On my windows 2003 server I have two websites: 2send.co.il & oferavnir.co.il
For 2send.co.il I installed SSL.
When I adding Https to oferavnir.co.il (the site without the SSL) the other site content is displayed -
(https://oferavnir.co.il displays the content from 2send.co.il)
Host headers for both site seems to be ok.
What could it be?
By default, the SSL certificate is probably bound to all IP addresses on your server. If you have individual IPs for each site, you can update the binding to only listen on the IP for 2send.co.il. If you are using host headers and a single IP, the 2send.co.il site will respond for all https requests. You could use a product like ISAPI Rewrite to check the URL used for an HTTPS request and ensure that it matches 2send.co.il or else route it to the appropriate http site for the URL
http://forums.iis.net/t/1195794.aspx/1?HTTPS+displays+other+site+contnet
Related
Most of the website which use https protocol to communicate have the HTTP port of the web server in open position. Is there any need for it to be left open ?
If the website serve https, it may leaves http open to redirect requests to https: Even if the websites use HSTS preloaded, older browsers may not be aware.
Links to the websites may be (wrongly) prefixed by http://
Users can write the domain name in the url (so the browser will prefix by http://)
There is few security advantage to close the http ports for an https only website.
I want to move some websites from server 1 to server 2.
My clients have A records pointing to the IP address of server 1. Without updating their DNS records, how can I automatically forward request for those domains from server 1 to server 2?
Thanks
Graham
This image is from an article regarding Exchange, but the IIS settings are relevant.
You can redirect at the HTTP level by specifying a URL redirect in IIS's HTTP Redirect settings:-
However, for this approach to work you will need a new domain for your sites. e.g. if the A record resolves www.example.com to Server 1 you will need to redirect to another URL (e.g. www.example.edu) that already resolves to Server 2.
Another option is to setup a reverse proxy using IIS on Server 1:
Today there was a question in the IIS.net Forums asking how to expose two different Internet sites from another site making them look like if they were subdirectories in the main site.
So for example the goal was to have a site: www.site.com expose a www.site.com/company1 and a www.site.com/company2 and have the content from www.company1.com served for the first one and www.company2.com served in the second one
So slightly different requirements (the article only wants a subdirectory rather than the whole site), but the same concept will apply.
I am hosting my public facing site at a shared host (Hostgator) with the domain pointing to the same. I also have my application hosted on a dedicated server with a different host. Both servers have their own SSL certificates installed.
Is there any way to edit the .htaccess file to do the following:
https://www.domain.com/CUSTOMER redirects to https://x.x.x.x/CUSTOMER while the browser still shows www.domain.com/CUSTOMER?
I'm vary of using frames due to the SSL ramifications. My domain registrar is Hostway and they do not offer URL masking/forwarding.
This can be done by making your server act as a proxy. Even if you have no access to the servers configuration you might be lucky that apaches proxy module is loaded: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
If so you can 'map' the remote site (IP) as if being served by your normal server.
Also apaches rewriting module can make use of that module by using the [P] flag in a RewriteRule.
Be sure you have a copy of that site on the different server, preverally with the same database, so you don't get in trouble with i.e. order numbers or user logins between http and https. The certificate server must be the web server for your SSL provided web content.
Take a look here foor further informations. "Google Search Result"
I recently moved servers and redeveloped the website at the same time. Previously all pages were served via https and I wanted to change this so only cart pages were via https. Also I wanted to clean up the url a bit. Old urls were:
https://secure.mydomain.com/onlinestore/index.php
and I removed the secure prefix and the subfolder so it is now:
http://www.mydomain.com/index.php
Problem is I wanted people who clicked on old links or bookmarks to be redirected to the new page. I got this working with htaccess. However the new SSL only covers the root domain and not the secure subdomain. So if someone clicks an old link it brings up "This Connection is Untrusted" before it can redirect. Works fine if i change https to http.
So what I want to know is if there is anyway I can force http instead of https before it checks the SSL cert.
Hope that makes sense!
The short answer is no. With conventional SSL, your web server doesn't even get to see the URL before certificate negotiation happens. It just sees a connection on port 443 and starts doing SSL negotiation. The browser then sees the mismatched cert and throws an exception.
However, more modern browsers and web servers (see Wikipedia for the list) support a TLS extension called Server Name Identification (SNI), which allows the client to send the hostname it's requesting before the server has to respond with a certificate. At that point you'll need to have certificates for both secure.mydomain.com and www.mydomain.com on that server, and it'll need to be configured to respond with the proper certificate.
I have two domain on one ip in IIS. One of the sites bound to https. When in browser i add https to the first domain name, i open the second site, how to fix it?
I'm guessing you're using HTTP host headers here.
SSL doesn't support host headers so you'll need two IP addresses. One for the SSL site and one for the other site (which you can keep on using for non-ssl sites provided you keep using host headers).