0

A pci company has pointed out that the IP addresses on our server should not be accessible - the sites should just be accessible via the domain name.

Currently if you visit one of the IP addresses it shows the default/welcome IIS 7 web page, and of course if you visit the domain name associated with the ip address it shows the clients website.

Please can someone suggest how I can turn off access to the ip addresses

Dave M
  • 4,514
  • 22
  • 31
  • 30
David Jennings
  • 113
  • 1
  • 3

1 Answers1

3

One option could be to configure a Host Header with 'domainname.com' for your sites, instead of the default blank one, within IIS.

Also, as it seems you run multiple web sites, you could shutdown the "default web site" (if you don't use it) because it is probably the one that points to the IIS default welcome page.

krisFR
  • 13,280
  • 4
  • 36
  • 42
  • Thank you for your reply. I'm pretty sure we've already done this, using selecting the site, clicking on bindings and adding the hostname – David Jennings Feb 14 '14 at 12:12
  • You should not only add the hostname binding to your real web site, you should also turn off the default one, which is used by IIS to answer requests for which no more appropriate binding is found. – Massimo Feb 14 '14 at 16:21