1,745 questions
hi sir,
I want to configure from my iis to
- disclose private IP addresses and routing information to unauthorized parties.
- How to Prevent Host Header Attacks?
URL Redirection Using "Host" Header
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 44%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Suy Peang
91
Reputation points
Dear All Expert,
How's to filtering the parameter to only accept the URL that is expected by the application by using IIS 10?
Best Regards,
Windows development Internet Information Services
Windows for business Windows Server User experience Other
20,212 questions
{count} votes
-
MotoX80 36,291 Reputation points2022-07-11T14:32:32.327+00:00 You will need to provide more details about what you are trying to accomplish. It is not clear from your question what the problem is.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 24%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Sam Wu-MSFT 7,561 Reputation points Microsoft External Staff2022-07-12T01:59:58.443+00:00 According to your description, I couldn’t understand your requirement clearly. if you want to configure request riltering in IIS you can refer to this link: configure-request-filtering-in-iis, If I misunderstand your requirement, please post more details information about your requirement.
-
Suy Peang 91 Reputation points
2022-07-13T08:38:58.637+00:00 hi sir,
I want to configure from my iis to
- disclose private IP addresses and routing information to unauthorized parties.
- How to Prevent Host Header Attacks?
Sign in to comment
2 answers
Sort by: Most helpful
-
Suy Peang 91 Reputation points
2022-07-13T08:39:04.457+00:00 -
Sam Wu-MSFT 7,561 Reputation points Microsoft External Staff
2022-07-13T10:04:55.647+00:00 disclose private IP addresses and routing information to unauthorized parties.
You can try this setting:
- Go to IIS Manager and click on the website
- Double click on "Configuration Editor"
- Go to "system.webServer/serverRuntime"
- Enter the public domain name of the website into "alternateHostName" field
- Make sure "enabled" parameter is set to "False" and Click "Apply"
- Reset IIS
How to Prevent Host Header Attacks?
You can use URL Rewrite rules in IIS to find malicious host headers. Perform the steps below:
- Click on the site in IIS Manager
- Go to "URL Rewrite" (it should be installed first)
- Click "Add Rule(s)"
- Select "Blank rule"
- For "Match URL" section, enter (.) into the "Pattern"
- In "Conditions" section, click "Add"
- Enter {HTTP_HOST} into "Condition input"
- Select "Does Not Match the Pattern" from "Check if input string" list
- Enter ^([a-zA-Z0-9-_]+.)*domain.com$ into "Pattern" field (change domain name with yours)
- For the "Action” section, select “Redirect" from the "Action type" list
- Enter your domain address (https://domain.com/) in the "Redirect URL"
- Select "Permanent (301)" from the "Redirect type" list
- Click "Apply"
More information you can refer to this link: 1031958
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.