I have a site on IIS and this site has two bindings: HTTP and HTTPS. I would like to remove HTTP binding and use HTTPS only. But in that case I must to enter site address llike this https://mysite.com. If I enter site address like this mysite.com I have an issue "HTTP Error 403.4 - Forbidden". Is it possible to configure IIS so I would have only one HTTPS binding and could to enter mysite.com address without setting https protocol?
Related
I got the error "Erreur HTTP 403.4 - Forbidden" after configuring IIS to use SSL and that's by running the command line : %windir%\system32\inetsrv>AppCmd set config "Default Web Site" -commitPath:APPHOST -section:access -sslFlags:Ssl
The https navigation works fine with me, but when I want to launch a web site using http It shows me the error "Erreur HTTP 403.4 - Forbidden".
How can I allow http connection from my IIS ?
Check in IIS "SSL settings" you may have "REQUIRE" enabled.
You can also set up a Rewrite rule to enforce HTTPS this way if you use http it will redirect to HTTPS. check this link.
I am assuming you access the same site.
If this happens in different sites you might need to use SNI and define hostnames with bindings.
The error err_too_many_redirects appears in the browser enter image description here but nothing comes out in the nginx error log and I just registered the site in cloudflare. All traffic is redirected to HTTPS
This error generally occurs in Wordpress Sites which is due to a re-direct header sent by PHP.
So This is due to following reason:
You have enabled HTTPS redirect on your website either by ngin or php.
Cloudflare tries to open your site http://example.com and proxy it with https
When Cloudflare tries to open http://example.com, your site tells it to open https://example.com and cloudflare again tries to open http://example.com
This forms a redirect loop and due to which site could not open.
The best way to solve this is :
Disable HTTPS Redirect from your server side.
Enable Flexible SSL from Cloudflare
Enter a page rule on Cloudflare with input as http://*.example.com to Always use HTTPS
I have multiple sites running on my IIS, now for one of the websites (SiteB) we need to support ssl requests. I have enabled it editing bindings for the website, but the problem is when I selected protocol SSL editing bindings HostName field is disabled, being unable to set hostname to respond to https request, this causes that all sites of my IIS if are requested with https:// loads web site of siteB.
For example my bidings are the next
Site A
IP Port HostName
* 80 www.sitea.com
Site B
IP Port Hostname
* 443 www.siteb.com
* 80 www.siteb.com
If I type https://www.siteb.com in my browser it works correctly, but if I type https://www.sitea.com in the browser, siteb webpage is loaded with the hostname of sitea.
How Can I make that only https://www.siteb.com responds to https requests on my IIS?
I have tried with command appcmd too but It't doesnt work.
appcmd set site /site.name:{sitB} /bindings.[protocol='https',bindingInformation='*:443:*'].bindingInformation:*:443:siteB.com
Thanks for your help.
The Root Problem
This unexpected behavior isn't because of IIS so much as it is because of the web encryption protocols.
The two major web encryption protocols are SSL and TLS. Both of these protocols negotiate a secure connection before passing any request information to the server. This means that, on secure requests, servers don't actually learn the hostname until after the secure connection is made.
An extension to TLS and SSL has been created to address this limitation. It's called SNI (Server Name Identification). The problem is that this extension needs to be supported on both the server and client machines. Currently the client browser support is somewhat spotty. See the SNI article for a browser list.
IIS's Handling Of The Problem
It is because of the above mentioned hostname limitation that IIS doesn't allow you to bind hostnames to HTTPS bindings. There is no way for IIS to route HTTPS requests to a particular hostname since it doesn't know the requested hostname when it first begins to negotiate the connection.
Once IIS has negotiated a secure connection with a client and learns that their requested hostname is for a site other than the one with the HTTPS binding (e.g. a request for https://sitea.com) IIS can either return a failure code or try to fail gracefully. IIS chooses the latter and tries to fail gracefully by serving up the site with the HTTPS binding even though the user is requesting a different site.
Solutions/Workarounds
Create a rewrite rule to redirect all HTTPS requests for nonsecure websites to HTTP.
Upgrade to IIS 8 to use the SNI extension. Then ask visitors to upgrade to browsers that suport SNI.
Have your secure site return an error message when it receives a request for a different domain.
Bind by IP address instead of hostname since IIS can route HTTPS requests by IP address
References
Most of my information came from the Wikipedia article on SNI
We run webservers with multiple sites requiring SSL with no problem.
If I understand your problem correctly - you'll need to set up a binding instead of a host name - which won't work. So, for each SSL-enabled site we host, we require a distinct external IP address. Then, enter that IP address as the binding when setting up the site in IIS.
I have a production server with a live website configured to use SSL. It has also been configured to redirect any HTTP URLs to the HTTPS.
I would like to be able to view the website from the server and test the redirect taking place. Instead I get an error message about permissions.
If I type the the HTTP url from a different machine I am able to view the website, i.e. the HTTP url has automatically been converted into an HTTPS url.
The question is how can I test the HTTP redirect from the production server?
You either make the webserver also listen to localhost (127.0.0.1), or you make the test bind to the external IP of the host.
I simply want both example.com and www.example.com to go to the same website. Currently we have just added a binding to each. This creates a problem for WCF which then breaks because it says it can only accept one http address.
Is there a better way to configure a site to accept addresses with or without 'www'?
this has to be changed in the dns using a host or a record.
You shouldn't be hosting a site on the root domain. Better approach here is to redirect traffic to the root (.example.com) to the correct site (www.example.com) using an HTTP 302.
The WCF service should only receive traffic on its single binding. Use DNS, HTTP redirection, or some Traffic management application/appliance to get traffic from multiple points to the correct one.