Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. How to configure Web publishing rules to host multiple Web sites with host headers in ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition

How to configure Web publishing rules to host multiple Web sites with host headers in ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition

View products that this article applies to.

Introduction

This article describes how to add host headers to a Web site in Microsoft Internet Information Services (IIS). Additionally, this article describes how to configure Web publishing rules in Microsoft Internet Security and Acceleration 2004 (ISA 2004) Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition to redirect HTTP requests from the Internet to a specific internal Web server by using the original host header.

You can use host header names with a single static IP address to host multiple sites. IIS uses the host name that is passed in the HTTP header to determine which site clients request.

Note You cannot use host headers when you are using Secure Sockets Layer (SSL), because HTTP requests that use SSL are encrypted. Host headers are part of the encrypted request and cannot be interpreted or routed to the correct site.

↑ Back to the top

More information

Configuring host headers in IIS

You can use host header names to host multiple domain names from one IP address. To do this, follow these steps.

WARNING Do not use a host header name with the default Web site. This can cause irregular behavior with add-on packages for IIS.
  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
  2. In the Internet Services Manager management console, expand the IIS Server that contains the Web site you want to modify, right-click the Web site that you want to modify, and then click Properties.
  3. In the Web_site Properties box, click the Web Site tab.
  4. On the Web Site tab, select an IP address from the list in the IP Address field, and then set the TCP Port that you want to use. Typically, the TCP port that you want is port 80.
  5. Click Advanced, and in the Advanced Multiple Web Site Configuration properties dialog box, click Add.
  6. In the Advanced Web Site Identification dialog box, click an IP address in the list in the IP Address area, type a TCP port number in the TCP Port box (this is typically port 80), type a host name in the Host Header Name box, and then click OK.

    Note If you want this site to respond to more than one host header name, use the Add button to add additional identities to the list. You can specify a different host header name for each identity, but make sure to use the same IP address and the same TCP port for each entry.
  7. Click OK in the open dialog boxes to apply the changes.
  8. Make sure that you register the host header name with the appropriate name-resolution system, such as DNS or WINS.
  9. After you register the host header name with the name-resolution system, test it in a Web browser by using the host header name to connect to the Web site.

Publish the Web server in Microsoft Forefront Threat Management Gateway, Medium Business Edition

  1. Click Start, point to Programs, point to Microsoft Forefront Threat Management Gateway, Medium Business Edition, and then click Microsoft Forefront Threat Management Gateway, Medium Business Edition.
  2. In the Microsoft Forefront Threat Management Gateway, Medium Business Edition management console, expand ForefrontTMGServerName, where ForefrontTMGServerName is the name of the Microsoft Forefront Threat Management Gateway, Medium Business Edition server.
  3. Click Firewall Policy. In the right-pane of the Microsoft Forefront Threat Management Gateway, Medium Business Edition management console, click the Tasks tab, and then under Firewall Policy Tasks, click Publish Web Sites.
  4. On the Welcome to the New Web Publishing Rule Wizard page, type a descriptive name in the Web publishing rule name box, and then click Next.
  5. On the Select Rule Action page, click the Allow option, and then click Next.
  6. On the Publishing Type page, click Publish a Single Web site or load balancer, and then click Next.
  7. On the Server Connection Security page, click Use non secured connection to connect to Published Web server or server farm, and then click Next.
  8. On the Internal Publishing Details page, provide the internal site name. If this name cannot be resolved, click Next.
  9. Provide the path of the internal Web server that you would like to publish. You can use "/*" as well. Click Forward the original Host Header instead of the actual one specified in the Internal Site Name field on the previous page, and then click Next.
  10. On the Public Name Details page, click This domain name (type below): in the Accept request for list. In the public name box, type the domain name. For example, type HostHeader.example.com, where HostHeader is the host header name that you assigned to the Web site, and example.com is the domain name. In the Paths section, provide the paths if you are aware of all the paths that all the Web sites will access. Otherwise, type "/*", and then click Next.
  11. On the Select Web Listener page, select a Web listener from the list that allows external networks access, and then click Next. If you have not already configured a Web listener, follow these steps:
    1. On the Select Web Listener page, click New.
    2. On the Welcome to New Web Listener Wizard page, type a descriptive name in the Web listener name box, and then click Next.
    3. On the Client Connection Security page, click Do not require SSL secured connection to Clients, and then click Next.
    4. On the Web Listener IP address page, select the appropriate network. If there are multiple IPs bound to this network, click the Select IP Addresses tab, select the IP address that is related to this Web site, and then click Next.
    5. On the Authentication Settings page, select the authentication method that ISA Server will use to perform the authentication for the incoming requests, and then click Next.
    6. On the Single Sign on page, click Next, and then finish the Welcome to the New Web Listener Wizard.
  12. On the Select Web listener name page, click Next.
  13. On the Authentication Delegation Page, select which authentication method will be delegated by Microsoft Forefront Threat Management Gateway, Medium Business Edition to the published server.

