Will changing HOSTS file to block unwanted sites mess up IIS? - iis

I've got IIS set up on 127.0.0.l and I'm tinkering with adware blockers that use 127.0.0.1 as the address to route malicious sites to (127.0.0.1 www.badsite.com)
Will this make all calls to those sites hit my IIS and make it load a default page?
Is there a way to still block these sites via HOSTS without hitting IIS?
On Win 7 pro.

Yes, all calls to those sites will hit your IIS instance. IIS might return a default page, or a "file not found" page, or if it has an actual page it might return that.
127.0.0.1 is used because it always points to the local machine, which prevents your computer from wasting bandwidth (and possibly DDOSing some poor victim) by trying to send these packets externally. You could try 127.0.0.2 or 127.254.254.254, which would work IIS is listening on 127.0.0.1 specifically or 127.0.0.0/24 rather than on every address on the loopback interface.
There isn't any other address guaranteed to not reach the public Internet, although you may be able to set one up yourself by locally blocking outgoing packets to 192.0.2.1 or the like in your firewall.
Other options for ad blocking include using a local proxy which would return HTTP 404 or the like for blocked URLs or a local DNS relay that would return NXDOMAIN for blocked domains.

Yes, as Anomie points out, they will hit your IIS and then will serve the default page or an error status or an actual page if it finds one (unlikely however).
To avoid that, I use 0.0.0.0 as the address. I've been using it with MVPS Hosts file without any issues for years now.
Also, as this post suggests, you can use 0 too (any invalid ip will do I guess)
Both of these will be a bit faster as they will avoid the wait for timeout on 127.0.0.1.

Another option would be to run IIS another port. If you are running behind a firewall or something like a home router, you could set it to port forward port 80 for incoming requests to your alternate port. (If you're using IIS inside, you'd need to go to http://[your ip address]:[alt port])

Related

Is it possible to bind a domain to another domain instead of a server ip?

How to bypass/manipulate HTTP_HOST?
I want, in a browser, that when I go to blabla.com, it actually opens example.com(ip:123.45.56.78).
Using windows .hosts file, I can bind blabla.com to 123.45.56.78 server, and manipulate it.
This works with dedicated ip websites, but on shared servers there are several websites binded with IP (if blabla.com is not set on that ip already) then it shows "FORBIDDEN, domain doesn't exist on server".
Is there any way that visiting blabla.com opened example.com?
The reason it doesn't work is the hosts file does not affect the HTTP host header sent by the browser.
It is possible to do that though if you use e.g. Burp Suite as an HTTP proxy.
Proxy > Options > Match and Replace allows the host header to be rewritten.
Options > Hostname Resolution allows the domain to be rebinded.

Linux/Oracle db: how to access website in same subnet using local IP address?

My Oracle 11.2 database schema has a scheduled job that queries a webpage on my website every few minutes. The database and web servers are two physical Linux machines that sit next to each other and have local IP addresses 192.168.0.11 (database) and 192.168.0.12 (web server). There is a RJ-45 cable cross-connect that directly links the two servers on the same subnet.
If I enter the web address http://xxx.xxx.xxx.xxx/path/to/webpage where xxx.xxx.xxx.xxx is the external IP address, things work fine. Things also work well if I replace xxx.xxx.xxx.xxx with www.mydomain.com.
However, I'm thinking it should be much more efficient if I could re-write xxx.xxx.xxx.xxx as 192.168.0.12 thinking that this would avoid having the request go out on the internet and come back, but rather stay on the same subnet to get to the webpage (thus saving time and resources).
req := UTL_HTTP.BEGIN_REQUEST('http://192.168.0.12/path/to/webpage');
When I try that, I get a 404 error, which makes me think it didn't get to the right webpage.
Can I keep the query on the same subnet by modifying the hosts file or some other way?
My current hosts file already contains an alias for the email server, that is:
192.168.0.12 mail.mydomain.com
If I also include the web address such as
192.168.0.12 mail.mydomain.com www.mydomain.com
would that keep the database on the same subnet when accessing the website? Or will it still leave the subnet to get there? Also, will it confuse things now that I've got two aliases (e.g. one for the database to send emails and one for the database to access webpages)?
I am not sure I would add "192.169.0.12 mail.mydomain.com www.mydomain.com" if that is not the proper IP for the host. That might only make things more confusing.
Assuming that you can ping 192.168.0.12 from the DB server, make sure that your Web Server is listening on the 192.168.0.12 address as well. It could be listening only on the external IP address, in which case, it will return HTTP 404 to every request on the 192.168.0.12 IP/interface.
On Apache, the httpd.conf file would have
listen xxx.xxx.xxx.xxx:80
which would make it listen on the external IP only.
Please note that if the purpose of your HTTP requests is to test the web server availability, you may be better of leaving things as they are. The external test is much more compreheensive than a local one could ever be.

