Support Multiple Websites (Compact 2013)

3/26/2014

The web server supports the ability to run multiple websites. A website is defined as the basic settings that apply to the session for users depending on what IP address they use to connect to the web server or which host name they are requesting.

For example, if a home gateway is being used, it may be desirable to allow access to administrative ISAPI extensions to all users on the private network, but to disable any access from the Internet. In this scenario, the OEM would create two websites on the device. One would have virtual roots mapped to the administrative utility and would not require authentication, while the other would have a virtual roots that only had information that was publicly available or would use Secure Sockets Layer (SSL) and/or authentication on sensitive pages.

Each Web site is its own subkey under HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites. Each website contains most, but not all, of the configuration options that the web server base registry key HKEY_LOCAL_MACHINE\COMM\HTTPD specifies. These options include the virtual roots that the website hosts, what types of authentication are being used, and whether directory browsing is allowed. For information about setting up the registry to indicate which requests websites should accept or reject, see Multiple Web Site Registry Settings.

Each subkey also contains information about the network interface on which the web server should listen, and which HTTP host fields it should accept. When a new connection arrives at the web server, it will read the HTTP headers first. After the HTTP headers have been read, the server will use the "Host" HTTP header (if sent by the Web client) and the network interface on which the request arrived to determine the appropriate website to which to map the request. If there is no website mapping found under HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites, and the AllowDefaultSite registry value is not set to zero (0), the web server will map the request to the default website. If there is no website mapping found and the AllowDefaultSite registry value is set to zero (0), the web server will immediately close the HTTP session.

The following list shows the parameters that are configured per website, using the same format as described in Base Registry Settings.

• Basic
• NTLM
• Dir Browse
• Default Page
• AdminUsers
• PostReadSize
• MaxLogSize
• ASP default settings
• Virtual Root settings

The following parameters are configured globally for the entire web server. These parameters cannot be set per individual website. The following list shows where these parameters should be specified in HKEY_LOCAL_MACHINE\COMM\HTTPD:

• MaxConnections
• Filter DLLs
• PostReadSize
• Logging
• SSL Configuration
• ISAPI extension script caching mechanism

Example of Multiple Websites

The following example shows the web server configuration on a hypothetical Internet gateway device. This device will have some pages viewable only from a private internal or intranet network, and some that are accessible from an external public network or the Internet.

The default website is what will be viewable by general users. Note the use of SSL and authentication for sensitive pages. This example uses Basic over NTLM because pages that require authentication need SSL anyway.

[HKEY_LOCAL_MACHINE\COMM\HTTPD]
    "DirBrowse"=dword:0
    "Basic"=dword:1
    "NTLM"=dword:0
    "LogFileDirectory"="\windows\www\"
    ; No HostedSites or NetworkInterfaces values are required
    ; because this is the default site, and will serve as a catch-all
    ; for unmapped Web sites.
[HKEY_LOCAL_MACHINE\COMM\HTTPD\VROOTS\/Admin]
    @="\windows\admin.dll"
    "a"=dword:0x1
    ;p = HSE_URL_FLAGS(READ, EXECUTE, SCRIPT, SSL128)
    "p"=dword:0x00000305
[HKEY_LOCAL_MACHINE\COMM\HTTPD\VROOTS\/PicturesReadOnly]
    @="\pictures\"
    "a"=dword:0
[HKEY_LOCAL_MACHINE\COMM\HTTPD\SSL]
    "IsEnabled"=dword:1
    "CertificateSubject"="Certificate Name"

The following example shows the private interface. Requiring authentication for all administrative pages is recommended, but is omitted in this example. The name of the website, that is, the registry key under Websites is arbitrary and can be any registry key name.

[HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites\1]
    "DirBrowse"=dword:1
    "Basic"=dword:1
    "NTLM"=dword:0
    "LogFileDirectory"="\windows\www\PrivateLogs"
    "PrivateInterface"=dword:1
    "NetworkInterfaces"="$PRIVATE"
    "HostedSites"="*"
[HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites\1\VROOTS\/Admin]
    @="\windows\admin.dll"
    "a"=dword:0
[HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites\1\VROOTS\/PicturesReadOnly]
    @="\pictures\"
    "a"=dword:0
[HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites\1\VROOTS\/PicturesWrite]
    ; ISAPI extension to help update pictures, private side only.
    @="\windows\pictures.dll"

The following example shows how to restrict website access, leaving out the details that make up the website itself, such as Vroot tables.

[HKEY_LOCAL_MACHINE\COMM\HTTPD]
    ; Turn off default website. Must map to one of websites that follow.
    "AllowDefaultSite"=dword:0
[HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites\Website1]
    ; All requests to host name "MyHost" will go to this
    ; site, regardless of network interface on which they come in.
    "HostedSites"=" MyHost"
[HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites\Website2]
    ; All requests on interface NE20001 will be directed to this site,
    ; unless they are to host MyHost.
    "NetworkInterfaces"="NE20001"
    "HostedSites"="- MyHost;*"
[HKEY_LOCAL_MACHINE\COMM\HTTPD\Websites\Website3]
    ; Serves as default site: if request is not coming on NE20001 or
    ; to host MyHost, or to both, this website will handle the request.
    "NetworkInterfaces"="-NE20001;*"
    "HostedSites"="- MyHost;*"

See Also

Concepts

Web Server Implementation Details