IIS: HTTP 1.1 Host Headers Not Supported When Using SSL
ID: Q187504
|
The information in this article applies to:
-
Microsoft Internet Information Server version 4.0
SUMMARY
When you use Secure Sockets Layer (SSL), HTTP 1.1 Host Headers will not
function. This is because Host Headers are included in the encrypted
request.
MORE INFORMATION
When a Web server is configured to use SSL, Microsoft Internet Information
Server (IIS) must determine which certificate to use. IIS 4.0 supports
multiple Web servers on a single server, so it is feasible to have
multiple certificates loaded. Only one certificate will be used with a
given Web server.
Internet Information Server version 4.0 allows a server to host multiple
Web sites. This is achieved by any of the following:
- Using different IP addresses, but the same port number
- Using the same IP address, but different port numbers
- Using the same IP address and port number, but using HTTP 1.1 Host Headers
Host Headers allow the server to determine which Web server to use in the
event the IP address or port number are the same and are part of the HTTP
1.1 protocol. This information is included as part of the request header
sent by the browser to the server.
When a request comes to the server using SSL, IIS looks in its
configuration store to determine which certificate to use. This is
performed by doing a lookup on the IP/Port combination. When there are
multiple Web servers on a computer that all have the same IP address and
port number configured to use Host Headers, the normal progression of
events is to look at the Host Header to determine which Web server to use.
However, the client request is still encrypted using SSL. Therefore, the
header is encrypted, and IIS cannot determine which server certificate to
use nor which Web server to communicate with (as it could be one of many).
Keywords :
Version : WINNT:4.0
Platform : winnt
Issue type : kbinfo
Last Reviewed: April 27, 1999