What is the best way to deal with non-existent domains on IIS / Lucee server?

Well, this is not directly related to Lucee, but I’m sure it is a rather
common issue and someone might help to clarify it:

In IIS logs I can see a lot of hits to domains which don’t exist on my
server. They fall into 2 main categories:

A) domains which are no longer hosted on the server ( some clients scrapped
the sites and did not update their DNS records anyhow )
B) funny requests for subdomains which were never hosted on the server -
for example www.somedomain.com is hosted but some bots (usually Baidu
Spider) are trying to request webmail.somedomain.com,
site.somedomain.com, 2www.somedomain.com etc.

As there are no IIS bindings for these domains, these requests would hit
the Default Site and expose Lucee start page - not good.

So far, I have simply gone to Default Site / IPv4 and Domain Restrictions
/ Edit Feature Settings and set Access for unspecified clients = Deny.
This works, but returns standard IIS 403 - Access Denied page which is
rather ugly. Supposedly this can be configured in IIS 8 to return 404, but
I have IIS 7.5 at this moment. So I guess I will have to live with that.

Sure, I would rather return 410 - Gone status for all domains in the A)
category.
The only idea I could come up with, is to create a new IIS site, add all
the non-existent domains from the A) category as bindings there and then
configure URL Rewrite to return the 410 status for them.

Is this the right way to deal with this, or are there some better options ?

Regards

Ivan

Unless I need wildcard subdomain handling (which for IIS, using the default site is really the only option), I usually set up the default site in IIS to either A) Deliver a static custom error page or B) Redirect the offending domain to the primary domain on the server.

My preference would be A, and you can just configure that in IIS manager.

If you need to use the default site, then the better option is to use your web.config to rewrite the inbound request to your 410 error (add as many negation rules as you need):

On August 6, 2015 at 8:56:49 AM, Ivan Rotrekl (@Ivan_Rotrekl) wrote: Well, this is not directly related to Lucee, but I'm sure it is a rather common issue and someone might help to clarify it:

In IIS logs I can see a lot of hits to domains which don’t exist on my server. They fall into 2 main categories:

A) domains which are no longer hosted on the server ( some clients scrapped the sites and did not update their DNS records anyhow )
B) funny requests for subdomains which were never hosted on the server - for example www.somedomain.com is hosted but some bots (usually Baidu Spider) are trying to request webmail.somedomain.com, site.somedomain.com, 2www.somedomain.com etc.

As there are no IIS bindings for these domains, these requests would hit the Default Site and expose Lucee start page - not good.

So far, I have simply gone to Default Site / IPv4 and Domain Restrictions / Edit Feature Settings and set Access for unspecified clients = Deny.
This works, but returns standard IIS 403 - Access Denied page which is rather ugly. Supposedly this can be configured in IIS 8 to return 404, but I have IIS 7.5 at this moment. So I guess I will have to live with that.

Sure, I would rather return 410 - Gone status for all domains in the A) category.
The only idea I could come up with, is to create a new IIS site, add all the non-existent domains from the A) category as bindings there and then configure URL Rewrite to return the 410 status for them.

Is this the right way to deal with this, or are there some better options ?

Regards

Ivan

–
See Lucee at CFCamp Oct 22 & 23 2015 @ Munich Airport, Germany - Get your ticket NOW - http://www.cfcamp.org/

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/21621926-bcf7-43bc-9c1a-47655ac7e0c3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Yes, this is much cleaner and prettier. Thank you very much !

Ivan