Implicitly allow requests in IIS from valid hostname

security http iis

Solution 1:

I don't think there is a global setting to disallow any requests with a "valid" hostname, but you can try the following

Create a new fallback site on your IIS server, while all other sites require hostnames this site is bound to all Unassigned IP addresses without any hostnames.

So any http requests to the server without an otherwise bound hostname end up on this site which just has a simple static html page.

For this site edit the IP Address and Domain Restrictions, don't add a new entry, just go to Edit Feature Settings... :

IIS IP Restrictions

Set the default access to Deny and then the Action Type to Abort

This way no response is send to the client. You also have the options to send a 401, 403 or 404 instead, but if you want no response, use Abort

There may be other ways to accomplish this, but this should work pretty well.

Related

TFS: Search for a file by name in source control
Is it possible to use WebRTC to streaming video from Server to Client?
Return CompletableFuture<Void> or CompletableFuture<?>?
Can a GraphQL input type inherit from another type or interface?
Do you know any alternative to NDepend for architects? [closed]
What does MethodImplOptions.Synchronized do?
Where is the best place to specify maven repositories, pom.xml or settings.xml?
Aborting `git stash apply` [duplicate]
android what is the difference between Android Support Repository vs Android Support Library vs Google Repository vs Google Play Services
How to efficiently manage frequent schema changes using sqlalchemy?
Javascript data structures library [closed]
Can bower automatically write <script> tags into index.html?