Most IIS administrators are aware that IIS (versions 4.0, 5.0—and soon—6.0) can host multiple Web sites on one machine. The most common implementation of hosting multiple Web sites is to dedicate a single IP address to each Web site. The least common approach is to assign a unique port number to each Web site. A third and very viable alternative is to assign host header names (often referred to as host headers) to each Web site. You can use host headers to host multiple domain names from a single IP address. Host headers let IIS snatch a host name out of the HTTP header that the browser sends to the server. For example, if I type http://www.InterKnowlogy.com/aboutUs/PressRelease.asp in my browser, the IIS 5.0 server that services the request extrapolates www.InterKnowlogy.com as the host header and routes the request to the proper Web site. Some very old browsers don't support the HTTP 1.1 protocol, so they can't send host names in the header. But those browsers are few and far between; even the Macintosh version of Netscape 2.0.2 supports host headers.
You'll need to configure and host some form of name resolution, such as DNS, to make sure requests from your site are properly routed to your Web server. You'll also need to stop Default Web Site because it responds to all assigned IP addresses by default. Or you can assign a host header to Default Web Site and force it to respond to a single IP address. I don't recommend this approach because IIS add-on packages (such as Microsoft Proxy Server) expect the default Web site to use the IP address of All Unassigned.
Follow these steps to assign host headers:
Run Internet Service Manager (ISM) (Start, Programs, Administrative Tools, Internet Service Manager).
To add each Web site to your server, right-click the server name in ISM, click New, then click Web Site. Follow the wizard to create the site(s).
Right-click one of the Web sites that will use host headers, then click Properties.
On the Web Site tab, select the IP address all the sites will use. You'll probably keep the default of TCP Port 80, the port that services the HTTP requests.
Click Advanced next to the IP Address. In the "Multiple identities for this Web Site" list, select the Web site identity, click Edit, then add the desired host header (e.g., www.win2000mag.com). NOTE: If you want this Web site to respond to more than one host header (e.g., www.win2000mag.com and www.iisadministrator.com), use the Add button to add other identities to this list using the same IP address and port. You'll need to set up some form of name resolution (such as DNS) for each identity.
Click OK three times to apply the change(s).
Stop, then start the Web site.
Repeat steps 3 through 7 for the remaining Web sites.
Now you're ready to run a test. Grab a browser and navigate to your sites using the host headers. The browser will open the appropriate Web sites as applicable.
Using host headers has one drawback—IIS doesn't support Secure Sockets Layer (SSL) with host headers. IIS encrypts the HTTP header when it routes the request, so it can't determine the host header it needs to route to the correct Web site. Because IIS has to decrypt the SSL key anyway, it should be smart enough to perform the encryption during routing by rotating through the key types until it successfully decrypts the host header from the body of the encrypted HTTP header. But it doesn't. A really sharp Internet Server API (ISAPI) developer could probably do just that, but that level of development pain probably isn't worth the effort; simply dedicating an IP address to each Web site overcomes the SSL problem.
End of Article
The article states that the Default Web site must be stopped or it can be set up with host headers also. We have the host headers set for most of our sites, while the default site responds to all queries that don't go to one of the host header sites. This doesn't seem to have been a problem, but does anyone know why it may be, or how the problem may manifest itself?
Also, since we are fortunate to have a domain name that was not being used for another purpose, we used it for SSL use. It seemed to work in testing, but has not been operationally tested yet. Anyone see a problem with that?
M. Wright May 30, 2001
We also have successfully made the default website respond to All Unassigned IP addresses even with many of the sites in IIS 5 having host headers. The good thing about this scenario from a web host's point of view is that instead of visitors getting a 404 page when a client has not changed their nameservers or has forgotten to renew their domain name's registration, the web host gets the traffic instead of a phone saying their site is offline.
Regarding M. Wright's question of their being a problem with assigning a separate domain name for use with SSL, I am at a loss as to what he is referring. However, if he is saying that IIS5 can be configured such that a separate domain name can be say the "secure.avehost.com" instance for SSL while avehostB.com is a host header site using the same ip, sure, as long as a certificate binding and use of ssl is restricted to the secure.avehost.com domain and is not used on the avehostB.com domain. This still leaves the problem of how to make ssl work on both secure.avehost.com and avehostB.com.
Chris Kipple, CEO, AveHost.com August 30, 2001
Thanks for this useful information.
Tuncay Besikci February 13, 2004
That was really useful. Got it working in 2 minutes!
Tristan May 03, 2004
How do you view web pages with headers over the same network your web server is on?
kpeters June 03, 2004
Wow this article help me fixed me problem in 2 minute. Thx for that! Really appreciate it.
Alex June 23, 2004
Hey, that worked like a charm. Thanks a lot!
Cheers Neil
Neil June 25, 2004
Dude, you should really say what software is required for this article. I read the whole article and then spent hours trying to implement it. You could have saved everbody a lot of time if you said it only works on windows 2000 SERVER. how friggin basic is that for a technology article--where is your brain. Warning to all you running windows xp--this will not work for you!!
tomandlis July 24, 2004 (Article Rating: )
Dude, you should really read the DATE on the article. You could have saved yourself a lot of time if you noticed that this article was written BEFORE Windows XP was even released. Clue 1: He refers to his version of IIS as 5.0 Clue 2: He refers to version 6 of IIS as something that will be coming out "soon." Clue 3: The article is dated May 2001. How friggin obvious is that? Next I suppose we will need disclaimers on all web sites explaining that they don't magically update every article in existence each time MS releases a new version.
Warning to all you running windows xp--Don't try to apply articles written three and a half years ago to your systems and expect them to work.
You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor?
Register now
An often irreverent look at some of the week's other news, including some more Windows 7 sales momentum, some Sophos stupidity, Microsoft's cloud computing self-loathing, more whining from the browser makers, Zoho's "Fake Office," and much, much more ...
Let Your Users Reset Their Own Passwords: Free Download Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.
Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!
Deep Dive into VMware vSphere, eLearning Series Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
)
)
Register
Also, since we are fortunate to have a domain name that was not being used for another purpose, we used it for SSL use. It seemed to work in testing, but has not been operationally tested yet. Anyone see a problem with that?
M. Wright May 30, 2001