Winbox Shared SSL

In H-Sphere Winbox version 2.4, shared SSL was redesigned to work with all versions of IIS, including version 6.0.

This document discusses its implementation and implications for customers' scripts.

Background

Changes in Winbox shared SSL don't affect actual customer websites and the way they handle http requests.

To process https requests, we created service virtual hosts for each IP where shared SSL service is used, including dedicated IPs. A service virtual host home dir contains virtual directories for websites that have shared SSL enabled. Such a virtual directory bears the name of the third level domain alias and points to the document root of the corresponding website.

ISAPI shared SSL filter, which is installed on every service virtual host, redirects https requests to the appropriate virtual directory.

Implications

This scheme imposes the following restrictions on customers websites:

• Some server variables may have different values in http and https protocols.
• Invoked by https, customer websites will have the document root in the virtual directory, not physical website directory.
  - For PHP, a possible workaround is to put php.ini in the virtual directory, and explicitly specify the document root.
  - For ASP, the customers should use the "#include file" directive instead of "#include virtual" directive, with the file path relative to the script dirctory, not document root.
  Also, for proper use of cookies, the customer should use this command:
  Response.Cookies("cookiesname").Path="/"
  To replace all such entries in customer scripts, use any mass replacement utility, for example, FileScan.