0

I have a standalone app that uses HttpListener that works great on Server 2008 but fails miserably on 2012. Each time I attempt to connect, I get some variety of:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Hostname</h2>
<hr><p>HTTP Error 400. The request hostname is invalid.</p>
</BODY></HTML>

When I connect to the listener port from the Command Prompt on that machine, it works fine (I get the response I Expect).

The firewall is configured correctly, and I've even tried it with the firewall disabled.

I've tried just about every possible combination of netsh http add urlacl imaginable, including:

http://+:n/ (n = port number)
http://*:n/
http://127.0.0.1:n/
http://localhost:n/
http://public_ip_address:n/

I've tried accessing on each of those hostnames, too.

Also with a variety of user combinations:

user=everyone
user=hostname\administrator

I've tried them individually and also tried without any of them configured.

The result is the same but the response bounces between a 503 and a 400 (same response body as above).

IIS is NOT running on this machine. There are no port conflicts. Each machine has a brand new installation with only this app.

About to rip hair off my head.

John Saunders
  • 160,644
  • 26
  • 247
  • 397
joelc
  • 2,687
  • 5
  • 40
  • 60

1 Answers1

2

Apparently there are some things not made clear with netsh http add urlacl and use of the hard and soft wildcards "+" and "*".

I've solved the issue, and what appears to be happening is this:

  • urlacl entries are examined and compared against the HTTP Host header
  • the + and * wildcards only seem to work for IP addresses and names that are known by the machine
  • i.e. the + and * wildcards will NOT work for public IP addresses or DNS names that are not known by the machine

So, if you have a machine that is on a local network and accessible through the Internet, you may have to set up explicit urlacl entries for the public IP address and public DNS names that will be used.

Really, really annoying. I hope this saves someone some time.

joelc
  • 2,687
  • 5
  • 40
  • 60