Friday, November 1, 2019

IIS web application to reject HTTP requests without a Host header

Step 1:

Download and install the URL Rewrite module (

Step 2:

Add the rewrite rule in the web.config for the web application:

              <rule name="RequestBlockingRule1" patternSyntax="Wildcard" stopProcessing="true">
                <match url="*" />
                        <add input="{HTTP_HOST}" pattern="*.*" negate="true" />
                    <action type="AbortRequest" />


Now, any HTTP requests without a "Host:..." header will get a connection reset.

No comments:

Get This <