the default web site, but if I create a new web site in IIS and assign it a host header value, let it point to the very same file structure as the…
Richard
1
vote
2 answers

IIS, single UC cert, multiple sites and host headers. How does it all work together?

Let me start off my saying, IIS is not a strong point of mine. I had asked THIS question here, because i was trying to use 2 different certs on different sites. Scratch all that now, there is a new configuration. I've purchased a UC cert, and given…
DanBig
  • 11,393
  • 1
  • 28
  • 53
1
vote
1 answer

Including Port number in HTTP HOST header causes Service Unavailable error

We have a WebService running on HTTPS. If I use SOAPUI and make request at: https://testservice.mydomain.com/WcfService.svc, it works fine. However the client reported they are getting 503 Service Unavailable error. In their HTTP HOST header I see…
Anurag Kalra
  • 21
  • 3
1
vote
1 answer

Prevent AWS load balancer serving on IP address

I've configured a Amazon Webservices Load Balancer for my site. It's all good the domain name resolves to the IP address of the Load Balancer Endpoint, and on the internal LAN it communicates with my two front end webservers. I've noticed in…
bendecko
  • 141
  • 1
  • 1
  • 9
1
vote
3 answers

Setting up a domain name to use host headers

I have a server that I want to host multiple web sites on using host headers. I know how to set IIS up but I am unsure how to set up the domain name. I have a domain name (ex. mydomain.com) that I want to redirect to an IP address…
Brian Kalski
  • 123
  • 1
  • 4
1
vote
1 answer

curl 7.21 does not correctly call a host with a host header on https

We found out that calling a host like following using curl 7.21 or 7.24 does produce an error in the apache config (we have multiple SSL Vhosts!). Whereas the same command runs smooth with curl 7.34 and higher. Does anyone know why? Command: curl…
martinseener
  • 149
  • 11
1
vote
1 answer

Any way to block IP address host header spoofing?

I have already added the following the following to my nginx config to deal with spoofed domains: if ($host !~* ^(.*example.org|\d+\.\d+\.\d+\.\d+)$ ) { return 444; } Right now it whitelists IP addresses since I need to accept…
Jordan Reiter
  • 1,260
  • 4
  • 17
  • 38
1
2 3