Solved

Hosting website with ssl and non-ssl content

Posted on 2011-03-02
6
435 Views
Last Modified: 2012-05-11
I've today finally managed to setup a ssl certificate on my test server (xp pro / iis5.1) so website / application is accessible only via https which is great.
However, I'd ideally like a landing page which requires no security with a link to the 'secure area'. At the moment, a normal http request gives the error 'must be viewed over a secure channel' which is as expected. Basically, I'm envisaging a normal website residing on a server, with a secure login page available to use an internal application.
I'm unsure how to achieve my goal or whether it's possible on xp. Any help appreciated, thanks.
0
Comment
Question by:nigelr99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
6 Comments
 

Accepted Solution

by:
nigelr99 earned 0 total points
ID: 35021561
OK.. I've found a solution but would like some comments from someone who has experience in this area. Is this a legitimate way to solve the problem? Basically, I'm preventing any necessary pages to be opened without ssl by redirecting to https if port 80 detected.

At the start of every page I want to be secure, I've added the code shown http://support.microsoft.com/kb/239875

Thanks
<%
   If Request.ServerVariables("SERVER_PORT")=80 Then
      Dim strSecureURL
      strSecureURL = "https://"
      strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
      strSecureURL = strSecureURL & Request.ServerVariables("URL")
      Response.Redirect strSecureURL
   End If
%>

Open in new window

0
 

Author Comment

by:nigelr99
ID: 35022260
(Didn't explain that very well.. I've unchecked the ssl requirement on the overall website to allow a normal http landing page but then forced https on all secure pages with the shown ms code.)
0
 
LVL 15

Expert Comment

by:pcsmitpra
ID: 35025861
You can try this: Go to your IIS 5.1 , Locate the website , keep SSL for whole site , then go to default page , right click properties  , Fiel Security , Secure communication Edit , Uncheck the Require SSL for this page and other SSL secure options.

Try to browse the page on http port 80 .  Rest all pages you can keep working without SSL code, so overhead will be escaped.

Hope this will help.
0
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

 

Author Comment

by:nigelr99
ID: 35062463
Thanks - I'll try that asap (sorry for slow response, working on different projects on different days.)
0
 

Author Comment

by:nigelr99
ID: 35087213
I specifed SSL for the whole site and then un-checked for my index.htm page but I get the error 'SSL required for this site' (or words to that effect). I've decided the overhead of my original code is not substantial as it only re-directs to https if a user specifically requests a page on http which 'should' never happen as they come through the login page in the first place.
0
 

Author Closing Comment

by:nigelr99
ID: 35221258
This seems the best solution - it works and unless somebody maliciously attempts to access the secure pages using http deliberately, there should be little or no overhead.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question