Server: Microsoft-IIS/7.0\r\n

I'll be traveling again :(  just got back last week and next Tuesday I'm off again! I will be in US for two weeks - business trip of course. Anyway, this trip will be pack and interesting. Now, let's count the number of planes I will be boarding for the next two weeks:
1) SQ XXX to SINGAPORE
2) SQ XXX to LOS ANGELES
3) AA XXX to SEATTLE
4) AA XXX to PHOENIX
5) PJ XXX to SACRAMENTO
6) UA XXX to LOS ANGELES
7) SQ XXX to TAIPEI
8) SQ XXX to SINGAPORE
9) SQ XXX to KUALA LUMPUR

No. 5 PJ XXX is a private jet :)  well, obviously from the company and not mine :) 9 planes within two weeks, not bad huh? Anyway, response will be slow for email and will try my best to catch up with the newsgroups posting. Now, wish me have a safe trip :)

Need to locate a blog posting in my blog? Well, it's not easy and normally you do it via google.com. But now, google enhanced the blog searching experience with their latest baby 'Google Blog Search' :)  So, for example to find all posts, you can type 'Bernard IIS', that should give you all my postings of this blog. To narrow down, you can further key in additional keyword, such as 'Wildcard SSL' for wildcard SSL related postings.  Google folks are so creative, they always live in the innovative edge..... they see an opportunity, grab it fast and make amazing stuff out of it !!! 

Here's one KB explaining how to search MSKB using keywords and query workds...  :)
242450 How to query the Microsoft Knowledge Base by using keywords and query words

And the keywords for Internet.... not IIS.
kbCookie         Browser or operating system cookies
kbFTP             File Transfer Protocol
kbHttpRuntime  HTTP Runtime
kburl               Contains a link to Internet Web site
kbWebBrowser  WebBrowser

Surprise to see FTP, but not IIS :)

Possible ? Yes, yes and YES.... I mean in a 'cheating' way... I got this query recently -
----
Hi,

Is possible use a WildCard with *.mydomain.com to host differents customers web sites with single IP and IIS 5.0 ?
Example:
http://www.customer1.com - only http
http://www.customer2.com - only http
http://www.customer3.com - only http

https://customer1.mydomain.com - with https
https://customer2.mydomain.com - with https
https://customer3.mydomain.com - with https
In my case all https hosts are opening the same web page.
thanks.
----

Now, How I tested:
II5, 1 IP Address, 1 Wildcard *.killme.com cert :)
4 websites -
Default - which is the default site - obviously.
a.killme.com
b.killme.com
c.killme.com
---------
Install certsvr 2.0 and apply a *.killme.com and installed at a.killme.com with binding at port 443. and you will got 0.0.0.0:443 when you do a 'netstat -an' indicating that the port 443 is binding at all interfaces.

And now, when you browse http default site + a.killme.com, everything works, as this is just pure http host header requests get directed to relevant site. Then https://a.killme.com - works. as the cert is binding at the site.... then the magic part - https://b.killme.com - works! why? well, actually it requested the cert at a.killme.com, but since this is a wildcard cert, you will not get any browser prompt and you got https with b.killme.com, as well as c.killme.com

With IIS 6 (w2k3 sp1) - you are able to specific host header with SSL in a way. but then the catch is it needs wildcard cert of the same particular parent domain. e.g. *.killme.com

Anyway - don't think Microsoft support this. so again try this at your own risk.

903072 You may receive an error message and the installation may stop responding when you try to start the IIS Admin service in IIS
904056 You may receive an error message when you try to start a CGI program that is hosted on IIS 6
900405 FIX: You receive an "Access is denied" error message when you try to append a file that is hosted on IIS 6 by using the append command at an FTP prompt (900405)
900245 FIX: The value in the ETAG field is updated when you modify a metabase property in IIS 6.0
906910 The custom error page 500-100.asp may return sensitive information in Internet Information Services 5.0 and in Internet Information Services 5.1
887696 FIX: You experience an application memory leak when you use the IIS Active Directory Service Interfaces provider to query the metabase in Internet Information Services 6.0
899472 FIX: The Inetinfo.exe process stops responding when you configure Web sites to use host headers in IIS 5

Just got this from Brett's mailing list. There are many IIS 7 related videos + interviews over at Channel 9 forum. Here's the latest interview about  IIS7 from Bill Staples - Group PM for IIS7. And click here the rest of the IIS related videos.

An IIS-Centric View of the Application Security Administration Model for Distributed ASP.NET Applications—Part 1

An IIS-Centric View of the Application Security Administration Model for Distributed ASP.NET Applications—Part 2

Part I & II - Continuing the themes of previous webcasts on Microsoft Internet Information Services (IIS) and Microsoft ASP.NET, this webcast extends the application model from a single domain to a demilitarized zone, segregating a private network from the Internet. We review the steps required to derive the associated identify flows directed by IIS and ASP.NET settings, and the IIS administration of authentication, impersonation, delegation, and authorization. You also see a high-level logical model to identify the essential components for securing and administering a distributed ASP.NET application.

In relate to this posting, Microsoft has officially addressed the issue with this kb.
905910 The custom error page 500-100.asp may return sensitive information in Internet Information Services 5.0 and in Internet Information Services 5.1

Just to recap, best practises here are always
- configure host header even though you only have one site with one URL name.
- bind website to specific network interface.