Condividi tramite


IIS Bindings

Introduction

A binding is an attribute of a website which is used to uniquely identify itself and consists of a combination of IP, Port and the Hostname.

Basically Binding = IP + Port + Hostname

Confusion

So if its that simple, where and when does the confusion arise? Consider a situation where you have multiple websites hosted on an IIS machine. When a request reaches this web server, how does it decide as to which website this request should go to? This is where the knowledge of Bindings can be useful. For two or more websites to run successfully on IIS, their Bindings have to be unique. It basically means that either one of the following attributes - IP, Port or Hostname has to be different.

HTTP

The default port that HTTP requests use is port 80. 

Consider an example where website A has the following Binding.

IP: 10.10.10.1 Port:80 Hostname: contosso.com

If another website website B has to be hosted on the same server, atleast one of the above attributes has to be different.

So, Website B can have either of the following Bindings.

  • IP: 10.10.10.1 Port:80 Hostname: Test.com
  • IP: 10.10.10.1 Port:8080 Hostname: Contosso.com
  • IP: 20.20.20.2 Port:80 Hostname: Contosso.com

Option 1 is something that is feasible, scalable and easier to manage. Since port 80 is the default port of HTTP protocol,  if a website is listening on any other port other than 80 , it has to be specified by the user in the browser which becomes a little tedious. Ideally, each website will be accessed using its Hostname. So having a different Hostname rather than a different Port makes more sense. This way, you can host multiple websites without any difficulty.

Option 2 is generally used when you have website B as the backup for website A. Website A usually contains the latest code release and website B contains the last working code. If, for some reason website A goes down, the administrator can immediately stop website A, modify the port number of website B and get the last working code up and running.

Option 3 is used if you have an additional IP address added to the machine.

HTTPS - Windows server 2008 R2

The default port that HTTPS requests use is port 443. There is a small twist in the way requests are routed to individual websites in case of websites running over HTTPS. As we discussed earlier, to uniquely establish two websites having HTTP bindings, we used the combination of IP, Port and Hostname. However, in case of two or more websites having HTTPS binding, they can be established using the combination of IP and Port only. This is because, during the SSL handshake, only IP and Port details are available. Hence, hostname does not play any part in determining the website that the request should go to.

If you observe the Bindings section while adding an HTTPS binding, the Hostname section will be greyed out.

1

Consider an example where website A has the following Binding.

IP: 10.10.10.1 Port:443

If another website website B has to be hosted on the same server, either of the above attributes has to be different.

So, Website B can have either of the following Bindings.

  • IP: 20.20.20.2 Port:443
  • IP: 10.10.10.1 Port:445

Option 1 is used if you have an additional IP address added to the machine. This is the most feasible option for HTTPS websites on a windows server 2008 R2 machine.

Option 2 can be used but is not feasible since it uses a port number that is different than the default HTTPS port(443). The disadvantage is that the users will have to specifically mention the port number in the URL of the website that they intend to access. Example: https://www.contosso.com:445

Special case of using wildcard certificates - Windows server 2008 R2

Consider an example where website A has the following Binding - IP: 10.10.10.1 Port: 443 and is supposed to be accessed using the Hostname: website1.contosso.com

If another website website B has to be hosted on the same server with the Hostname: website2.contosso.com, then we can assign the same IP and Port combination to both the websites in the IIS manager.

But two websites running with the same IP and Port combination will result in a conflict. So, in order to uniquely identify the websites and make sure that the request reaches the correct website, the "Bindings" section under "sites" attribute in the applicationHost.config file will have to be modified in the following manner.

For website A,

<binding protocol="https" bindingInformation="10.10.10.1:443:website1.contosso.com" />

For website B,

<binding protocol="https" bindingInformation="10.10.10.1:443:website2.contosso.com" />

HTTPS - Windows server 2012 R2

The major disadvantage with windows server 2008 R2 machine was Scalability. Hosting multiple websites required users to configure multiple IP addresses on the machine or have the users access the website using an unconventional port.

In order to rectify this problem, a very important feature called "Server name Indication(SNI)" was introduced.

2

SNI allows us to utilize all three attributes of a binding - IP , Port and Hostname that we used previously with HTTP based websites to uniquely identify themselves. Most of the new browsers support the SNI feature. You can refer to this blog for more information on SNI and how it can be configured.

Summary

HTTP = IP + Port + hostname

HTTPS [windows server 2008 R2] = IP + Port

HTTPS [windows server 2012 R2] = IP + Port + Hostname

Hope this helps :)

Comments

  • Anonymous
    July 27, 2016
    Great work Parvez. Keep blogging :) Waiting for more posts
  • Anonymous
    February 09, 2017
    This is so helpful. I was super confused with the concept of binding in IIS and this article explains it so well !! thank you :)
    • Anonymous
      February 14, 2017
      You're welcome :) Glad it helped !!