    Note The same method should be enabled on the published server.
  14. On the User Sets page, click All Authenticated Users, and then click Next.
  15. On the Malware Inspection page, click the appropriate radio button if you would like to enable the Malware inspection, and then click Next to finish the New Web Publishing Rule Wizard.
  16. In the Firewall Policy pane of the Microsoft Forefront Threat Management Gateway, Medium Business Edition management console, click Apply to apply the changes.
  17. Double-click the Web publishing rule to see properties. Click the Public Name tab, and then add the names of the other Web sites that will be accessed by using this rule.

Publish the Web server in ISA 2004 Server

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA 2004 Forefront TMG management console, expand ISAServerName, where ISAServerName is the name of your ISA 2004 server.
  3. Click Firewall Policy. In the right-pane of the ISA 2004 management console, click the Tasks tab, and then click Publish a Web Server Publish Web Sites under Firewall Policy Tasks.
  4. On the Welcome to the New Web Publishing Rule Wizard page, type a descriptive name in the Web publishing rule name box, and then click Next.
  5. On the Select Rule Action page, click the Allow option, and then click Next.
  6. On the Publishing Type page, click Publish a Single Web site or load balancer, and then click Next.
  7. In the Server Connection Security page, click Use non secured connection to connect to Published Web server or server farm. and then click Next.
  8. On the Internal Publishing Details Page, provide the Internal site name. If this name is not resolvable, you can provide an IP in the appropriate box below. Click Next to continue with the Internal Publishing Details Page and provide other details.
  9. Provide the path of the internal Web server that you would like to publish. You can type the /* symbol as well. Click the �Forward the original Host Header instead of the actual one specified in the Internal Site Name field on the previous page, and then click next.
  10. On the Public Name Details page, click This domain name (type below): in the Accept request for list. In the public name, type the domain name for example, HostHeader.Domain.com, where HostHeader is the host header name that you assigned to the Web site, and Domain.com is your domain name. In the Paths, provide the paths if you are aware of all the paths that all the websites would be accessing, otherwise type /*. Click Next.
  11. On the Select Web Listener page, select a Web listener from the list that allows external networks access, and then click Next. If you have not already configured a Web listener, follow these steps:
    1. On the Select Web Listener page, click New.
    2. On the Welcome to New Web Listener Wizard page, type a descriptive name in the Web listener name box, and then click Next.
    3. On the Client Connection Security page, click Do not require SSL secured connection to Clients, and then click Next.
    4. On the Web Listener IP address page, select the appropriate network, and if there are multiple IPs bound to this network, click the Select IP Addresses tab and select the IP address related to this website. Click Next.
    5. On the Authentication Settings page, select the authentication method that ISA will use to perform the authentication for the incoming requests.
    6. Click Next, two times, and then click Finish.
  12. On the Select Web listener name page, click Next.
  13. On the Authentication Delegation page, select which authentication method will be delegated by the ISA to the published server. The same method should be enabled on the published server.
  14. On the User Sets page, select All Authenticated Users, and then click Next.
  15. On the Malware Inspection page, click the appropriate radio button if you would like to enable Malware inspection, and then click Next to finish the New Web Publishing Rule Wizard.
  16. On the User Sets page, select All Users, click Next, and then click Finish.
  17. In the Firewall Policy pane of the ISA 2004 management console, click Apply to apply the changes.
  18. Double-click the Web publishing rule to see its properties. Click the Public Name tab and add the names of the other websites that will be accessed using this rule.

↑ Back to the top

References

For additional information about configuring host headers names in IIS 6.0, click the following article number to view the article in the Microsoft Knowledge Base:
324287 � How to use host header names to configure multiple Web sites in Internet Information Services 6.0


For additional information about how to use a HOSTS file to test sites that use host headers, click the following article number to view the article in the Microsoft Knowledge Base:
228760� How to use a HOSTS file to test a site that uses host headers on an intranet


For additional information about configuring Web publishing rules to host Web sites with host headers in ISA Server 2000, click the following article number to view the article in the Microsoft Knowledge Base:
305052� Configuring Web publishing rules to host multiple Web sites with host headers in ISA Server

↑ Back to the top

Keywords: KB838252, kbhowto

↑ Back to the top

Article Info
Article ID : 838252
Revision : 5
Created on : 12/5/2006
Published on : 12/5/2006
Exists online : False
Views : 502