• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 452
  • Last Modified:

Hosting website with ssl and non-ssl content

I've today finally managed to setup a ssl certificate on my test server (xp pro / iis5.1) so website / application is accessible only via https which is great.
However, I'd ideally like a landing page which requires no security with a link to the 'secure area'. At the moment, a normal http request gives the error 'must be viewed over a secure channel' which is as expected. Basically, I'm envisaging a normal website residing on a server, with a secure login page available to use an internal application.
I'm unsure how to achieve my goal or whether it's possible on xp. Any help appreciated, thanks.
0
nigelr99
Asked:
nigelr99
  • 5
1 Solution
 
nigelr99Author Commented:
OK.. I've found a solution but would like some comments from someone who has experience in this area. Is this a legitimate way to solve the problem? Basically, I'm preventing any necessary pages to be opened without ssl by redirecting to https if port 80 detected.

At the start of every page I want to be secure, I've added the code shown http://support.microsoft.com/kb/239875

Thanks
<%
   If Request.ServerVariables("SERVER_PORT")=80 Then
      Dim strSecureURL
      strSecureURL = "https://"
      strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
      strSecureURL = strSecureURL & Request.ServerVariables("URL")
      Response.Redirect strSecureURL
   End If
%>

Open in new window

0
 
nigelr99Author Commented:
(Didn't explain that very well.. I've unchecked the ssl requirement on the overall website to allow a normal http landing page but then forced https on all secure pages with the shown ms code.)
0
 
pcsmitpraCommented:
You can try this: Go to your IIS 5.1 , Locate the website , keep SSL for whole site , then go to default page , right click properties  , Fiel Security , Secure communication Edit , Uncheck the Require SSL for this page and other SSL secure options.

Try to browse the page on http port 80 .  Rest all pages you can keep working without SSL code, so overhead will be escaped.

Hope this will help.
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
nigelr99Author Commented:
Thanks - I'll try that asap (sorry for slow response, working on different projects on different days.)
0
 
nigelr99Author Commented:
I specifed SSL for the whole site and then un-checked for my index.htm page but I get the error 'SSL required for this site' (or words to that effect). I've decided the overhead of my original code is not substantial as it only re-directs to https if a user specifically requests a page on http which 'should' never happen as they come through the login page in the first place.
0
 
nigelr99Author Commented:
This seems the best solution - it works and unless somebody maliciously attempts to access the secure pages using http deliberately, there should be little or no overhead.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now