IIS 6 conflict using port 443 for NON-SSL traffic

From: Richard Dixson (reply_at_hereonlyplease.com)
Date: 04/08/05 

Date: Fri, 8 Apr 2005 09:31:34 -0400

I need IIS to respond to HTTP requests on port 443 for different IPs on the
same web server, with one IP set up to handle NON ssl traffic (http://), and
the other set up with a certificate to handle SSL (https://) traffic.

IIS 6.0 (using Win2K3 latest updates/patches) will NOT allow this. When you
try to start the non-https site it complains that it is in use. There is
definately a conflict due to IIS somehow locking port 443 exclusively for
HTTPS traffic.

Under IIS 5.0 I was able to succesfully work around this conflict by
disabling socket pooling. However under IIS 6 disabling socket spooling
does not work.

Here is an example of what I am trying to do: On Web Server "A" I need to
configure it like this:

  Virtual web site #1: IP=x.x.x.2: Configured for TCP Port = 443, SSL Port =
<blank>

  Virtual web site #2: IP=x.x.x.3: Configured for TCP Port = 80, SSL Port =
443 with installed SSL certificate

So traffic coming in as http://x.x.x.2:443/something.htm gets responded to
as regular http (non-https) traffic over port 443 for this IP. And traffic
coming in as https://x.x.x.3/something.htm gets responded to as https
traffic over port 443 as usual.

I realize it is unusual to have to pass NON https traffic over port 443, but
due to special circumstances this is a core requirement.

If I remove virtual web site #2 than virtual site #1 works great - it will
pass non-https traffic just fine over port 443, but ONLY IF there is no web
site configured on the server to use HTTPS (even if such https web sites are
configured on a different IP).

The work around would be to set up a second dedicated web server for virtual
web site #1 so that it runs without a web site configured to really use
HTTPS. Unfortunately this is not a possibility as I only have one physical
production web server I can use, and I cannot avoid having a site on that
server configured to use HTTPS.

Can anyone offer some advice or tips on how I may be able to work around
this? Anyone know if IIS 7 will work the same way?

Thank you very much in advance!

Richard

Relevant Pages

  • Re: IIS 6 conflict using port 443 for NON-SSL traffic
    ... :I need IIS to respond to HTTP requests on port 443 for different IPs on the ... : Here is an example of what I am trying to do: On Web Server "A" I need to ... I realize it is unusual to have to pass NON https traffic over port 443, ... web site #1 so that it runs without a web site configured to really use ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS 6 conflict using port 443 for NON-SSL traffic
    ... HTTP over IP1:Port1 and HTTPS over IP2:Port1 will be allowed ... think it may be possible to use this enhanced HTTPS.SYS with IIS 6 on WS03? ... > It actually has nothing to do with port 443 -- it could be any port. ... same web server, with one IP set up to handle NON ssl traffic ...
    (microsoft.public.inetserver.iis.security)
  • Re: Creating a Web Site and publishing it
    ... To what application do I have to allow access in my firewall. ... (usually port 80 for IIS, but it's random using the built in VS web server ...
    (microsoft.public.dotnet.general)
  • Re: iis is not running
    ... There are a couple of possibilities, depending on the message. ... and set to another port. ... uninstall IIS and reinstall and then run aspnet_regiis /i to make ... start the web server before proceeding. ...
    (microsoft.public.dotnet.general)
  • Re: IIS 6 conflict using port 443 for NON-SSL traffic
    ... This is a known limitation in HTTP.SYS in Windows Server 2003 and there is ... HTTP.SYS does not support re-using the same PORT with different protocols, ... Both issues are inside of HTTP.SYS so IIS version doesn't make a difference, ... >: HTTPS traffic. ...
    (microsoft.public.inetserver.iis.security)