- Posts: 521
- Thank you received: 0
Multiple Web Sites and SSL
18 years 1 month ago #17707
by tfs
Thanks,
Tom
Multiple Web Sites and SSL was created by tfs
We have a server at work that handles 4 web sites. We are running IIS6 and have to have at least on secure page on each web site.
Standard Port for SSL is 443. The problem is that you can only have one Web Site (application) using an SSL port.
We solved the problem by using non-standard ports 8443, 8444,8445,8446 - one for each site.
This works fine for most cases. The problem is that we now find that you will have problems with companies that have Proxy servers. They apparently have only 443 open for SSL by default. So any company that signs up with us that have a Proxy Server would have to modify the Proxy to allow one of these non-standard ports. Not really a good idea.
The only way around this problem (that I can figure out) is to have one Server for each Web Site. Very expensive. Especially since a couple of these sites have very little traffice (at the moment).
So if I have 6 web sites I would need 6 servers.
Is there a better way around this problem?
Standard Port for SSL is 443. The problem is that you can only have one Web Site (application) using an SSL port.
We solved the problem by using non-standard ports 8443, 8444,8445,8446 - one for each site.
This works fine for most cases. The problem is that we now find that you will have problems with companies that have Proxy servers. They apparently have only 443 open for SSL by default. So any company that signs up with us that have a Proxy Server would have to modify the Proxy to allow one of these non-standard ports. Not really a good idea.
The only way around this problem (that I can figure out) is to have one Server for each Web Site. Very expensive. Especially since a couple of these sites have very little traffice (at the moment).
So if I have 6 web sites I would need 6 servers.
Is there a better way around this problem?
Thanks,
Tom
18 years 1 month ago #17708
by d_jabsd
Replied by d_jabsd on topic Re: Multiple Web Sites and SSL
You don't need 6 servers, but you do need 6 IPs and you need to specify which site is listening on each IP. By default, IIS listens on all interfaces and addresses for every site you configure.
The default works great for non-ssl sites, as it is just name-based hosting, but ssl doesn't work with name-based hosting.
The default works great for non-ssl sites, as it is just name-based hosting, but ssl doesn't work with name-based hosting.
18 years 1 month ago #17712
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Multiple Web Sites and SSL
Another way that may work with this is if you publish through ISA Server. If you terminate the SSL connections on the ISA Server you can then publish to the correct host header on HTTP only on the inside, then the host headers will take over. I have never really tested it but i believe this is easy to acheive.
Hope that makes sense.
Cheers
Hope that makes sense.
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
18 years 1 month ago #17741
by d_jabsd
Replied by d_jabsd on topic Re: Multiple Web Sites and SSL
Smurf,
Thats not a bad idea and its how SSL Accelerators (like the ones offered by F5) usually work, soo it shouldn't be too difficult to do. You could probably share the cert between 2 ISA boxen for redunancy if it allows it.
Thats not a bad idea and its how SSL Accelerators (like the ones offered by F5) usually work, soo it shouldn't be too difficult to do. You could probably share the cert between 2 ISA boxen for redunancy if it allows it.
Time to create page: 0.132 seconds