• 12

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191


File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Prevent HTTP bindings from responding over HTTPS

I currently have a site with multiple HTTP bindings and one HTTPS binding. The cert I'm using for it is specific to one domain (secure.domain.com) and IIS is responding to HTTPS requests over all bindings. I'd like to prevent that! Aside from users randomly navigating our site over HTTPS and ignoring the certificate error, bots have been indexing over HTTPS as well.

The simple solution was to add the binding to a new site and point that site at the same directory, however due to licensing issues I won't be able to do that with this instance.

I've tried giving the cert a friendly name with a * in the beginning and setting the host name, but it didn't seem to work.

Thanks for any ideas!

      • 2
    • I believe https SSL is set up for each site's binding group, perhaps create sub sites each with their own binding groups

Maybe try configuring SSL host headers: http://www.sslshopper.com/article-how-to-configure-ssl-host-headers-in-iis-6.html

I'm having trouble picturing your set up, why do you have all of the different bindings for one site? Do they get routed to different folders?

  • 0
Reply Report
      • 2
    • I have a Sitecore CMS instance with only one license. Any site (domain) that we want to manage has to be pointed at that main site. I spoke with the regional sales manager about the issue and they confirmed that I'd need additional licensing if I just made another site in IIS.
    • Okay, unless the CMS requires multiple IP addresses you don't need to have multiple IP addresses on the site. You can assign all of the DNS names to the same IP address. That with the host headers should help. Are the sites secured or public? Have you tried a robots.txt file?
      • 1
    • Here's an idea: you can use URL rewrite+ARR and make a rule that only allows https traffic if it is on the correct URL.
      • 2
    • I'm not sure how ARR would do anything that the URL Rewrite module wouldn't do. I have a rewrite rule setup now to redirect them to HTTP, but it happens after the browser requests the certificate, showing a cert error page that they have to accept before the redirect.

Trending Tags