1

I am using IIS 7.5 and have a website setup with an SSL certificate. I am using Helicon Ape to redirect non HTTPS traffic:

RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

This works perfectly for https://www.example.com and http://www.example.com

I have a second site setup in IIS that is bound to the IP address but without a host name. I use HTTP Redirect to send the traffic to https://www.example.com.

This works perfectly for http://1.2.3.4 but not for https://1.2.3.4 as the browser warns about the mismatching certificate.

Ideally I would like to prevent https://1.2.3.4 from responding, that way the Hacker Guardian PCI-DSS scan would pass. If it could successfully redirect to the domain name great, but not a deal breaker.

I don't think I can create a certificate for the IP address, I am hoping there is a configuration setting I can use to prevent this.

Any ideas?

Steve-ACET
  • 131
  • 1
  • 11
  • Possible duplicate of [Is it possible to have SSL certificate for IP address, not domain name?](http://stackoverflow.com/questions/2043617/is-it-possible-to-have-ssl-certificate-for-ip-address-not-domain-name) – flyx Feb 17 '17 at 11:04
  • Well, when the browser issues a request to `https://1.2.3.4`, it *will* do it via SSL/TLS because the user *actively requested* this by writing `https`. The redirect response will be sent via encrypted SSL/TLS stream. So you need a certificate for that IP address in order for the browser not to issue a warning. – flyx Feb 17 '17 at 11:06
  • @flyx I don't think certificates can be issued to IP addresses. – Steve-ACET Feb 17 '17 at 11:10
  • You cannot prevent using the IP address with server redirects, because when the server sends a redirect response, the IP address has already been used for the request. – flyx Feb 17 '17 at 11:12
  • @flyx is there a way to stop IIS from responding to the https when using just the ip address? The redirect would be nice but not essential. My main concern is getting HackerGuardian to pass. – Steve-ACET Feb 17 '17 at 11:15
  • If you rephrase your question like that, it may get useful answers. (I don't know one.) – flyx Feb 17 '17 at 11:17

0 Answers0