IIS 7 and Above
How to - stop IIS from access vie ip https:<ipaddress>
Last post Jun 05, 2019 05:33 PM by Rovastar
May 31, 2019 05:28 PM|Kellyo|LINK
I have a multihomed server running 5 sites. some run SSL certs and some don't. All of the sites seem to work fine and can be accessed correctly HTTP or HTTPS via binding to the hostname. However, the server is responding to generic https: <IP address> requests
with a self-signed cert. I only have a binding to HTTP and a hostname on the default website. No sites have bindings without a hostname..
I am looking for ideas on where else to look to stop this generic HTTPS: response.?
Just an update, and it may be a coincidence. but it is getting a response from one of the first website in the list that does have an SSL Cert.
May 31, 2019 06:05 PM|lextm|LINK
The openness of Windows HTTP API allows anything to hook to it, not only IIS. So when you confirmed that on IIS you have no site bindings for that HTTPS service, please check other things (Windows services for example). Usually the response messages might
tell what that service belongs to, so you might use a tool like Wireshark to analyze it. Such goes far beyond IIS.
May 31, 2019 07:06 PM|Kellyo|LINK
First off thank you for the reply..
Just to clarify.. the https request is being forwared to another website. As I can see from the
https://"your connection is not private" message.
"This server could not prove that it is X.X.X.X; its security certificate is from www.mmdomain.org. This may be caused by a misconfiguration or an attacker intercepting your connection."
Where mmdomani.org does have a valid certificate. However all of the websites are on a shared IP address.
I'm thinking can I create a website with the IP bound in the hostname and black-hole it somewhere or just deny it without denying requests on that IP that have a valid hostnames in their binding.?.
Jun 04, 2019 08:13 AM|Jalpa Panchal|LINK
Could you please provide a snapshot of detailed binding information with each certificate binding detail?
Jun 05, 2019 05:33 PM|Rovastar|LINK
I think you will always be able to hit the server with the (not normal usage) https://<IP Address> you will always get a cert warning screen. No matter what you do in any configuration.
It is not an IIS thing it is just an Internet thing.