[thelist] Two Extranets ... Same Intranet?

Joshua Olson joshua at waetech.com
Fri Sep 19 10:40:25 CDT 2003

----- Original Message ----- 
From: "Rob Smith" <rob.smith at THERMON.com>
Sent: Friday, September 19, 2003 11:07 AM

> http://www.thermon.com points to www.thermon.com
> http://inside.thermon.com points to www.thermon.com
> http://rep.thermon.com points to www.thermon.com

I suppose you mean by this that you have CNAME records set up for rep and
inside that point back to www?

> This is great. However when you add the 's' to the 'http' you get our
> extranets:
> https://inside.thermon.com points to inside.thermon.com. Good.
> https://rep.thermon.com points to inside.thermon.com. Not Good.

https encrypts the host header and therefore IIS cannot determine which site
it points to based on host name until after it decides which key to use to
decrypt it, which is based on which site it points to.  Each secure site
must therefore have it's IP address on a server.

what's happening is that the DNS CNAME is pointing both inside.thermon.com
and rep.thermon.com to the same ip address and the same IIS website instance
is picking up the request.  Since IIS cannot determine the host header until
after decryption it goes to the first instance in IIS that matched the port
and ip address of the request.  In this case most like inside.thermon.com.

Joshua Olson
Web Application Engineer
WAE Tech Inc.

More information about the thelist mailing list