Site Zone Assignment List Wild Card Movies

Does IIS support wildcard host header? Can I capture and redirect * to one web site?

The answer is Yes/No. Yes, because you are able to redirect * to one web site. No, because the magic is in DNS and not IIS.

Here's how you do it:
At IIS MMC, configure a web site with NO host header, then assign an IP address to the site. (if you have one IP address in the box, then you can skip this). With this, the web site will bound to the specific IP and will listen to all HTTP requests send to the IP, and you are done :)

Next step is to make sure your name resolution works for the wildcard query and reply with the correct IP address. If you using Microsoft DNS service, it won't allow you to create a '*' A record (assuming you already created the domain zone in DNS MMC), you need to do the following:

  1. Navigate to
  2. Find the zone file. E.g., open it with Notepad
  3. Add an entry. E.g.
  4. Save the zone data file
  5. Reload the zone data in DNS MMC.

Take note that by doing this, all * will response to the IP that you configured earlier. E.g.,, and etc.

To verify that it is working, try ping utility and you should get replies from IP.IP.IP.IP

Then try browsing, http:// (insert anything here), you should get the same web page that you have configured.


Internet Explorer site to zone assignments - is it valid and why not?

Hi there.

Time for a new post finally... Recently, I got involved in a discussion about IE zone assignments via Group Policy. This post discusses which entries are valid or not.

How to assign a site to a zone?

There are two possible ways to assign a security zone to a URL:
  1. Native Group Policy - MVP colleague Alan Burchill has a nice tutorial on that:
  2. Registry (through Group Policy Preferences Registry) - MVP colleague Joseph Moody has a nice tutorial on that:
The first method prevents users from adding sites on their own. If this is desired, use it. The second method allows users to add sites on their own. 

What can I add as a site?

Site to zone assignments (s2z) takes URLs. A URL basically has up to 5 parts:
  • Protocol (http, ftp, file...)
  • User and password (
  • Hostname ( or IP address
  • Port (
  • Path ( 
s2z always requires a hostname or IP adress - for file:// it requires a server and optionally a share. User and password is never allowed. The protocol is optional. Port and path can be entered in the assignment, but are stripped upon processing.

If a hostname is provided, it must be either a plain hostname (no domain part) or a FQDN that consists of at least 3 parts. Hosts in root domains are not possible. If the FQDN consists of 3 parts only, the second level domain must have more than 2 characters in Windows versions prior to 10.

In addition, s2z supports wildcards. To be precise, it supports exactly 2 asterisk wildcards - one for the protocol and one for the plain host name in a FQDN or for the last part of an IP address. Repeat that: It is only 2 * wildcards (no ?), and they are only allowed for the protocol and for the plain host name or last IP address part - nowhere else.

If you have invalid entries, all valid entries will be still processed. s2z will log an event to the group policy eventlog with ID 1085 and error code 87 ("The parameter is incorrect"). Unfortunately, it will not add the site that caused the error to the event nor will it add the GPO that contained that entry.

So in case of errors it is up to you, the busy admin, to identify the invalid entries. To do so, check all GPOs for s2z entries and validate them. To assist you with this task, Microsoft provides some valid and invalid patterns here:

And to further assist you, here are some more comprehensive samples of s2z entries and explanations why they are valid or not.

Valid entries


    Valid entry - consist of a fully qualified host name (FQDN). Since no protocol is specified, it will be applied for all protocols.
  • https://intranet

    Valid entry - consist of a protocol and a plain host name. Since no domain is specified, it will be applied to a host sitting in the primary dns suffix domain.

    Partially valid entry - consist of protocol, host and port. The port will be transparently stripped, it will be applied for all ports on that host.

    Partially valid entry - consist of protocol, host and path. The path will be transparently stripped, it will be applied for all paths on that host.
  • *://

    Valid entry - since the protocol is a wildcard, it is identical to specifying (without a protocol)
  • *

    Valid entry - since the plain hostname is a wildcard, it applies to all hosts in the domain

    Valid entry - IP addresses are allowed as well as hostnames.
  • 192.168.1-255.*

    Valid entry - consists of an IP range and a wildcard for all hosts in that range.

    Valid entry - but be aware that this is not an entry for the host microsoft in the domain com, but s2z converts this to * This is an implication of one of the rules above: If you use a FQDN, it must consist of at least 3 parts. Since we have only 2 parts here, s2z assumes this to be a domain.

Invalid entries

  • *

    Invalid entry - a wildcard is not allowed as a part of the hostname, but for the whole hostname only.
  • www.mycorp.*

    Invalid entry - the wildcard replaces a part of the domain.
  • www.*

    Invalid entry (same as above) - the wildcard replaces a part of the domain.
  • http*://

    Invalid entry - a wildcard is not allowed as a part of the protocol, but for the whole protocol only (which of course is the same as omitting the protocol at all).
  • 192.168.*.1

    Invalid entry - a wildcard for IP addresses can only be used in the last position.
  • *.*

    Invalid entry - only one wildcard is allowed, and only for the hostname.
Remark: In earlier versions of windows, if you provided a wildcard with a second level domain with only two letters (* e.g.), this was an invalid entry. This was to prevent the whole SLD of some countrys to be added. At the time of this writing, this type of entry has become valid in Windows 10.


The discussion I mentioned above involved those two guys I wish to give credits:

MVP Jeremy Moskowitz - and

IT Consultant Carl Webster -, specifically which was the first result of our discussion. Thanks Carl for clarifying the thing about ports and paths that get stripped and the second level domain auto-wildcarding :)

0 Replies to “Site Zone Assignment List Wild Card Movies”

Lascia un Commento

L'indirizzo email non verrĂ  pubblicato. I campi obbligatori sono contrassegnati *