Local IIS, how do I map a URL with a port number?

I'm runnning IIS 7 on my local dev machine. My website is up and running. To access the website, I need to enter the url with the port number in the browser's address bar (www.ScoobyDoo.dev:91). What do I need to change so I only need to enter the www.ScoobyDoo.dev portion of the url? I've done this before but I'm drawing a blank. Port 80 is hosting a different website so I can't just move this one to the default http port.
Thanks!
If you want multiple sites to reside on the same IP address then you need to use HTTP Host Headers.
Provided that your existing website doesn't use SSL then you can use host headers. To configure host headers in IIS7 you modify the "Bindings" (there's a menu item for this in the right hand side Actions pane for the site):
You want to add/edit your bindings for each site that resides on the same IP address, for example for your scoobydoo.dev site:
The caveat here is that if you have users already browsing your first site by IP address then they will need to be redirected to the site using its domain name.
You can do this by adding a site bound to the raw IP address and creating a HTTP Redirect.
I'm not sure what you're expecting to do here. If something else is binding to port 80, and your web server is binding to port 91, then you'll need to specify port 91 in the web browser when making a request to the server. By default, without being explicitly given a port in the address, a web browser will make the request on port 80 (or 443 for SSL).
You might be able to add an entry to your hosts file (c:\windows\system32\drivers\etc\hosts) where you map the non-specified port version to the specified port version, but I don't think it'll work. That file is for DNS resolution, not port mapping. Worth a try though, I suppose.
Can you clarify a bit on what exactly you're expecting? Or what you think you may have done before? I wonder if you're not giving us the whole picture here.

DNS-based strategies for showing a nice "Currently Offline" page when the server is down

