SSL on virtual directory

  • Thread starter Pål Andreassen
  • Start date
P

Pål Andreassen

Is it possible on Windows 2000 Server and IIS 5 (that's what included with
W2000, right?) to force only https connections to a virtual directory?

www.customer.com is the normal http site
www.customer.com/extranet/ is a virtual directory that I want to force
https on.

I know this is possible on Windows 2003 Server (tested) but the customer
has Windows 2000 Server and I want to know if it will work there too.

Thanks
 
P

Paul Lynch

Is it possible on Windows 2000 Server and IIS 5 (that's what included with
W2000, right?) to force only https connections to a virtual directory?

www.customer.com is the normal http site
www.customer.com/extranet/ is a virtual directory that I want to force
https on.

I know this is possible on Windows 2003 Server (tested) but the customer
has Windows 2000 Server and I want to know if it will work there too.

Thanks
Click to expand...

Pal,

Yes. Even though a certificate may be installed on a site it doesn't
mean that you have to use it. You can enable SSL on the whole site, a
single directory or even individual files if you like.

Read these KB articles :

HOW TO: Implement SSL on a Windows 2000 IIS 5.0 Computer
http://support.microsoft.com/?id=299875

HOW TO: Use ASP to Force SSL for Specific Pages
http://support.microsoft.com/?id=239875


Regards,

Paul Lynch
MCSE
 
P

Pål Andreassen

Pal,

Yes. Even though a certificate may be installed on a site it doesn't
mean that you have to use it. You can enable SSL on the whole site, a
single directory or even individual files if you like.

Read these KB articles :

HOW TO: Implement SSL on a Windows 2000 IIS 5.0 Computer
http://support.microsoft.com/?id=299875

HOW TO: Use ASP to Force SSL for Specific Pages
http://support.microsoft.com/?id=239875
Click to expand...

The last KB article uses ASP redirect in each ASP page to redirect to the
appropriate https page if the request originally has http.

I want to know if I can do this on IIS level as in IIS 6 on Windows 2003.
There you can specify on virual directories that it "requires SSL".

Otherwise only ASP content would be SSL'ed. If you hotlinked to a Word
document it would still be available through HTTP.
 
P

Paul Lynch

The last KB article uses ASP redirect in each ASP page to redirect to the
appropriate https page if the request originally has http.

I want to know if I can do this on IIS level as in IIS 6 on Windows 2003.
There you can specify on virual directories that it "requires SSL".

Otherwise only ASP content would be SSL'ed. If you hotlinked to a Word
document it would still be available through HTTP.
Click to expand...

You can also try this :

http://www.aspfaq.com/show.asp?id=2321


Regards,

Paul Lynch
MCSE
 
P

Paul Lynch

Again, this only works if the requested resource is a script. If it's an
image or a document of some kind (e.g. word). You'd stille be able to grab
it via http.
Click to expand...

You can enforce SSL in IIS5. This KB article shows you how :

HOW TO: Enable SSL for All Customers Who Interact with Your Web Site
in Internet Information Services
http://support.microsoft.com/?id=298805


Regards,

Paul Lynch
MCSE
 
P

Pål Andreassen

Yes I know. Instead of choosing the entire site you can just enable
SSL for a specific directory.
Click to expand...

This is fine with IIS6 and Windows 2003, but on IIS5 and Windows 2000 as
I'm running on the "enable SSL" is only available on the whole site, not
the individual directories. Is it supposed to be supporten in Windows 2000
and IIS5 too? Maybe I'm missing something here.
 
P

Paul Lynch

This is fine with IIS6 and Windows 2003, but on IIS5 and Windows 2000 as
I'm running on the "enable SSL" is only available on the whole site, not
the individual directories. Is it supposed to be supporten in Windows 2000
and IIS5 too? Maybe I'm missing something here.
Click to expand...

Well, the obvious answer is do you want or even need SSL enabled for
your whole site ?

If not then only enable it on those directories which need it. IIS5
has the same functionality as IIS6 in that you can enable SSL on only
those directories which require it.


Regards,

Paul Lynch
MCSE
 
P

Pål Andreassen

Well, the obvious answer is do you want or even need SSL enabled for
your whole site ?

If not then only enable it on those directories which need it. IIS5
has the same functionality as IIS6 in that you can enable SSL on only
those directories which require it.
Click to expand...

Are you sure?

I've installed a 128 bit SSL certificate on IIS 5 (Windows 2000 Sever
(not advanced)). And I have enabled SSL on the site, but not forced it.
I can access the content by either http or https.

On the /extranet/ virtual directory I however want to force SSL (and
authentication, but that is sorted). On IIS 6 I can force SSL on this
single directory, but as I've stated several times, the function is not
available in IIS under directory security as I would expect it to be.

Where is this option hidden in IIS5 then?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

upoading to virtual directories 1
Excel How to enable engineering functions in MS Excel 2000? 3
IIS users can't execute code in virtual directories' subdirectorie 1
A virtual Directory in IIS shows "Error" 1
Authenticate users in https virtual directory and get authenticateduser back 1
How do I Force HTTPS when user types HTTP in URL (IIS server, ASPX) 1
Configure Virtual Directory as application 2
FP 2000 Password and Shared SSL 1

Top