No announcement yet.

Offloading SSL to other Hardware Problems

  • Filter
  • Time
  • Show
Clear All
new posts

  • Offloading SSL to other Hardware Problems

    Note to Forum Admin - I don't know if this is the right forum. Please move if necessary to the appropriate area. Thanks.

    I plan to create secure SSL access to parts of my new website and also offload the SSL certificate and SSL processing to a new load balancer we have purchased. I have set up Port 80 for the usual HTTP and port 443 for the HTTPS.

    My problem is my website (which we host on our own servers under IIS 6.0). I only want the shopping cart pages to be accessed under SSL. The rest of the pages I want to be accessed by unsecure anonymous access. How do I set up my website under IIS where the pages are split into unsecure and secure access?


  • #2
    Re: Offloading SSL to other Hardware Problems

    in order for you to achieve that, you'll need to configure your shopping cart folder in IIS to the following: -

    1. Go to the Properties
    2. Click on Directory Security
    3. Under "Authentication and access control", click Edit and clear the checkbox for "Anonymous Access".
    4. Next, under "Secure Communications", tick the checkbox for "Require secure channel (SSL)" and "Require 128-bit encryption".

    Once you do that, whoever that hit that page will be forwarded to 443 port. The problem is IIS is not smart enough to help you to re-direct from 80 to 443 so you'll need to re-direct yourself. Follow the steps below: -

    1. Create a new ASP file (eg. redirect.asp) and input the contents below:

    Data = Request.ServerVariables("QUERY_STRING")
    URL = Replace(Data, ":80", "")
    URL = Replace(URL, ":443", "")
    URL = Replace(URL, "403;", "")
    If InStr(Data, "403;")>0 Then
    URL = Replace(URL, "http", "https")
    Else If InStr(Request.ServerVariables("HTTP_HOST"), "applicationname")>0 Then
    URL = Replace(URL, "404;", "")
    URL = Replace(URL, "https", "http")
    End If
    End If
    response.redirect URL

    2. Still under the Properties of your shopping cart folder, go to "Custom Errors".
    3. Select "403;4" HTTP Error code and click Edit.
    4. Change the setting so that it point to "redirect.asp" file.
    5. Once done, scroll to look for redirect.asp file and right-click on it to select Properties.
    6. In redirect.asp Properties dialog, click Custom Errors tab and select 403;4 HTTP Error.
    7. Click Edit... and reset error message to system's default. eg select "File" for Message Type and enter "C:\WINDOWS\help\iisHelp\common\403-4.htm" into File.
    8. Click Apply and go to File Security tab. Click Edit... under Secure communications section and disable the checkbox Require secure channel (SSL)

    Hope the above achieve what you want.