We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

How to - stop IIS from access vie ip https:<ipaddress>RSS

4 replies

Last post Jun 05, 2019 05:33 PM by Rovastar

  • How to - stop IIS from access vie ip https:<ipaddress>

    May 31, 2019 05:28 PM|Kellyo|LINK

    I have a multihomed server running 5 sites. some run SSL certs and some don't. All of the sites seem to work fine and can be accessed correctly HTTP or HTTPS via binding to the hostname.  However, the server is responding to generic https: <IP address> requests with a self-signed cert.  I only have a binding to HTTP and a hostname on the default website.   No sites have bindings without a hostname..   

    I am looking for ideas on where else to look to stop this generic HTTPS: response.?   

    Thank you. 

    Just an update, and it may be a coincidence. but it is getting a response from one of the first website in the list that does have an SSL Cert. 

  • Re: How to - stop IIS from access vie ip https:<ipaddress>

    May 31, 2019 06:05 PM|lextm|LINK

    The openness of Windows HTTP API allows anything to hook to it, not only IIS. So when you confirmed that on IIS you have no site bindings for that HTTPS service, please check other things (Windows services for example). Usually the response messages might tell what that service belongs to, so you might use a tool like Wireshark to analyze it. Such goes far beyond IIS.

    Lex Li
    Want to have a chat on the issues you meet? Book an appointment at https://buy.stripe.com/cN24ia0yi7sAdIA7sv
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: How to - stop IIS from access vie ip https:<ipaddress>

    May 31, 2019 07:06 PM|Kellyo|LINK

    First off thank you for the reply..

    Just to clarify.. the https request is being forwared to another website. As I can see from the https://"your connection is not private" message.  

    "This server could not prove that it is X.X.X.X; its security certificate is from www.mmdomain.org. This may be caused by a misconfiguration or an attacker intercepting your connection."

    Where mmdomani.org does have a valid certificate.  However all of the websites are on a shared IP address. 

    I'm thinking can I create a website with the IP bound in the hostname and black-hole it somewhere or  just deny it without denying requests on that IP that have a valid hostnames in their binding.?. 

  • Re: How to - stop IIS from access vie ip https:<ipaddress>

    Jun 04, 2019 08:13 AM|Jalpa Panchal|LINK

    Hi Kellyo,

    Could you please provide a snapshot of detailed binding information with each certificate binding detail?

    Regards,

    Jalpa

    .NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.
  • Rovastar Rovastar

    5495 Posts

    MVP

    Moderator

    Re: How to - stop IIS from access vie ip https:<ipaddress>

    Jun 05, 2019 05:33 PM|Rovastar|LINK

    I think you will always be able to hit the server with the (not normal usage) https://<IP Address> you will always get a cert warning screen. No matter what you do in any configuration.

    It is not an IIS thing it is just an Internet thing.

    Troubleshoot IIS in style
    https://www.leansentry.com/