Justin
Tue May 08 08:43:30 CDT 2007
I dont care if the internal users want to use SSL, if they end up there it
was their own wrong doing. For the most part they are given a generated URL
to view an image. so as long as the program generating the url doesnt toss a
https in there its fine (and it wont)
the name resolution should be fine, i cant see a problem with that..
Its a rather botched up image viewer for radiology images. the largest
problem with creating two sites is the management overhead. the application
itself modifies IIS (adds virtual directories) which i would need to find a
good way to replicate. Also its running off a tomcat ISAPI filter which im
sure should be just fine, but its not currently the most stable thing so id
rather stay away from trying to get that to work correctly on two sites.
Im sure with some effort and work i could setup the system as you suggested
but i dont see the benefit of it. there is no security issue with the
proposed setup and its a simpler setup.
I appreciate all of your insight and help. always good to see things from
different angles.
Thanks
Justin
"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:edm4fHXkHHA.492@TK2MSFTNGP04.phx.gbl...
> Well, if you have just a single website then it'll still work. But
> depending on a few things (like name resolution) you can't stop internal
> users accessing the site using SSL (and getting a warning message) etc.
>
> Not sure what the application is, but you can't create two websites with
> exactly the same settings? IIS just stores settings in metabase.xml - I
> haven't seen many applications that care what's in metabase.xml...
>
> Cheers
> Ken
>
>
> "Justin Rich" <jrich523@yahoo.com.spam> wrote in message
> news:ek2c0iWkHHA.4936@TK2MSFTNGP03.phx.gbl...
>> Is this menthod the recommended choice because of security or stability?
>>
>> I dont really need to force the SSL, the firewall/DMZ setup will handle
>> that. basically only 443 will be open to the public.
>> Due to the way the site is setup (a mess) its rather hard to split it
>> like you suggested, infact ive tried and it didnt go well. not to mention
>> that configuration isnt supported by the vendor.
>>
>> Thanks
>> Justin
>>
>> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
>> news:ex1SkFSkHHA.4048@TK2MSFTNGP02.phx.gbl...
>>> You should create two websites in IIS Manager. Point them to the same
>>> web content. Configure each website with the necessary IP address (and
>>> optionally host header)
>>>
>>> For the external site, install the certificate, and check the "Require
>>> SSL" checkbox (that will force HTTPS only)
>>>
>>> For the internal site, you are ready to go.
>>>
>>> Cheers
>>> Ken
>>>
>>>
>>> "Justin Rich" <jrich523@yahoo.com.spam> wrote in message
>>> news:e4LBveOkHHA.4936@TK2MSFTNGP03.phx.gbl...
>>>> unfortunately no.
>>>> different IP's for each name...
>>>> basically one website with two ip's and two names
>>>>
>>>> 123.123.123.222 - www.external.com
>>>> 123.123.123.111 - intneral.ad.com
>>>>
>>>> "Peter O'Dowd (MVP)" <petero@nospam.com> wrote in message
>>>> news:ei61sYOkHHA.3264@TK2MSFTNGP04.phx.gbl...
>>>>> Is the URL the same for internal and extrnal? If so it makes it a
>>>>> whole lot easier.
>>>>>
>>>>> --
>>>>> Peter O'Dowd
>>>>> Exchange Server MVP
>>>>>
http://www.blade.net.nz
>>>>> "Justin Rich" <jrich523@yahoo.com.spam> wrote in message
>>>>> news:elZ266LkHHA.3264@TK2MSFTNGP04.phx.gbl...
>>>>>>i have a web server that will have two IP's. one used for internal use
>>>>>>(unrestricted) and one for internet use that will have an SSL cert.
>>>>>>
>>>>>> I know how to apply the multiple IP's but do i need to do anything
>>>>>> with the cert to make the external connections secure and the
>>>>>> internal non secure?
>>>>>>
>>>>>> or is this just as simple as putting both IP's on the site and
>>>>>> applying the cert and just referng to them as https://webaddress and
>>>>>>
http://internaladdress ?
>>>>>>
>>>>>> Thanks
>>>>>> Justin
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>