Re: IIS 6 conflict using port 443 for NON-SSL traffic

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 04/11/05


Date: Mon, 11 Apr 2005 14:59:40 +1000

Did you restart http.sys after you made the change?

Cheers
Ken

-- 
Blog: www.adopenstatic.com/cs/blogs/ken/
Web: www.adopenstatic.com
"Richard Dixson" <reply@hereonlyplease.com> wrote in message 
news:bZWdnVdDb-ntY8TfRVn-oA@comcast.com...
: Unfortunately I tried that as well without success.  I tried several ways.
:
: The bottom line seems to be that something about port 443 is treated quite
: specially by IIS 6 and it does not want to allow it to share port 443 by
: non-SSL on one IP with SSL on another IP.
:
: I am wondering if anyone else has run into this or is aware of it, and how 
I
: may be able to work around it.
:
: Richard
:
: "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
: news:O8rwUYkPFHA.2252@TK2MSFTNGP15.phx.gbl...
: > For IIS6 use httpcfg rather than "disableSocketPooling" metabase 
setting.
: >
: > http://support.microsoft.com/kb/813368/EN-US/
: >
: > Cheers
: > Ken
: >
: > --
: > Blog: www.adopenstatic.com/cs/blogs/ken/
: > Web: www.adopenstatic.com
: >
: >
: > "Richard Dixson" <reply@hereonlyplease.com> wrote in message
: > news:E6KdnZMKkb9dGsvfRVn-1g@comcast.com...
: > :I need IIS to respond to HTTP requests on port 443 for different IPs on
: the
: > : same web server, with one IP set up to handle NON ssl traffic 
(http://),
: > and
: > : the other set up with a certificate to handle SSL (https://) traffic.
: > :
: > : IIS 6.0 (using Win2K3 latest updates/patches) will NOT allow this. 
When
: > you
: > : try to start the non-https site it complains that it is in use.  There
: is
: > : definately a conflict due to IIS somehow locking port 443 exclusively
: for
: > : HTTPS traffic.
: > :
: > : Under IIS 5.0 I was able to succesfully work around this conflict by
: > : disabling socket pooling.  However under IIS 6 disabling socket 
spooling
: > : does not work.
: > :
: > : Here is an example of what I am trying to do: On Web Server "A" I need
: to
: > : configure it like this:
: > :
: > :  Virtual web site #1: IP=x.x.x.2: Configured for TCP Port = 443, SSL
: Port
: > =
: > : <blank>
: > :
: > :  Virtual web site #2: IP=x.x.x.3: Configured for TCP Port = 80, SSL 
Port
: =
: > : 443 with installed SSL certificate
: > :
: > : So traffic coming in as http://x.x.x.2:443/something.htm gets 
responded
: to
: > : as regular http (non-https) traffic over port 443 for this IP.  And
: > traffic
: > : coming in as https://x.x.x.3/something.htm gets responded to as https
: > : traffic over port 443 as usual.
: > :
: > : I realize it is unusual to have to pass NON https traffic over port 
443,
: > but
: > : due to special circumstances this is a core requirement.
: > :
: > : If I remove virtual web site #2 than virtual site #1 works great - it
: will
: > : pass non-https traffic just fine over port 443, but ONLY IF there is 
no
: > web
: > : site configured on the server to use HTTPS (even if such https web 
sites
: > are
: > : configured on a different IP).
: > :
: > : The work around would be to set up a second dedicated web server for
: > virtual
: > : web site #1 so that it runs without a web site configured to really 
use
: > : HTTPS.  Unfortunately this is not a possibility as I only have one
: > physical
: > : production web server I can use, and I cannot avoid having a site on
: that
: > : server configured to use HTTPS.
: > :
: > : Can anyone offer some advice or tips on how I may be able to work 
around
: > : this?  Anyone know if IIS 7 will work the same way?
: > :
: > : Thank you very much in advance!
: > :
: > : Richard
: > :
: > :
: >
: >
:
: 


Relevant Pages

  • Re: IIS 6 conflict using port 443 for NON-SSL traffic
    ... The bottom line seems to be that something about port 443 is treated quite ... Richard ... >: HTTPS traffic. ... production web server I can use, and I cannot avoid having a site on ...
    (microsoft.public.inetserver.iis.security)
  • Re: Remote Access
    ... Please rerun CEICW, this helps up configure network and websites ... On the Web Server Certificate page shows. ... http://ipaddress/remote to access RWW, type the public IP address in the ... that if SBS is behind a router, I need to configure the port forwarding ...
    (microsoft.public.windows.server.sbs)
  • Re: Apache web server being attacked
    ... There is no domain name pointing to my web server. ... But have had port 80 attacks that did not work. ... after yourself once you've generated a config file. ... This way my web site has total access by anyone who knows it's URl, the URL is scanned by yahoo and google indexing bot and becomes know to the public. ...
    (freebsd-questions)
  • Re: [Full-disclosure] server security
    ... I don't see how any can argue against the security value of such a configuration. ... It's unlikely, but you never know, you just might miss out on a nasty worm all because you werent running on a default port one day. ... This is a basic web server that runs email, web and a couple other things. ... -- Securing Apache Web Server with thawte Digital Certificate In this ...
    (Full-Disclosure)
  • Re: disconnect a hacker
    ... My Web server station is right next ... my attention divided by security concerns... ... see an IP connected to port 80, ... I've been forwarding my firewall logs to my ISP, ...
    (alt.computer.security)