SSL

[Jeff Clark]

I setup SSL.

Now users can see the site at port 80 and at port 443. i want to disable 80.

How to?

Thanks

 

[Ray at]

You won't do this with ASP. You should ask in an IIS group.

But do you really want your whole site to run in SSL? You should leave port
80 open at least for the sake of setting up a redirect from http to https.

Ray at work

 

[Mot Misthoff]

in the meantime you could always-

if Request.ServerVariables("HTTPS") = "off" then
response.redirect (https://www.redirect-to-this-page.com)
end if

 

[Jeff Clark]

noted and incorporated redirect and iis setting.
thanks

 

[Chris Barber]

Use host headers to 'hide' port 80 from IP based scanning?

Can you elaborate on why you want to disable port 80?

Chris.

I setup SSL.

Now users can see the site at port 80 and at port 443. i want to disable 80.

How to?

Thanks

 

[Jeff Clark]

cause i want to make sure that people go thru the secure site.

 

[Chris Barber]

Sound reasonable, I just wanted to check if this was more to do with
unwanted traffic to the IP address as opposed to a reasoned choice to drop
port 80.

You can specify that a specific website be hosted only on 443 (eg. https:\\)
or you can place a redirect in the global.asa to push all http:\\ traffic to
the https:\\ entry page when the first .asp page is viewed.

Chris.

cause i want to make sure that people go thru the secure site.

 

[Jeff Clark]

Ok how do I put another site only to be port 80?

you see, i have a secure.mydomain.com on the same machine as
www.mydomain.com

I don't want the 2 to intermingle. I see that I can "require 128 bit
encryption" on the SSL site.

But on the regular www site, I don't want them to use sssl 0 i want to force
port 80
thanks.

Even if i do a redirect in global.asa , that won't stop the guy from
changing the url to https on the next page

 

[Chris Barber]

OK,

Generally to run multiple sites on port 80 you have to use host headers.

eg.

http://www.4guysfromrolla.com/webtech/080200-1.shtml

Now to allow a specific site to be only available on the https:\\ (eg. port
443) then just remove the port 80 entries from the host headers and leave
the port 443 entries (these port 443 entries can only be added if you have a
cert installed I think).

Host headers are a way of creating 'multiple' websites hosted off one IP
address distinguished by the URL of the site domain as opposed to a blanket
resolution of all urls to that IP address.

The most common usage is to create host header and then drop the 'open' port
80 entry (eg. the entry that has a blank host header) so that IP based
traffic will not be granted access, only url's that conform to the host
header will be allowed to see the website. This has the great effect of
stopping the majority of hack and virus traffic to your IIS server since
these all try to get in using the IP address as opposed to a host header.

Have a read of host headers on Google to get more information about it.

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=Using+Host+headers+in+IIS+5.0

Just a small point, you will need the capability to add 'A' records to your
DNS server to create further domains beyond your own. For example, Blue
Canoe (my company) uses DSVR (UK based hosting) to host our websites and
provide access to our DNS so we can create as many domains and subdomains as
we require such as: site1.blue-canoe.net, site2.blue-canoe.net,
securestuff.blue-canoe.net etc.

If you can't see how to achieve what you want then please post again but
make sure you have a clear description of exactly what you want to achieve.
At the moment I'm still not sure of your concerns about the two sites (one
on http:\\ only and one on https:\\ only?).

Hope this helps,

Chris.

Ok how do I put another site only to be port 80?

you see, i have a secure.mydomain.com on the same machine as
www.mydomain.com

I don't want the 2 to intermingle. I see that I can "require 128 bit
encryption" on the SSL site.

But on the regular www site, I don't want them to use sssl 0 i want to force
port 80
thanks.

Even if i do a redirect in global.asa , that won't stop the guy from
changing the url to https on the next page

 

[Jeff Clark]

thanks I got all that down, thanks. I did rephrase the question and repost.

I cannot use host headers with ssl, so that leaves a hole

 

[Chris Barber]

I'll have to investigate that [not allowing host headers on SSL] since I
don't have a cert here (I'll get a test one generated ASAP).

Chris.

thanks I got all that down, thanks. I did rephrase the question and repost.

I cannot use host headers with ssl, so that leaves a hole