hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Dedicated Server : Site with SSL, still reachable via http:// ?
Reply

Forum Jump

Site with SSL, still reachable via http:// ?

Reply Post New Thread In Dedicated Server Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 06-06-2003, 02:45 AM
elspif elspif is offline
New Member
 
Join Date: Mar 2003
Posts: 3

Site with SSL, still reachable via http:// ?


I'm working on the SSL part of one of our sites. Eventually we'll buy a certificate but in the mean time I'm using a self signed certificate. It seems like the cobalt doesn't distuingish within a virtual site which files are secure (and so reachable via https://) and those files that don't have to be secure (reachable via http://)

The question is how to make the files that are meant to be only secure files not reachable via http://. For example https://sub.domain.com/ is reachable under http://sub.domain.com now.
I'm meaning to put a shop here that should only be accesable through the secure sockets of the SSL and never through the non secure http:// connection.

On our last server (virtual hosting using PLESK as admin) we had two direcotries in our account one for the non secure files called 'httpdocs' and one for the secure files 'httpsdocs' these were two completely seperate sites and completeley independant of each other.
Is there something like this I can do on the cobalt? Does any of you have experience with using SSL on a cobalt?

Another question is if we can put multiple certificates on the same cobalt. Our cobalt GUI started comlaining after trying to add a second one. Right now we only need one but I know in the future this could give problems. Do we need a new IP address for each seperate certificate?

Thanx heaps for you info...



Sponsored Links
  #2  
Old 06-06-2003, 03:11 AM
blacknight blacknight is offline
Web Hosting Master
 
Join Date: Mar 2001
Location: Ireland
Posts: 1,354
You can force a https connection via Apache's mod_rewrite or a .htaccess
Basically you force all connections not on port 443 to go to port 443

__________________
Blacknight
ICANN accredited domain registrar

  #3  
Old 06-06-2003, 04:31 AM
elspif elspif is offline
New Member
 
Join Date: Mar 2003
Posts: 3
I could do that. But what if I wanted the http and https on the same domain name to just be two different sites...? Not just forwarding it to the https:// or the http://

I guess I could use mod_rewrite to check ports and then choose between two different virtual sites. One could be shop.domain.com the other www.domain.com with the shop being the secure domain. However this would mean extra costs for getting a certificate as I would need to get a wildcard certificate to alow for the subdomain name to be valid under the certificate.

Surely there must be a way to have http://www.domain.com and https://www.domain.com to point to two different directories on the cobalt.

Ehm if that's what you mean by using mod_rewrite, how would i do that? I don't use .htacces files i've disabled it; I just use the settings in access.conf so I could put it in there. I would still have to have two vitrual sites in cobalt right? And have one of them rewrite if it's not on port 443?

Why isn't this functionality in cobalt by default? Is this some advanced feature I'm getting into. It seems pretty standard to me... how do others normally do this?

thx again for your help

Sponsored Links
  #4  
Old 06-06-2003, 05:26 AM
blacknight blacknight is offline
Web Hosting Master
 
Join Date: Mar 2001
Location: Ireland
Posts: 1,354
Presuming that your directory structure has some logic you would probably put the SSL secured files in a sub-directory, which could be secured with a .htaccess trick

__________________
Blacknight
ICANN accredited domain registrar

  #5  
Old 06-06-2003, 05:40 AM
elspif elspif is offline
New Member
 
Join Date: Mar 2003
Posts: 3
The trick in the .htaccess would be a rewrite rule?

  #6  
Old 06-06-2003, 07:36 AM
paulgt paulgt is offline
Newbie
 
Join Date: Apr 2003
Posts: 7
Quote:
Originally posted by elspif
I guess I could use mod_rewrite to check ports and then choose between two different virtual sites. One could be shop.domain.com the other www.domain.com with the shop being the secure domain. However this would mean extra costs for getting a certificate as I would need to get a wildcard certificate to alow for the subdomain name to be valid under the certificate.
You dont need to buy a wildcard to secure a sub domain. You can purchase a single cert for shop.domain.com .

Wildcards are for securing multiple subdomains, but if you only have 1 sub domain, you dont need a Wildcard.

This may help you make the right decision over config.

Reply

Related posts from TheWhir.com
Title Type Date Posted
Liquid Web Updates Mobile Management Interface with Bill Payment Feature Web Hosting News 2013-05-23 14:56:25
FireHost Report Finds Cross-Site Attacks Trump SQL Injections in Q3 2012 Web Hosting News 2012-10-23 09:18:51
Web Host Brain Host Acquires Site Builder My Creative Site Designs Web Hosting News 2012-09-24 14:03:36
Web Hosting Talk Message Board Back Online Following DDoS Attack Web Hosting News 2012-09-12 11:59:42
Web Host PacificHost Adds Soholaunch Ultra Site Builder Web Hosting News 2012-06-04 13:40:20


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?