Solved

http and https on same website

Posted on 2004-09-24
4
159 Views
Last Modified: 2013-12-04
I am running windows 2000 advanced server, with a ssl certificate on one of our websites.  SSL appears to be working fine.

I am also running a php script (Oscommerce) that has both 'http' and 'https' links.  When I enable SSL on my website, ALL of the URLS need to start with https, so the http links don't work.  Also, my customers won't know to enter the 's' in front of the http, so that is a bad thing too.

So my question is, is it possible to have both http and https enabled on the same website? or do I have to have a workaround (Subdomains???)

TIA

Grandma
0
Comment
Question by:gobluegrandma
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 4

Expert Comment

by:beem4n
ID: 12149367
Hi,

yes it is possible, because in default environment
http uses 80 port and https use 443; go harvest you IIS options

anyway, if you cannot run it together you can do such a trick
make a web site, http running on 80 and name it mysite.com
after a user connects to it , redirect it to https://secure.mysite.com

0
 
LVL 12

Expert Comment

by:zvitam
ID: 12154189
here is some more in-depth information:

http://www.codeproject.com/aspnet/WebPageSecurity.asp
0
 

Author Comment

by:gobluegrandma
ID: 12155404
Well, it seems that if I disable the "Enable SSL" in the Web Properties on Information Services, both http and httpS URLS work.  

I was under the assumption that you need to check this option for the SSL to kick in and work. I guess all it does is make ALL the URLS secure.

Thank you for your help
Grandma
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 12161451
Yes, you can run both on the same server, http://www.iisfaq.com/?View=A407&Print=1
Typically you'd make a link to the "Secure" version of the site on the "un-secure" site, BUT with IIS I think you have to have a SECOND IP address to use... remember you need a second IP address for using an SSL (aka httpS) site. A Vhost will not use SSL.

or perhaps look at this answer from EE
http://www.experts-exchange.com/Networking/Microsoft_Network/Q_20773279.html
This little piece of vb code accomplishes both. All you have to do is copy this code into notepad and save it as an asp page in your default directory for the site you're working with, then enable it as the default document. This obviously prevents you from running anything else on the default web site...

<%

     If Request.ServerVariables("SERVER_PORT")=80 or Request.ServerVariables("SERVER_PORT")=443 Then
          Dim strSecureStr
          strSecureURL = "https://"
          strSecureURL = strSecureURL & "mail.domain.com"
          strSecureURL = strSecureURL & "/exchange"
          Response.Redirect strSecureURL
     End If
     %>

This code will basically take anything that comes in on port 80 OR port 443 and redirect it to https:// AND /exchange. If you're not redirecting to a virtual directory you'd just take that line out, and it would redirect anything coming in on 80 or 443 to httpS/.

-rich
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question