Supporting Multiple Web Sites
A version of this page is also available for
4/8/2010
The Web Server supports the ability to run multiple Web sites. A Web site is defined as the basic settings that apply to the session for a user depending on what IP address they connect to the Web Server on or which host name they are requesting.
For example, if a home gateway is being used it may be desirable to allow access to administrative ISAPI extensions to all users on the private network, but to disable any access from the Internet. In this scenario the OEM would create two Web sites on the device. One would have virtual roots mapped to the administrative utility and would not require authentication, while the other would have a virtual roots that only had information that was publicly available or would use Secure Sockets Layer (SSL) and/or authentication on sensitive pages.
Each Web site is its own subkey under HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites. Each Web site contains most, but not all, of the configuration options that the Web Server base registry key HKEY_LOCAL_MACHINE\COMM\HTTPD specifies. These options include the virtual roots that the Web site hosts, what types of authentication are being used, and whether directory browsing is allowed. For information about setting up the registry to indicate which requests Web sites should accept and which they should reject, see Multiple Web Site Registry Settings.
Each subkey also contains information about the network interface on which the Web Server should listen, and which HTTP host fields it should accept. When a new connection arrives at the Web Server, it will read the HTTP headers first. Once the HTTP headers have been read, the server will use the "Host" HTTP header (if sent by the Web client) and the network interface on which the request arrived to determine the appropriate Web site to which to map the request. If there is no Web site mapping found under HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites, and the AllowDefaultSite registry value is not set to zero (0), the Web Server will map the request to the default Web site. If there is no Web site mapping found and the AllowDefaultSite registry value is set to zero (0),, the Web Server will immediately close the HTTP session.
Note
This Web site mapping is handled within the Web Server itself. No re-direct pointers are sent to the client.
The following list shows the parameters that are configured per Web site, using the same format as described in Base Registry Settings.
- Basic
- NTLM
- Dir Browse
- Default Page
- AdminUsers
- PostReadSize
- MaxLogSize
- ASP default settings
- Virtual Root settings
The following parameters are configured globally for the entire Web Server. These parameters cannot be set per individual Web site. The following list shows where these parameters should be specified in HKEY_LOCAL_MACHINE\COMM\HTTPD:
- MaxConnections
- Filter DLLs
- PostReadSize
- Logging
- SSL Configuration
- ISAPI extension script caching mechanism
Example of Multiple Web Sites
The following example shows the Web Server configuration on a hypothetical Internet gateway device. This device will have some pages viewable only from the private (internal/intranet) network and some that are accessible from the public (external/Internet).
The default Web site is what will be viewable by general users. Note the use of SSL and authentication for sensitive pages. This example uses Basic over NTLM because pages that require authentication need SSL anyway.
[HKEY_LOCAL_MACHINE\COMM\HTTPD]
"DirBrowse"=dword:0
"Basic"=dword:1
"NTLM"=dword:0
"LogFileDirectory"="\windows\www\"
; No HostedSites or NetworkInterfaces values are required
; because this is the default site, and will serve as a catch-all
; for unmapped Web sites.
[HKEY_LOCAL_MACHINE\COMM\HTTPD\VROOTS\/Admin]
@="\windows\admin.dll"
"a"=dword:0x1
;p = HSE_URL_FLAGS(READ, EXECUTE, SCRIPT, SSL128)
"p"=dword:0x00000305
[HKEY_LOCAL_MACHINE\COMM\HTTPD\VROOTS\/PicturesReadOnly]
@="\pictures\"
"a"=dword:0
[HKEY_LOCAL_MACHINE\COMM\HTTPD\SSL]
"IsEnabled"=dword:1
"CertificateSubject"="Certificate Name"
The following example shows the private interface. Requiring authentication for all administrative pages is recommended, but is omitted in this example. The name of the Web site, that is, the registry key under Websites is arbitrary and can be any registry key name.
[HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites\1]
"DirBrowse"=dword:1
"Basic"=dword:1
"NTLM"=dword:0
"LogFileDirectory"="\windows\www\PrivateLogs"
"PrivateInterface"=dword:1
"NetworkInterfaces"="$PRIVATE"
"HostedSites"="*"
[HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites\1\VROOTS\/Admin]
@="\windows\admin.dll"
"a"=dword:0
[HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites\1\VROOTS\/PicturesReadOnly]
@="\pictures\"
"a"=dword:0
[HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites\1\VROOTS\/PicturesWrite]
; ISAPI extension to help update pictures, private side only.
@="\windows\pictures.dll"
Note
In this example, the virtual root PicturesReadOnly is duplicated on both the default Web site and the private interface VROOTs subkeys. This is a requirement if PicturesReadOnly is to be shared on both network interfaces. Virtual roots among different Web sites are not shared; therefore, if the Web Server cannot map the virtual root PicturesReadOnly on the private interface, it will not attempt to perform the mapping on the default Web site.
Note
When adding new Web sites to a device, care must be taken to ensure that all virtual roots that should be available to clients using the Web site are copied into the registry.
The following example shows how to restrict Web site access, leaving out the details that make up the Web site itself, such as Vroot tables.
[HKEY_LOCAL_MACHINE\COMM\HTTPD]
; Turn off default Web site. Must map to one of Web sites that follow.
"AllowDefaultSite"=dword:0
[HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites\Website1]
; All requests to host name "MyHost" will go to this
; site, regardless of network interface on which they come in.
"HostedSites"=" MyHost"
[HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites\Website2]
; All requests on interface NE20001 will be directed to this site,
; unless they are to host MyHost.
"NetworkInterfaces"="NE20001"
"HostedSites"="- MyHost;*"
[HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites\Website3]
; Serves as default site: if request is not coming on NE20001 or
; to host MyHost, or to both, this Web site will handle the request.
"NetworkInterfaces"="-NE20001;*"
"HostedSites"="- MyHost;*"
See Also
Concepts
Base Registry Settings
Web Server Requirements
Web Server Implementation Details
Multiple Web Site Registry Settings