TECHNOLOGIES: IP Addresses | IIS
When One IP Address is All You've Got
Learn how to capitalize on this treasured e-commodity.
By Don Kiely
Once upon a time, in the magical land of DARPA, a beautiful baby was born. After trying out several names, her parents lovingly decided to call her Internet. Young Internet delighted in toys. She didn't have many at first, but she accumulated more and more over time. To keep track of these toys, her parents devised a numbering system they dubbed IP addresses. Internet could ask for a toy either by asking for "rattle" or "18.104.22.168." One toy for each IP, one IP for each toy - life was good.
But trouble soon arose. For a long time, the Ministry of IPs gave out IPs for free, and you could have as many as you wanted. Now, though, its fixed supply of IPs had declined to dangerously low levels. The Minister of IPs declared henceforth that each IP would cost dearly, and each comer was limited to far fewer IPs than necessary for sustaining life. So Internet - who by now had grown to middle age, complete with beer belly - now had to share IPs with several toys. She could still ask for "22.214.171.124," but now she had to ask for "www.rattle.com" as well. And life was good, even if a bit more complicated.
Like young Internet in the land of DARPA, many of us grew up in an environment where we had one IP address for each resource we put on the Internet. But largely because of the Web, IP addresses are now a coveted, expensive, and scarce resource. So several years ago, the Internet Engineering Task Force (IETF) - the engineering brains behind the Internet - added a feature named host headers to HTTP/1.1 (IETF RFC 2616).
As the name implies, the host headers define a new HTTP header that carries with it the domain name requested by the user agent, if any (you can still request a Web page using an IP address). So when you fire up your favorite browser and type in http://www.aspnetpro.com, the browser adds a header to the packet that looks something like this:
Or, more truthfully, most of the time it will look something like that. Older browsers, particularly Internet Explorer 2.0 (and before) or Netscape Navigator 1.0, won't provide this information because they appeared before HTTP/1.1. (See References for Microsoft's solution to down-level browsers.)
The Web server needs to understand host headers as well. IIS 4.0 and later do, as do the latest versions of most other Web servers. You need to be running a server version of Windows to use host headers because PWS and the Professional versions of Win2K and WinXP require one IP address to one site.
If the browser and Web server are reasonably current, the Web server now knows the domain name the user's browser requested, and it can do whatever it wants with that information. Therein lies the key to hosting more than one Web site with a single IP address. Without changing any pages, adding scripting code, or doing anything else to what gets sent to the client, you can have IIS redirect an HTTP request automatically to any of many Web sites hosted on the server.
All you need to do is perform a couple of simple setup tasks in IIS's Internet Services Manager. I won't cover the details here because there are plenty of good descriptions available (see References). Instead I'll cover a few things I've learned while using host headers for my own Web sites.
Enable Host Headers
The biggest issue is not an actual problem, but it can cause you some initial confusion. You can enable host headers only in IIS virtual directories. This means if you have a subdirectory under C:\Inetpub\wwwroot (or wherever your inetpub directory is located) and have simply created a Web application there (by clicking on the Create button next to the Application Name box in the Properties box), you won't be able to use host headers. But if you create a new virtual directory that points either to a subdirectory of wwwroot or some other location, you'll be able to add host headers. This means you can use the server's Default Web Site because IIS configures it as a virtual directory.
So let's say Informant Communications, the parent company of asp.netNOW, asp.netPRO,and other magazines, wanted to use a single IP address of 126.96.36.199 (the IP address of www.aspnetpro.com) to host all its Web sites and all variations of the URLs. It could configure its Default Web Site with what IIS calls multiple identities:
IP: 188.8.131.52 Port: 80 Host: www.aspnetpro.com
IP: 184.108.40.206 Port: 80 Host: aspnetpro.com
IP: 220.127.116.11 Port: 80 Host: www.aspnetpro.net
IP: 18.104.22.168 Port: 80 Host: aspnetpro.net
IP: 22.214.171.124 Port: 80 Host: www.informant.com
IP: 126.96.36.199 Port: 80 Host: informant.com
IP: 188.8.131.52 Port: 80 Host: www.mssmartsolutions.com
IP: 184.108.40.206 Port: 80 Host: mssmartsolutions.com
IP: 220.127.116.11 Port: 80 Host: floyd.mssmartsolutions.com
And the list can go on for however many Web sites Informant hosts on its Web server.
Of course, this technique is not a way to get around domain registration. Informant still needs to own those domain names and must configure them to point to the 18.104.22.168 address, usually through their domain registrar. And don't forget to configure the *.aspnetpro.com name (for example) as well, so that you can use www.aspnetpro.com, floyd.aspnetpro.com, and whatever other variations.
The beauty of this technique is you can use it for multiple virtual directories, each associated with multiple Web sites. And you can share the same IP address, or one for each virtual directory. There is plenty of flexibility in how you set it up.
Incidentally, there are at least two other ways to host more than one Web site with a single IP address. You can do it programmatically, reading the host header and doing a Response.Redirect or Server.Transfer to a subdirectory. But this essentially makes all the Web sites one big Web site, which in ASP.NET means you're hooking into the hierarchy of configuration information as only one issue. And there are URL issues as well.
You also can use a single IP address but different port numbers to identify different Web sites, such as http://www.aspnetpro.com:1434. The problem here, though, is that users frequently don't include the colon and port number because it's so unusual. And using a port number opens that port up to attack by hackers probing your Web server - one more chink in what is now being called the attack surface. Don't do this unless you have to.
Using Host Headers to Set Up a Multihomed Server: http://www.windowswebsolutions.com/Articles/Index.cfm?ArticleID=7176
How to Configure Host Headers on a Windows 2000 IIS5 Server: http://www.iisfaq.com/?View=A129&P=24
Use Host Header Names to Host Multiple Sites from One IP Address in IIS 5.0: http://support.microsoft.com/default.aspx?scid=kb;en-us;190008
Supporting Host Header Names in Older Browsers: http://www.microsoft.com/windows2000/en/server/iis/default.asp?url=/windows2000/en/server/iis/htm/core/iisuphh.htm
Don Kiely is senior technology consultant for Information Insights, a business and technology consultancy in Fairbanks, Alaska. E-mail him at mailto:[email protected].