[thelist] ASP question

Scott Dexter sgd at ti3.com
Thu Aug 24 10:36:40 CDT 2000


> 
> >I'd look into writing an ASAPI dll
> 
> I think Scott meant to type "ISAPI" dll.
> 

Yes, Thanksh

<tip type="obscure IIS fun">
(note, I'm writing in first person for the fun of it)

I have multiple web sites on one NIC, and everything is cool. --I've got the
host headers defined in the MMC so people get to their sites properly.

Now, throw in the monkey wrenches:
* Through some decision I wasn't a part of, there's now a firewall in front
of my server. Port 80 and 443 are the only two open (443 is for SSL)
* Two of my clients want to have secure sites

Okay, no problem. Just get the certificates, and bind to port 443 ... shit.
I can't bind more than one SSL certificate to the same port. --That's right.
I don't know if its IIS or the RFC, but one can not attach more than one
certificate to the same port.

Alllrighty then, I'll just take web site #2 and use port 1443 for SSL, and
then in the firewall, I'll remap it so when anyone comes through it looking
for web site #2's SSL (on 443) it gets translated to port 1443 from the
firewall to IIS.

Hot Dog! It works!  ... until I get a call from client #2. They can't get to
the SSL part of the site. wtf?!

IIS does funny things sometimes. Request https://www.client2.com/mall/ and
everything is cool. Request https://www.client2.com/mall  (notice there is
no trailing /) and IIS sends back a redirect --with the port number-- to the
right spot: https://www.client2.com:1443/mall/

This is a problem; I don't have 1443 open on the firewall. No wonder they
can't get in. My workaround until I can research and strangle the right
people? --Open port 1443.

ugh. Anyone wanna see if Apache does the same?
</tip>





More information about the thelist mailing list