Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SSL showing against wrong domain on shared server

Posted on 2008-10-13
3
Medium Priority
?
232 Views
Last Modified: 2008-10-22
I have a webserver which contains numerous domains.  One of these domains has an SSL applied to it, running on port 443 as normal.

However, because all of the domains share the same IP address, you can simply type any of the domains behind a https:// and it'll pass them to the one with the SSL!

So, if I have the following domain which has the SSL applied to it:

https://www.firstdomain.com/cart.asp

I can easily use:

https://www.anyotherdomainonthisserver.com/cart.asp 

to get to the same place!  This has the effect of showing scripts under a domain that they aren't actually under.

Does anyone know how I can isolate this such that any https call to domains OTHER than the one on which the SSL exists cause a failure or redirect?

Thanks,

Tony
0
Comment
Question by:xxiantweb
  • 2
3 Comments
 
LVL 4

Expert Comment

by:palner
ID: 22705395
SSL has the problem of using only 1 IP address. Microsoft does allow using multiple SSL with 1 IP address and a wildcard SSL, however *.singledomain.com generally isn't wanted when hosting multiple domain names.

One way to hide the ssl is if all pages were using .asp or .net. You can then check the domain (from the server variable) and if it doesnot match, redirect to the non-ssl site.

There are many approaches, this one worked best for us... we used this method and a 403 error that was also an asp with a simple redirect.
0
 
LVL 10

Assisted Solution

by:RubalJ
RubalJ earned 600 total points
ID: 22705870
SSL Domain should be on a dedicated IP. If you setup dedicated IP for site and point WWW A record on that dedicated IP and change the HTTPS IP to that dedicated one with port 443 then it'll resolve your issue.

0
 
LVL 4

Accepted Solution

by:
palner earned 900 total points
ID: 22706000
Since all domains are using that IP, he'll still need a way of stopping the other domains from hitting the ssl and questioning the non-matching domain name.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question