Solved

Hosting website with ssl and non-ssl content

Posted on 2011-03-02
6
430 Views
Last Modified: 2012-05-11
I've today finally managed to setup a ssl certificate on my test server (xp pro / iis5.1) so website / application is accessible only via https which is great.
However, I'd ideally like a landing page which requires no security with a link to the 'secure area'. At the moment, a normal http request gives the error 'must be viewed over a secure channel' which is as expected. Basically, I'm envisaging a normal website residing on a server, with a secure login page available to use an internal application.
I'm unsure how to achieve my goal or whether it's possible on xp. Any help appreciated, thanks.
0
Comment
Question by:nigelr99
  • 5
6 Comments
 

Accepted Solution

by:
nigelr99 earned 0 total points
ID: 35021561
OK.. I've found a solution but would like some comments from someone who has experience in this area. Is this a legitimate way to solve the problem? Basically, I'm preventing any necessary pages to be opened without ssl by redirecting to https if port 80 detected.

At the start of every page I want to be secure, I've added the code shown http://support.microsoft.com/kb/239875

Thanks
<%
   If Request.ServerVariables("SERVER_PORT")=80 Then
      Dim strSecureURL
      strSecureURL = "https://"
      strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
      strSecureURL = strSecureURL & Request.ServerVariables("URL")
      Response.Redirect strSecureURL
   End If
%>

Open in new window

0
 

Author Comment

by:nigelr99
ID: 35022260
(Didn't explain that very well.. I've unchecked the ssl requirement on the overall website to allow a normal http landing page but then forced https on all secure pages with the shown ms code.)
0
 
LVL 15

Expert Comment

by:pcsmitpra
ID: 35025861
You can try this: Go to your IIS 5.1 , Locate the website , keep SSL for whole site , then go to default page , right click properties  , Fiel Security , Secure communication Edit , Uncheck the Require SSL for this page and other SSL secure options.

Try to browse the page on http port 80 .  Rest all pages you can keep working without SSL code, so overhead will be escaped.

Hope this will help.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:nigelr99
ID: 35062463
Thanks - I'll try that asap (sorry for slow response, working on different projects on different days.)
0
 

Author Comment

by:nigelr99
ID: 35087213
I specifed SSL for the whole site and then un-checked for my index.htm page but I get the error 'SSL required for this site' (or words to that effect). I've decided the overhead of my original code is not substantial as it only re-directs to https if a user specifically requests a page on http which 'should' never happen as they come through the login page in the first place.
0
 

Author Closing Comment

by:nigelr99
ID: 35221258
This seems the best solution - it works and unless somebody maliciously attempts to access the secure pages using http deliberately, there should be little or no overhead.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question