Host
- Rod Widdowson
- Scott Cantor
- 1 Overview
- 2 Reference
- 2.1 Attributes
- 2.1.1 Content Specifiers
- 2.1.2 Content Settings
- 2.2 Child Elements
- 2.2.1 Access Control
- 2.2.2 Nested Content Specifiers
- 2.1 Attributes
Overview
The <Host> element is used to apply content settings to requests to specific virtual hosts and/or to act as a container for more specific rules based on path or query string.
Host matching is based on exact matching of the hostname in a request, and optionally based on scheme or port. For this matching to be reliable, the hostname must be canonical; that is, it must come from the web server's own virtual host configuration rather than a value in the Host header in an HTTP request. Otherwise any rule can be circumvented trivially.
Apache can support this via the UseCanonicalName directive, but this is normally unnecessary because there are better, more powerful ways of handling content settings in Apache itself.
IIS does not support this at all, and reports to applications only the value provided by the client. This is worked around by means of the <Site> element to provide a canonical site to host mapping independently of IIS.
Reference
Attributes
Content Specifiers
Names | Type | Req? | Description |
|---|---|---|---|
name | string | Y | Required, specifies the hostname to match (see above for the issues with this) |
scheme | "http", | Optional scheme to match against. Used to match only requests using a specific protocol. If omitted, either protocol will match. | |
port | integer | Optional port to match against. Used to match only requests using a specific port. If omitted, requests to the default port for the protocol scheme used (either 80 or 443) will match. |
Content Settings
The element supports a large number of XML attributes corresponding to the content settings supported by the SP: