We are using SSL for 1 of our 3 websites on Windows 2000 Servers.
If someone adds an "s" to the http:// of one of our unprotected websites it
re-directs them to the website using SSL.
It's not causing problems but I would like to know why it is happening if
someone out here could explain to me.

Thanks,
JL

[ Post a follow-up to this message ]

Hi,

Do you use host headers.

--
Mike
Microsoft MVP - Windows Security

"JL" <JL@discussions.microsoft.com> wrote in message
news:3700DBBB-45F0-449D-A278-4B49CE68C831@microsoft.com...
> We are using SSL for 1 of our 3 websites on Windows 2000 Servers.
> If someone adds an "s" to the http:// of one of our unprotected websites
> it
> re-directs them to the website using SSL.
> It's not causing problems but I would like to know why it is happening if
> someone out here could explain to me.
>
> Thanks,
> JL

[ Post a follow-up to this message ]

We do host our own web servers.

"Miha Pihler [MVP]" wrote:

> Hi,
>
> Do you use host headers.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "JL" <JL@discussions.microsoft.com> wrote in message
> news:3700DBBB-45F0-449D-A278-4B49CE68C831@microsoft.com... 
>
>
>

[ Post a follow-up to this message ]

that's funny

"JL" <JL@discussions.microsoft.com> wrote in message
news:336463AF-7967-4CD4-B816-5C30651F70CC@microsoft.com...[vbcol=seagreen]
> We do host our own web servers.
>
> "Miha Pihler [MVP]" wrote:
> 

[ Post a follow-up to this message ]

I mean if you are using host headers as a way of configuring your IIS
servers.

--
Mike
Microsoft MVP - Windows Security

"JL" <JL@discussions.microsoft.com> wrote in message
news:336463AF-7967-4CD4-B816-5C30651F70CC@microsoft.com...[vbcol=seagreen]
> We do host our own web servers.
>
> "Miha Pihler [MVP]" wrote:
> 

[ Post a follow-up to this message ]

"JL" <JL@discussions.microsoft.com> wrote in message
news:3700DBBB-45F0-449D-A278-4B49CE68C831@microsoft.com...
> We are using SSL for 1 of our 3 websites on Windows 2000 Servers.
> If someone adds an "s" to the http:// of one of our unprotected websites
> it
> re-directs them to the website using SSL.
> It's not causing problems but I would like to know why it is happening if
> someone out here could explain to me.
>
> Thanks,
> JL

Here is your problem;

SSL site is on IP 123.123.123.123. (on www.securedsite.blah)

Non SSL sites are on the same IP 123.123.123.123, using "host headers".
Host headers are the combo of IP, plus hostname (www.blahblah.net).

When a user visits a non ssl site, the host header IP and host header
hostname matched up and IIS knew where to send the user.

When the user tries to use SSL by adding the S to HTTPS, IIS NO LONGER KNOWS
WHAT THE HOSTNAME IS.  So it sees IP 123.123.123.123 and an ENCRYPTED
hostname.  So it assumes you want to use the www.securedsite.blah site and
sends them there.

To solve your problem, you need to put the SSL site on ITS OWN IP ADDRESS
THAT IS NOT USED FOR ANYTHING ELSE.

So you need a second IP address on that server. (Which may or may not be
easy, depending on your network.)

Then you can put several or more non-SSL sites on the other IP.  So you need
123.123.123.124 for the non-SSL sites.

Plus, if you want more secure sites in the future, you need to get a whole
block of IPs and give EACH it's own IP.

[ Post a follow-up to this message ]