Control IIS IP address binding and prevent all unassigned IP addresses

by on Nov.04, 2009, under Microsoft Windows, Networking, OS Specific, Security

This post is for Windows XP and Windows 2003.

If using Windows 2000 and IIS 5.0, you need to disable socket pooling. Here is the Microsoft article for disabling socket pooling in IIS 6.

This info discusses how to change (force) which IP addresses that IIS listens too. There are several scenarios that this would fall into. Most people generally only need to separate services and IIS listens to all IP addresses by default, IP so errors will occur if multiple web servers are using port 80 on the same IP. Example: Your server has multiple IP addresses and you need to run a new apache wordpress blog site on a separate dedicated IP address then your .net survey e-commerce IIS site to avoid any conflicts. There are other options in this scenario if you only have one IP address on a server but also need to run more then one web server on a single box, but that’s a different post. Alternatively, I also address binding IIS to all addresses.

To do this, we first stop IIS from binding to all addresses and explicitly select which ones to use. Once we tell it this, the IP addresses will be free to use by other applications and services. If you’re using Windows XP, then you may need to install Windows XP Service Pack 2 Support Tool. If you’re using Windows 2003, then you don’t need to worry because it’s most likely installed.

  1. Now we need to open a command prompt. The quickest way to open command prompt in windows is to press “windows key”+R, and then type cmd into the run dialog box. Then press enter…
  2. Were going to use “httpcfg” to setup IIS. So type:

    httpcfg query iplisten

    That should return:

    IP                      : 0.0.0.0
    ——————————————————————————

  3. The first change we make should delete the listening on all IP addresses, so lets do it:

    httpcfg delete iplisten -i 0.0.0.0

    If you typed everything correctly and the program likes it you should see:

    HttpDeleteServiceConfiguration completed with 0.

  4. Now we assign the IP address(es) that you would like IIS to bind too:

    httcfg set iplisten -i 192.168.0.23

    and again for if we need multiple:

    httcfg set iplisten -i 192.168.0.24

  5. Now we need to restart the http service so it will use the new configuration:

    net stop http

    and then:

    net start http

  6. Now we really need to check IIS manager to make sure that the sites are working properly. If you find any sites that are offline (marked with a red X), make sure the site configuration is using one of the IP addresses you entered earlier or “(All Unassigned)”. If it isn’t set it to the new address and turn on the site.

After IIS restarts, it will only be listening to the IP addresses you told it to. You can now setup your other web services to use the unallocated IP addresses. If you are still experiencing issues after completing these steps, you may need to disable socket pooling.

Force IIS to bind (listen) to All IP Addresses

Make sure you have httpcfg, then do the following:

  1. Open a command prompt. The quickest way to open command prompt in windows is to press “windows key”+R, and then type cmd into the run dialog box. Then press enter…
  2. We need to check what the current assignment is:

    httpcfg query iplisten

    That should return something similar to this:

    IP : 192.168.0.23
    ——————————————————————————

  3. We should delete the entry for any IP that isn’t 0.0.0.0, like this:

    httpcfg delete iplisten -i 192.168.0.23

  4. Next, we assign 0.0.0.0 to iplisten. 0.0.0.0 tells IIS to assign to ALL IP addresses:

    httcfg set iplisten -i 0.0.0.0

  5. Check the current configuration and make sure that 0.0.0.0 is the only assignment. If it isn’t, delete the other IP address(es) until it is:

    httpcfg query iplisten

    IP : 192.168.0.24
    ——————————————————————————
    IP : 0.0.0.0
    ——————————————————————————

    httpcfg delete iplisten -i 192.168.0.24

  6. Now we need to restart the http service so it will use the new configuration:

    net stop http

    and then:

    net start http

IIS should now be listening to all IP addresses again.

I found these sites useful when I was collecting my information:
Prevent IIS from Binding to all Assigned IP Addresses
egghead cafe question
IIS wikipedia entry
Setting metabase property DisableSocketPooling has no effect

:binding, IIS, ip address, windows 2003, windows xp

Leave a Reply

You must be logged in to post a comment. You may login with your Facebook Account.

Get Adobe Flash playerPlugin by wpburn.com wordpress themes

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!


fantom-stranger.com
fantom-stranger.com facebook fan page

Translator

English flagItalian flagKorean flagChinese (Simplified) flagChinese (Traditional) flagGerman flagFrench flagSpanish flagJapanese flagArabic flagRussian flagGreek flagDutch flagDanish flagHindi flagPolish flagSwedish flagNorwegian flagFilipino flagVietnamese flagThai flagTurkish flagIrish flagIcelandic flagPersian flag

Archives

All entries, chronologically...