?
Solved

Hosting website with ssl and non-ssl content

Posted on 2011-03-02
6
Medium Priority
?
445 Views
Last Modified: 2012-05-11
I've today finally managed to setup a ssl certificate on my test server (xp pro / iis5.1) so website / application is accessible only via https which is great.
However, I'd ideally like a landing page which requires no security with a link to the 'secure area'. At the moment, a normal http request gives the error 'must be viewed over a secure channel' which is as expected. Basically, I'm envisaging a normal website residing on a server, with a secure login page available to use an internal application.
I'm unsure how to achieve my goal or whether it's possible on xp. Any help appreciated, thanks.
0
Comment
Question by:nigelr99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
6 Comments
 

Accepted Solution

by:
nigelr99 earned 0 total points
ID: 35021561
OK.. I've found a solution but would like some comments from someone who has experience in this area. Is this a legitimate way to solve the problem? Basically, I'm preventing any necessary pages to be opened without ssl by redirecting to https if port 80 detected.

At the start of every page I want to be secure, I've added the code shown http://support.microsoft.com/kb/239875

Thanks
<%
   If Request.ServerVariables("SERVER_PORT")=80 Then
      Dim strSecureURL
      strSecureURL = "https://"
      strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
      strSecureURL = strSecureURL & Request.ServerVariables("URL")
      Response.Redirect strSecureURL
   End If
%>

Open in new window

0
 

Author Comment

by:nigelr99
ID: 35022260
(Didn't explain that very well.. I've unchecked the ssl requirement on the overall website to allow a normal http landing page but then forced https on all secure pages with the shown ms code.)
0
 
LVL 15

Expert Comment

by:pcsmitpra
ID: 35025861
You can try this: Go to your IIS 5.1 , Locate the website , keep SSL for whole site , then go to default page , right click properties  , Fiel Security , Secure communication Edit , Uncheck the Require SSL for this page and other SSL secure options.

Try to browse the page on http port 80 .  Rest all pages you can keep working without SSL code, so overhead will be escaped.

Hope this will help.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:nigelr99
ID: 35062463
Thanks - I'll try that asap (sorry for slow response, working on different projects on different days.)
0
 

Author Comment

by:nigelr99
ID: 35087213
I specifed SSL for the whole site and then un-checked for my index.htm page but I get the error 'SSL required for this site' (or words to that effect). I've decided the overhead of my original code is not substantial as it only re-directs to https if a user specifically requests a page on http which 'should' never happen as they come through the login page in the first place.
0
 

Author Closing Comment

by:nigelr99
ID: 35221258
This seems the best solution - it works and unless somebody maliciously attempts to access the secure pages using http deliberately, there should be little or no overhead.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of cou…
Introduction HyperText Transfer Protocol (http://www.ietf.org/rfc/rfc2616.txt) or "HTTP" is the underpinning of internet communication.  As a teacher of web development I have heard many questions, mostly from my younger students who have come to t…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question