enable htpt.sys hostname!

Author: DeagleGross

scenarios/rejection.benchmarks.yml

@@ -22,12 +22,13 @@ jobs:
       mTLS: false # enables settings on http.sys to negotiate client cert on connections
       tlsRenegotiation: false # enables client cert validation
       certPublicKeyLength: 2048
+      httpSysUrlPrefix: "" # enables host header validation on http.sys layer
       # debug settings
       certValidationConsoleEnabled: false
       httpSysLogs: false
       statsEnabled: false
       logRequestDetails: false
-    arguments: "--urls https://{{serverAddress}}:{{serverPort}} --mTLS {{mTLS}} --certValidationConsoleEnabled {{certValidationConsoleEnabled}} --statsEnabled {{statsEnabled}} --tlsRenegotiation {{tlsRenegotiation}} --httpSysLogs {{httpSysLogs}} --logRequestDetails {{logRequestDetails}}"
+    arguments: "--urls https://{{serverAddress}}:{{serverPort}} --mTLS {{mTLS}} --certValidationConsoleEnabled {{certValidationConsoleEnabled}} --statsEnabled {{statsEnabled}} --tlsRenegotiation {{tlsRenegotiation}} --httpSysLogs {{httpSysLogs}} --logRequestDetails {{logRequestDetails}} --httpSysUrlPrefix {{httpSysUrlPrefix}}"
 
   kestrelServer:
     source:
@@ -77,6 +78,8 @@ scenarios:
   httpsys-hostheader-mismatch:
     application:
       job: httpSysServer
+      variables:
+        httpSysUrlPrefix: "https://testserver.local:5000"
     load:
       job: httpclient
       variables:

src/BenchmarksApps/TLS/HttpSys/Program.cs

@@ -12,6 +12,7 @@
 var tlsRenegotiationEnabled = bool.TryParse(builder.Configuration["tlsRenegotiation"], out var tlsRenegotiationEnabledConfig) && tlsRenegotiationEnabledConfig;
 var certPublicKeySpecified = int.TryParse(builder.Configuration["certPublicKeyLength"], out var certPublicKeyConfig);
 var certPublicKeyLength = certPublicKeySpecified ? certPublicKeyConfig : 2048;
+var urlPrefix = builder.Configuration["httpSysUrlPrefix"];
 
 // endpoints
 var listeningEndpoints = builder.Configuration["urls"] ?? "https://localhost:5000/";
@@ -38,10 +39,12 @@
     // meaning client can send a certificate, but it can be explicitly requested by server as well (renegotiation)
     options.ClientCertificateMethod = ClientCertificateMethod.AllowRenegotation;
 
-    foreach (var listeningEndpoint in listeningEndpoints.Split(";"))
+    if (!string.IsNullOrEmpty(urlPrefix))
     {
-        options.UrlPrefixes.Add(listeningEndpoints);
-        Console.WriteLine("Added allowed url-prefix: " + listeningEndpoint);
+        // Specific "hostname" to listen on.
+        // This turns on host validation on http.sys layer
+        options.UrlPrefixes.Add(urlPrefix);
+        Console.WriteLine("Set specific url-prefix for Http.Sys: " + urlPrefix);
     }
 });
 #pragma warning restore CA1416 // Can be launched only on Windows (HttpSys)

src/BenchmarksApps/TLS/HttpSys/appsettings.json

@@ -4,6 +4,5 @@
       "Default": "Information",
       "Microsoft.AspNetCore": "Warning"
     }
-  },
-  "AllowedHosts": "*"
+  }
 }