How can I make that a site automagically show a nice "Currently Offline" page when the server is down (I mean, the full server is down and the request can't reach IIS)
Changing the DNS manually is not an option.
Edit: I'm looking to some kind of DNS trick to redirect to other server in case the main server is down. I can make permanent changes to the DNS, but not manually as the server goes down.
I have used the uptime services at DNSMadeEasy to great success. In effect, they set the DNS TTL to a very low number (5 minutes). They take care of pinging your server.
In the event of outage, DNS queries get directed to the secondary IP. An excellent option for a "warm spare" in small shops with limited DNS requirements. I've used them for 3 years with not a single minute of downtime.
EDIT:
This allows for geographically redundant failover, which the NLB solution proposed does not address. If the network connection is down, both servers in a standard NLB configuration will be unreachable.
Some server needs to dish out the "currently offline page", so if your server is completely down, there will have to be some other server serving the file(s), so either you can set up a cluster of servers (even if just 2) and while the first one is down, the 2nd is configured only to return the "currently offline page". Once the 1st server is back up, you can take down the 2nd safetly (as server 1 will take all the load).
You probably need a second server with 100% uptime and then add some kind of failover load balancer. to it, and if the main server is online redirect to that and if it isn't redirect to itself showing a page saying server is down
I believe that if the server is down, there is nothing you can do.
The request will send up a 404 network error because when the web address is resolved to an IP, the IP that is being requested does not exist (because the server is down). If you can't change the DNS entry, then the client browser will continue to hit xxx.xxx.xxx.xxx and will never get a response.
If the server is up, but the website is down, you have options.
EDIT
Your edit mentions that you can make a permanent change the IP. But you would still need a two server setup in order to achieve what you are talking about. You can direct the DNS to a load balancer which would be able to direct the request to a server that is currently active. However, this still requires 100% uptime for the server that the DNS points to.
No matter what, if the server that the DNS is pointing to (which you must control, in order to redirect the traffic) is down, then all requests will receive a 404 network error.
EDIT Thanks to brian for pointing out my 404 error error.
Seriously, DNS is not the right answer to server load-balancing or fail-over. Too many systems (including stub clients and ISP recursive resolve) will cache records for much longer than the specified TTL.
If both servers are on the same network, use routing protocols to achieve fail-over by having both servers present the same IP address to the network, but where the fail-over server only takes over if it detects that the (supposedly) live server is offline.
If the servers are Unix, this is easily done by running Quagga on each server, and then using OSPF as the local routing protocol. I've personally used this for warm standby servers where the redundant system was actually in another data center, albeit one that was connected via a direct link to the main data center.
Certain DNS providers, such as AWS's Route 53, have a health-check option, which can be used to re-route to a static page. AWS has a how-to guide on setting this up.
I'm thinking if the site is load balanced the load balancer itself would detect that the web servers it's trying to redirect clients to are down, therefore it would send the user to a backup server with a message dictating technical problems.
Other than that.....
The only thing I can think is to control the calling page. Obviously that won't work in all circumstances... but if you know that most of your hits to this server will come from a particular source, then you could add a java script test to the source, and redirect to a "server down" page that is generated on a different server.
But if you are trying to handle all hits, from all sources (some of which you can't control), then I think you are out of luck. As other folks are saying - when a server is down, the browser gets a 404 error when it attempts a connection.
... perhaps there would be a way at a point in between to detect 404 errors being returned by servers and replacing them with a "server is down" web page. You'd need something like an HTML firewall or some other intermediate network gear between the server and the web client.

How can I access a website configured with host headers in IIS on the local machine?

When using host headers to host multiple websites on the same IP address in IIS, is there any way of accessing that website from a browser running on the local machine?
This is normally required when a given web component only allows configuration from the local machine. It's also useful when things like ASP.Net's built in error handling isn't working and you can only view the error in the browser but don't want to allow remote users to see it.
This has baffled me for a while and everytime I come across it I end up giving up in frustration and reconfigure stuff so I can accomplish such tasks remotely.
Added: #Ishmaeel - modifying hosts doesn't seem to help - you either get a 400 error (if all websites have host headers) or whichever site is configured without a host header.
Just an idea: Mapping the hostname to 127.0.0.1 in the hosts ($WINDOWS$\system32\drivers\etc) file may help. This way you should be able to pull up the local IIS site by typing the hostname as if it's a remote server
Maybe I am not understanding the question, but what's wrong with just typing in the URL for the website? If it's the matter of domain name resolution, you can point to the right DNS or put it in hosts file.
eed3si9n -- if you are trying to access a url locally and you use host headers you cant just type in the url: for example you have 2 websites (website1.com website2.com) on 1 server using host headers. the local ip of the web server is 192.168.1.50 --> if you type in 192.168.1.50 you will get a 'page cannot found'. if you put in the url website1.com or website2.com you will be accessing the sites from the outside (not locally).
so the problem is how to access the sites locally not from the outside -- for example i need this ability so that i can access locally as the test sites are only available locally. not from the outside...
You can try telnetting to the server.
$ telnet localhost 80
(type these lines manually)
GET / HTTP/1.1
Host: www.example.com
(exchange www.example.com for the host name your server is mapped to)
I would assume the only way you can do this is assigning a custom port to the specific website you want to monitor and just access it as "localhost:CustomPort".

Resources