Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Requiring SSL For Website When Using An SSL Offloader

Status
Not open for further replies.
JabbaTheNut

JabbaTheNut

Programmer
Jul 29, 2002
176
US
An SSL offloader appliance traps incoming https:// requests on port 443, decrypts them, converts them to http:// requests and then forwards them to the web server on port 80. The web server then provides an http:// response which is again trapped by the SSL offloader appliance, encrypted and converted to https:// and sent to the client.

My problem is this...

I want to allow normal http:// requests to my Default Web Site (no problem here). However, I also want to require SSL requests ( to an application within my Default Web Site. For example, I want to allow an http:// request for but want to require SSL ( for a request to
Without an SSL offloader appliance, I would simply install a certificate on my web server and select the "Require secure connection" option for "myapplication". All http:// requests on port 80 would be rejected and all https:// requests on port 443 would be accepted. All would be fine.

With an SSL offloader appliance, however, all requests are directed to port 80. Consequently, the web server throws an error stating that a secure connection is required.

Can someone provide some suggestions for requiring an SSL connection in IIS when using an SSL offloader appliance? Alternatively, can someone suggest another method for ensuring that the request coming in on port 80 originated from an https:// request?

This is a critical question for me. Any help would be greatly appreciated.


Game Over, Man!
 
Sort by date Sort by votes
did you get any thing?

Thanks,
James
[afro][mad]
"Make it idiot-proof and someone will make a better idiot." ~bumper sticker
 
Upvote 0 Downvote
I finally solved my problem.

I set up two websites ("Default Web Site" & "Secure Web Site"). The "Default Web Site" was set to accept http:// requests on port 80 and the Secure Web Site was set to receive http:// requests on port 8080.

I set the SSL offloader to accept https:// requests on port 443 and to send the converted http:// requests to port 8080. Additionally, I set the SSL offloader to block all incoming requests on port 8080.

The end result is as follows:

--http:// requests on port 80 are allowed to pass through the SSL offloader and are received by "Default Web Site".

--https:// requests on port 443 are trapped by the SSL offloader, converted to http:// requests, and are sent to port 8080. They are then received by "Secure Web Site".

--For the underhanded characters that might try to enter "Secure Web Site" using an http:// request on port 8080 (thus bypassing SSL), the SSL offloader is set to block the incoming request.

Consequently, all requests coming in on port 8080 are known to have originated from a secure request that has been decrypted by the SSL offloader.

The above manipulations could have also been done using a second ip address instead of a second port address.

Game Over, Man!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
1K
mangentle
mangentle
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
829
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
663
mangentle
mangentle
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
683
fightaccording
fightaccording

Part and Inventory Search

Sponsor

Back
Top