KB - Verify Host Header sent corresponds to the IIS configuration

Affects product

  • Neutral

Question or problem

Verify that the host header sent corresponds to the IIS configuration (as outlined in Register SPN)

Procedure-related prerequisites

  • Configuration takes place in Airlock Gateway.
  • You need to be logged in as admin in the Airlock Gateway Configuration Center.
  • You need to be logged in as an administrator.
  • Configuration takes place in IIS web server.

Instruction

  • Test preparation in IIS 6.0:
  • 1.
    Go to: Administrative Tools >> Internet Information Services (IIS) Manager
  • 2.
    In the left span, expand the Web Sites node tree.
  • 3.
    Select Default Web Site and click on Properties in the context menu.
  • The instructions describe the required steps for the Default Web Site.

  • 4.
    Change to the Web Site tab.
  • 5.
    Click on Advanced.
  • 6.
    Ensure that the configuration in the Advanced Web Site Identification dialog is correct.
  • 7.
    Click on OK to close the configuration dialog.
  • Test preparation in IIS 7.5, 8.5 and 10.0:
  • 1.
    Go to: Administrative Tools >> Internet Information Services (IIS) Manager
  • 2.
    In the Connections span, expand the Sites node tree.
  • 3.
    In the Connections span, select the Default Web Site and click on Edit Bindings... in the context menu.
  • The instructions describe the required steps for the Default Web Site.

  • 4.
    Ensure that the configuration in the Site Bindings dialog is correct.
  • 5.
    Click on OK to close the configuration dialog.
  • Test execution and verification:
  • 1.
    Go to: Application Firewall >> Reverse Proxy and edit the mapping of the web application for which Back-side Kerberos SSO should be used.
  • 2.
    Switch to tab Request Actions and check the configuration for (default) Translate Host Header.
  • The rewritten Host Header matches the IIS configuration.
  • In case of failure:
  • Adapt the IIS or Airlock Gateway configuration.