This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Olga Ekvelumanoopsi
Jan 14, 2014, 4:56 PM
4 Posts

Is there a way to stop a Domino http server responding to a specific host name?

  • Category: Administration
  • Platform: Linux
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 5

We have a server where a single Internet site document was set up to respond to just the IP address and a specific host name - there is no default site.  Another unrelated organisation has set up their DNS to point their host name incorrectly at our server.  Our server is responding to their http requests, despite their host name not being listed in the Internet site document. 

The only thing that we have been able to do to stop this happening is to remove the IP address from the Internet site document temporarily.  It seems that having the IP address in the Internet site document allows any host name linked to that IP address in the DNS to be responded to.  Is there any way to stop it happening?  We would like to be able to deny requests for a particular host name in the Internet Site document or by other means, or to specify that it is the IP address alone and not unlisted DNS-related host names that are to be responded to.

In our case, I'm sure it is incompetence in the other organisation that has caused this, but I can imagine this being used maliciously.

~Arnold Frofreeburoni
Jan 14, 2014, 8:04 PM
27 Posts
Does the site use ssl?
If the site uses SSL then it will not be possible to deny based on host name because the site will be mapped by  incoming IP address first for ssl requests and for non-ssl requests will match by host then ip address if no host is found.  The server does not know the host name used by the client to get to the IP address. It can be something set up in a local host file or DNS.

However if SSL is not needed, just list the host name in the internet site and leave out the ip address, the match will only take place based on the incoming host header presented in the request, if the host does not match, and the ip address will not be found. If there is no default site the request will be rejected (when using internet sites without a default site).

There is no explicit way to deny a request based on the incoming host header if the IP address matches the site.
 
~Jennifer Ekponeterettu
Jan 15, 2014, 10:59 AM
1 Posts
blocking ip addresses

Hi, Janey,

There's away to stop a Domino http server responding to a specific IP address or  ip ranges.

Go to the server document -> Internet Protocols -> http -> Network Parameters -> ip deny list.

I'm not sure if it will work if you put a hostname instead of a ip address.

Hope it can helps.

Albert

 

 

~Olga Ekvelumanoopsi
Jan 15, 2014, 1:56 PM
4 Posts
Thanks

Mike, thanks for that.  It is as I suspected.  Shame.

Albert,  thanks, but those settings apply to client IP addresses and are not relevant in my case.

~Olga Ekvelumanoopsi
Jan 15, 2014, 1:56 PM
4 Posts
Thanks

Mike, thanks for that.  It is as I suspected.  Shame.

Albert,  thanks, but those settings apply to client IP addresses and are not relevant in my case.

~Judy Kinisonli
Apr 3, 2014, 3:50 PM
6 Posts
redirect to DB with info

You can use an internet site document, with the "problem" host listed and use the home page or default URL options to redirect to a simple html page telling the user that the site is down or something similar. It doesn't deny the request, but it will redirect traffic away from your site.


This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal