Solved

SSL showing against wrong domain on shared server

Posted on 2008-10-13
3
226 Views
Last Modified: 2008-10-22
I have a webserver which contains numerous domains.  One of these domains has an SSL applied to it, running on port 443 as normal.

However, because all of the domains share the same IP address, you can simply type any of the domains behind a https:// and it'll pass them to the one with the SSL!

So, if I have the following domain which has the SSL applied to it:

https://www.firstdomain.com/cart.asp

I can easily use:

https://www.anyotherdomainonthisserver.com/cart.asp 

to get to the same place!  This has the effect of showing scripts under a domain that they aren't actually under.

Does anyone know how I can isolate this such that any https call to domains OTHER than the one on which the SSL exists cause a failure or redirect?

Thanks,

Tony
0
Comment
Question by:xxiantweb
  • 2
3 Comments
 
LVL 4

Expert Comment

by:palner
ID: 22705395
SSL has the problem of using only 1 IP address. Microsoft does allow using multiple SSL with 1 IP address and a wildcard SSL, however *.singledomain.com generally isn't wanted when hosting multiple domain names.

One way to hide the ssl is if all pages were using .asp or .net. You can then check the domain (from the server variable) and if it doesnot match, redirect to the non-ssl site.

There are many approaches, this one worked best for us... we used this method and a 403 error that was also an asp with a simple redirect.
0
 
LVL 10

Assisted Solution

by:RubalJ
RubalJ earned 200 total points
ID: 22705870
SSL Domain should be on a dedicated IP. If you setup dedicated IP for site and point WWW A record on that dedicated IP and change the HTTPS IP to that dedicated one with port 443 then it'll resolve your issue.

0
 
LVL 4

Accepted Solution

by:
palner earned 300 total points
ID: 22706000
Since all domains are using that IP, he'll still need a way of stopping the other domains from hitting the ssl and questioning the non-matching domain name.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question