how to set alternateHostName to all websites on iis 10?

Question

this refers to CVE: CVE-2000-0649

appcmd.exe set config "SiteName" -section:system.webServer/serverRuntime /enabled:"True" /commit:apphost

appcmd.exe set config "SiteName" -section:system.webServer/serverRuntime /alternateHostName:"development-server-iis.local" /commit:apphost

the solution was found here: internal-ip-address-leak-iis10

my Question - Since I have many websites hosted on a single server, not all of them "named" - how to I make this setting work for all sites on that server ?

score 1 · Accepted Answer · answered Sep 14 '20 at 18:38

You could use PowerShell:

 Get-ChildItem iis:\sites | Foreach-Object {

 Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location "$($_.Name)" -filter "system.webServer/serverRuntime" -name "enabled" -value "True"
 Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location "$($_.Name)" -filter "system.webServer/serverRuntime" -name "alternateHostName" -value "development-server-iis.local"

 }

All web sites in IIS are named, this code just loops through them and runs the sets the two properties for all of them.

how to set alternateHostName to all websites on iis 10?

1 Answers1