403 Forbidden from IIS 6 using host header, logs as 200

Question

I have a Windows Server 2003 server with IIS6. I have one main site that works fine. I'm trying to create an alternate URL for a folder under that main site. I'm trying to setup a host header at the moment (something I've done many times) and am getting unexpected results: 403 Forbidden.

Details:

• Browsing to www.mysite.com/folder works fine.
• I have a DNS entry that points to the same server (same IP) say: folder.domain.com
• I entered folder.domain.com as a host header on the main site.
• I would expect folder.domain.com/folder to work, the same as www.mysite.com/folder works. -- (I'll need to do some url rewriting in the future I think to get rid of the need for /folder.)

Anyway, I always get a 403 forbidden when trying to use that host header URL. The 403 is simply 403...not .1, .2, or anything.

Some things I've checked and ruled out:

• Missing default document: It is set and correct and I get the same thing if I try to get folder.domain.com/folder/index.html. (which works as www.mysite.com/folder/index.html)

• File/Folder permissions: I'm not getting 401's, it works fine with www.mysite.com, it's set to allow anonymous, and IUSR... is assigned correctly (I think).

• Config file: It's basic html so there's no web.config to check/edit. (I did see an index.php. I don't know php, so not sure if this could be involved, but I'm just trying to get to the index.html file anyway.)

• Hijacked connection: In order to verify that nothing else was intercepting my connection to that server under the new name I used telnet to connect to folder.domain.com and then submitted an HTTP GET request for www.mysite.com/folder..and it worked fine. So I was connected to the same server.

Two additional weird things:

• The IIS log has no 403 error logged at all.

• I did a request for a page I knew didn't exist... folder.domain.com/folder/nothere.html. I still got a 403 forbidden, and in the log I found that entry and it had a 200 status code! If I try that same request with the www.mysite.com/folder/nothere.html, I get the expected 404 not found.

And to complicate matters, I only have access to the machine via web ex with a person in China and I'm in the US...so I'll have to gather up whatever thoughts/comments/suggestions I get and try them all at once, so be patient if I don't reply back with results immediately. Thanks!

Answer 1

I eventually found that an ISAPI filter called IBsys.dll, which I didn't recognize, was actually part of server security software produced in China.

That software was filtering all requests and blocking ones it didn't know about. That software had to be configured with the new host header.

So, if you encounter something similar, scrutinize your ISAPI filters.