Host

Overview

The <Host> element is used to apply content settings to requests to specific virtual hosts and/or to act as a container for more specific rules based on path or query string.

Host matching is based on exact matching of the hostname in a request, and optionally based on scheme or port. For this matching to be reliable, the hostname must be canonical; that is, it must come from the web server's own virtual host configuration rather than a value in the Host header in an HTTP request. Otherwise any rule can be circumvented trivially.

Apache can support this via the UseCanonicalName directive, but this is normally unnecessary because there are better, more powerful ways of handling content settings in Apache itself.

IIS does not support this at all, and reports to applications only the value provided by the client. This is worked around by means of the <Site> element to provide a canonical site to host mapping independently of IIS.

Reference

Attributes

Content Specifiers

Names

Type

Req?

Description

Names

Type

Req?

Description

name 

string

Y

Required, specifies the hostname to match (see above for the issues with this)

scheme 

"http",
"https"



Optional scheme to match against. Used to match only requests using a specific protocol. If omitted, either protocol will match.

port 

integer



Optional port to match against. Used to match only requests using a specific port. If omitted, requests to the default port for the protocol scheme used (either 80 or 443) will match.

Content Settings

The element supports a large number of XML attributes corresponding to the content settings supported by the SP:

Child Elements

Access Control

Nested Content Specifiers