TL;DR Can IIS be prevented from serving requests to an IP address (e.g. https://12.34.56.78) while continuing to serve web site URL's?
We have a physical dedicated server hosted by a UK hosting company (Windows 2012 + IIS8). It currently hosts 4 web sites, all of which are configured to serve on port 80 (http) and 443 (https). We have valid SSL certificates for the four domains, purchased from reputable sellers.
We've just activated some Intrusion Detection Software, which is inundating us with suspected attack warnings when the following (example) URL is accessed by the browser: https://12.34.56.78:
HTTP: (no user): no domain: ourserver.hostingcompany.net: \Device\Http\ReqQueue 0.0.0.0:443
Schannel: SYSTEM: NT AUTHORITY: ourserver.hostingcompany.net: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
On investigating, another URL also flags up the same: https://ourserver.hostingcompany.net (a ping shows that this URL maps back to the above IP address).
Within IIS, the "Default Web Site" is disabled.
Therefore, I cannot work out why IIS is serving requests to the above? Naturally, there is no SSL cert for either of the above, and if so would be outside our control anyway.
Within the browser, HTTP requests show this:
...and HTTPS requests show this:
The former certainly seems to indicate that IIS is indeed processing the requests. Could anybody please explain what's happening here, and whether IIS is actually the culprit?
