Questions[host-headers](server)

Is the Host: header required over SSL even if the request is not HTTP/1.1?

So, if a client connects over SSL, and sends the following request:

GET / HTTP/1.0

1. Should the web server throw a bad request due to the missing Host: header?
2. Should the web server respond with an HTTP/1.0 200 OK response?
   (the index.html file always exists, so a request to /, would never lead to 403/404)

Update:

If I disable SNI in openssl s_client, apache works without the Host: header.

Why does it need the Host: header when SNI is on?

I have troubles with IIS7 host headers. I'd like to create a domain for managing mysql with phpmyadmin. I tried to configure with these settings without success.

The browser displays the localhost instead of the phpmyadmin page. Can anybody tell me how should I configure the IIS?

I am going to prefix this that I am a programmer trying to figure out IIS7. I want to host two sites on my server. I created a second site and gave its own path. I added the two domains I want to forward to in site bindings. For some reason when I got www.magnetballs.com I am getting a server not found. What else do I have to do to configure this?

So, I have a site with 2 host headers:

header1.example.com
header2.example.com

In this site, I have a virtual directory called Foo and it has various sub-directories 1, 2, 3 & 4 that have various style sheets. A page references these style sheets dynamically via /Foo/1/Style.css and /Foo/2/Style.css.

i.e.

http://header1.example.com/SomePageThatUsesFoo1Style.aspx
http://header1.example.com/SomePageThatUsesFoo2Style.aspx

When I go to http://header1.example.com/SomePageThatUsesFoo2Style.aspx I am getting a 404 trying to get /Foo/2/Style.css.

The file absolutely 100% exists in the correct directory, and permissions are correct.

The interesting part. If I go to http://header1.example.com/SomePageThatUsesFoo1Style.aspx it works just fine. Also, if I go to http://header2.SomePageThatUsesFoo2Style.aspx or http://header2.example.com/SomePageThatUsesFoo1Style.aspx it works just fine.

Has anyone seen this kind of weird issue where 1 specific host header screws things up?

I'll also add that just for giggles, I created a completely NEW website from scratch with a NEW host header (header3.example.com) and everything worked. I stopped the old site, and added header1 and header2 to the new site and the same error occurs.

Note: I tried using Microsoft Network Monitor 3.4 to capture packets. I hit several pages of my site where the above is experienced. Applied a filter to the capture for any HTTP status code >= 400 and there are no results. When using Fiddler from my desktop hitting my site, Fiddler shows a 404 also.

Any thoughts?

In IIS I need to map www.example.com and example.com to use a specific SSL certificate. I have tried using appcmd and editing applicationHost.config but I don't see how to tie each host-header to a specific certificate. If I add the bindings in the config file and then look in the UI, no certificate is applied to bindings.

The certificate is for www.example.com but has an alias for example.com.