Non https web sites display the content of https sites - linux

We have a cpanel server that hosts some web sites. we have 2 hosts that use SSL. When I open a non SSL website with http:// everything is ok but when I type https:// , it shows the contents of one of the SSL websites instead of displaying not found error!!
Usually the first one which is defined in httpd.conf.
I also signed up in cPanel forum, but I do not know how to post a new question!! I cannot find post a question or new post or something like that.
Any help is appreciated.

Your question is really confusing. It would be better if you can edit and elaborate your question. Still let me guess your question and answer it.
Your cPanel server has hosted more than one websites, out of them only two have SSL certificate. Let me guess those two sites as abc.com and xyz.com. Now if I have understood your question properly, when you try to access 123.com (which is non HTTPS website) with HTTPS it is showing content of abc.com.
If yes, then this case refers to SSL misconfiguration. To solve this issue, SSL certificate should be installed properly on both websites and only those two sites can be accessible with HTTPS. It is advisable to use SSL Certificate checker for both sites to know whether SSL is installed properly or not.

Related

Redirect a request to a colud server from a godady server with .htaccess

Hi everyone need your support with the following problem. Please do apologies if I confuse you in anyways with my explanation.
I have a add-on domain (example.com) pointed to a Godaddy Linux server, domain is also in the Godaddy same account.
The web application for "example.com" is a Laravel 5.6 based one, and the web app has 'Get' type search form which needs to be forwarded to another Windows IIS server's port with all the query strings where another web app is hosted. the action of the from will be similar to below.
Request => http://sub1.example.com/route/method?var=val1&var2=val2&var3=val3
From this point on-wards the application has to continue work from the IIS server with the subdomain, which mean I am not expecting any replies from this IIS server to the Linux server.
Its been advised to use the subdomain to mask the forwarding to the IIS server, so I did like above with sub1 sub-domain. This subdomain has to be forwarded to a server's port as I mentioned above, something similar to below.
http://sub1.example.com => http://xxx.xxx.xxx.xx:9596
I did tried with the Godaddy's default subdomain forwarding with masking, but the query strings are not being forwarded and shows "Destination Unknown" error.
In a online forum its been advised not to go with Godaddy's forwarding instead go with .htaccess to have more control.
Therefore any possible solutions or your support with the redirection with .htaccess from web application to the external web server's specific port along with the query strings would be a life saver.
Thank you in advance.
As per the GoDaddy support, the domain forwarding to a IP's port is not possible with the Shared hosting.
The support suggested to go-ahead with the VPS and configure.
Please do comment, if this is wrong statement!

How to resolve HTTP and HTTPs config in DNS level?

I have my domain pointed in Cloudflare with SSL. My website runs with HTTPS protocol. The reason i mention them running is this.
I have my blog at blogspot and want to give it custom domain name which google allows. Unfortunately google wont allow HTTPS there. I had created my blog like this in DNS as blog.domain.com which runs as https://blog.domain.com and if i host this subdomain via Github, it opens correctly. The problem is when i use this subdomain in blogger, then there arises conflict and my site goes offline. Where am i mistaking in setting up all this?
Don't enable full or restricted SSL option in cloudflare. Use flexible SSL instead. This will setup things correctly.

SSL Configuration Issue on IIS 6

Need help with this odd issue.
I installed an SSL Certificated from GoDaddy for a site hosted on our server (lets call this example.com). This is a Windows 2003 Server with IIS 6 with several domains hosted on it. The SSL installed properly.
However, now if I type any url of a different domain (say example.org) hosted on this same server with HTTPS, I get the following error in Chrome:
Your connection is not private
Attackers might be trying to steal your information from
(for example, passwords, messages, or credit cards).
NET::ERR_CERT_COMMON_NAME_INVALID
Firefox will also give similar errors.
example.org has no SSL associated with it and there are no other SSL Certificates for any other sites either.
I am at a loss as to how ALL sites on the server are loading with SSL. Funny thing is that clicking on the link in browser error loads the Site to which SSL is assigned, but URL remains the same.
Ex. I type https://example.org (NO SSL Associated with this site) and type enter
I see the error above
If I click on Proceed to example.org (unsafe), it takes me to https://example.org but the content loads for domain example.com which has the SSL certificate bound to it.
I have checked Metabase for Bindings and seems clean.
I have deleted the SSL certificate and installed a fresh one issued from Godaddy
Tried deleting the site from IIS and recreating the whole thing but still no difference.
No other site has any host headers for SSL Port 443
Any ideas on how this can be resolved so that ALL Sites don't load on SSL? Thanks in advance.
Go to IIS Manager.
Open property page of website where you dont need SSL (example.org as mentioned in question) by right click on website and select properties.
Go to directory security tab
Click Edit button located in ottom section of tab.
Verify if very first checkbox called "Require secure channel(SSL)" is UNCHECKED.

.htaccess redirection to an IP Address of a different server

I am hosting my public facing site at a shared host (Hostgator) with the domain pointing to the same. I also have my application hosted on a dedicated server with a different host. Both servers have their own SSL certificates installed.
Is there any way to edit the .htaccess file to do the following:
https://www.domain.com/CUSTOMER redirects to https://x.x.x.x/CUSTOMER while the browser still shows www.domain.com/CUSTOMER?
I'm vary of using frames due to the SSL ramifications. My domain registrar is Hostway and they do not offer URL masking/forwarding.
This can be done by making your server act as a proxy. Even if you have no access to the servers configuration you might be lucky that apaches proxy module is loaded: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
If so you can 'map' the remote site (IP) as if being served by your normal server.
Also apaches rewriting module can make use of that module by using the [P] flag in a RewriteRule.
Be sure you have a copy of that site on the different server, preverally with the same database, so you don't get in trouble with i.e. order numbers or user logins between http and https. The certificate server must be the web server for your SSL provided web content.
Take a look here foor further informations. "Google Search Result"

How should I get rid of an SSL error on accessing parked domain in https using .htaccess?

I'm a beginner in .htaccess and I need help. We have this website with its store module in https. We also have a parked domain pointing to this website. The problem is, when I type "https://www.parked_domain_name.com/store/" in the address bar, I get an SSL error. However, when I type "http://www.parked_domain_name.com/store/" on the address bar, it redirects to "https://www.parked_domain_name.com/store/" without getting any SSL errors. How can I view the store w/o SSL errors when I type "https://www.parked_domain_name.com/store/" in the address bar?
In general, you can only have HTTPS running on a single domain name for a site.
There are exceptions, for example a certificate for *.example.org would let you run HTTPS on both www.example.org and web.example.org subdomains. Also, some certificate providers will issue certificates for a fixed list of several domain names.
But in common usage, one IP address can have only one certificate, and one certificate can have only one domain name.
The behaviour you describe of the http URL redirecting the the https URL without warnings does not sound like it is possible. Perhaps try a few different browsers - they all act a bit differently on this front. How you reached the URL is not relevant. If you access example.org over HTTP and the certificate says anotherdomain.com then you will get SSL warnings.
You're best off running the site only on e.g. https://example.org/ and redirecting any other domains to that one, rather than hosting the site from multiple domains.
I hope this helps.

Resources