• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 166
  • Last Modified:

http and https on same website

I am running windows 2000 advanced server, with a ssl certificate on one of our websites.  SSL appears to be working fine.

I am also running a php script (Oscommerce) that has both 'http' and 'https' links.  When I enable SSL on my website, ALL of the URLS need to start with https, so the http links don't work.  Also, my customers won't know to enter the 's' in front of the http, so that is a bad thing too.

So my question is, is it possible to have both http and https enabled on the same website? or do I have to have a workaround (Subdomains???)

TIA

Grandma
0
gobluegrandma
Asked:
gobluegrandma
1 Solution
 
beem4nCommented:
Hi,

yes it is possible, because in default environment
http uses 80 port and https use 443; go harvest you IIS options

anyway, if you cannot run it together you can do such a trick
make a web site, http running on 80 and name it mysite.com
after a user connects to it , redirect it to https://secure.mysite.com

0
 
zvitamConsultantCommented:
here is some more in-depth information:

http://www.codeproject.com/aspnet/WebPageSecurity.asp
0
 
gobluegrandmaAuthor Commented:
Well, it seems that if I disable the "Enable SSL" in the Web Properties on Information Services, both http and httpS URLS work.  

I was under the assumption that you need to check this option for the SSL to kick in and work. I guess all it does is make ALL the URLS secure.

Thank you for your help
Grandma
0
 
Rich RumbleSecurity SamuraiCommented:
Yes, you can run both on the same server, http://www.iisfaq.com/?View=A407&Print=1
Typically you'd make a link to the "Secure" version of the site on the "un-secure" site, BUT with IIS I think you have to have a SECOND IP address to use... remember you need a second IP address for using an SSL (aka httpS) site. A Vhost will not use SSL.

or perhaps look at this answer from EE
http://www.experts-exchange.com/Networking/Microsoft_Network/Q_20773279.html
This little piece of vb code accomplishes both. All you have to do is copy this code into notepad and save it as an asp page in your default directory for the site you're working with, then enable it as the default document. This obviously prevents you from running anything else on the default web site...

<%

     If Request.ServerVariables("SERVER_PORT")=80 or Request.ServerVariables("SERVER_PORT")=443 Then
          Dim strSecureStr
          strSecureURL = "https://"
          strSecureURL = strSecureURL & "mail.domain.com"
          strSecureURL = strSecureURL & "/exchange"
          Response.Redirect strSecureURL
     End If
     %>

This code will basically take anything that comes in on port 80 OR port 443 and redirect it to https:// AND /exchange. If you're not redirecting to a virtual directory you'd just take that line out, and it would redirect anything coming in on 80 or 443 to httpS/.

-rich
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now