IIS Websites handing 404 when website disabled

While trying to get some IIS webservers load balanced with Nginx, I noticed that Websites that were stopped would return a 404 error.

Trouble Shooting the issue

While testing deployments with shutting down Websites in IIS, I noticed our load balancers were not taking the site offline when the sites were stopped. Instead, they were getting HTTP 404 errors.

If all Websites on the server were stopped, it would stop the 404 also. This became very interesting to me at this point since it seemed to be a configuration issue. So I kept digging deeper.

I started nginx in debugging mode so I could watch the connections in real time. I then got connection data from the upstream server showing the 404 error. I noticed the Server header being sent wasn’t IIS’s normal header. It was Microsoft-HTTPAPI/2.0.

What is actually happening

When you use IIS with websites with SNI enabled, if any of them are online, the server will continue to answer HTTPS requests, but return 404 for any sites which are not running. This is done via the http.sys system.

How can we use this information?

Now that we know what is going on, and we know how to tell it is happening, what can we do with it? First, since I was doing active health checks in nginx, I just had to setup a check for the Server header coming in. As long as it wasn’t set to Microsoft-HTTPAPI/2.0, with status 200-499, then we would mark the server as online. As soon as we see that Server header, we mark the server down.

Since we have a nginx-plus subscription, this gives us the active health check. We run something like this:

http {

    match server_ok {
        status 200-499;
        header Server = "Microsoft-HTTPAPI/2.0";
    }

    server {
        #....
        location / {
            proxy_pass https://backend;
            health_check match=server_ok;
        }
    }
}

Back to Home