Setting up Host Headers in IIS 6.0
The topic recently came up where I was asked how I set up multiple sites on the same port and IP address in IIS. There are two separate threads on how this works, first is setting the web site to respond to the primary domain and the www alias or more domains. The other thread is setting up multiple sites to respond on the same IP address from the same instance of IIS.
I have been hosting sites in a shared environment for almost 8 years now. I started out with a small set of IP addresses available to me. So I chose use one of the IP addresses as my primary shared site address. IIS allows this because it translates the host header to route the request to the proper web site, which makes this practice very natural and easy. Since most web sites are in a shared environment this is how almost all web sites would be configured. If you examine some IP addresses you will find some will have over 100,000 domains assigned to them.
The way IIS differentiates requests for a site is by examining the domain, port number and IP requested. These three items compose a Host Header. This information is passed to the server with each request. The IP address is typically appended during the request by the client as soon as it has done the DNS translation.
Port 80 is the standard TCP/IP port for web traffic, which is assumed by all browsers unless explicitly specified by the end user in the address bar. SSL, or Secure Socket Layer, is typically passed over port 443. This is designated by the address containing https in the beginning. There is nothing prohibiting you from using any port to serve web or http content across the web. Many times you will see an address like http://www.somedomain.com:8080, where the :8080 is the port designation.
Web sites, as well as any other server, such as e-mail, SQL Server, etc, can be configured to respond to any port. You should be aware of potentially stepping on toes of other applications by using their standard IP address.
The web server will examine the request header for all three values and route the request to the appropriate site. If there is no site configured for that combination it will return a 404 status code, which means the item was not found by the server. The use of all three values allows the server to leverage the combination to let multiple sites be assigned to the same IP address.
The other feature a web site in IIS can have is an unlimited number of host headers defined for a web site. This allows you to configure a site to respond to numerous domains and even IP addresses. This comes in real handy when a site registers the .com, .net, .org, etc. versions of their domain or even common misspellings of the domain. I have some sites configured to respond to 50 or more domains and their aliases and everything works great.
One note when configuring public facing sites like this is the potential for receiving a duplicate content penalty by the search engines. This occurs when a search engine sees the same content being returned by more than one unique address. In this case it is good to have some code, like an httpModule to force a redirect to the primary domain. You would want to sent the 301 status code with the matching primary URL for the content.
The only time you can only host one site on an IP address is when you use an SSL Key with the site. The SSL key will be bound to the IP address and not to the host header translation. If you place multiple sites on the same IP address with SSL keys you will experience problems because one of the sites will not respond for an https request, instead the other site will be delivered to the client. So you must assign a unique IP address to a site using SSL encryption.
Finally, a typical web site will be configured to respond to both the www.somedomain.com and the somedomain.com combination. The www prefix is just an old nomemclature used in the very early days of the Internet to help designate the service being used, in this case http. Some do go as far as setting up a duplicate site to cause one or the other to do a 301 redirect to the actual site to avoid a potential duplicate content penalty.