DNS Redirector
 Return to FAQ List


FAQ 145: HTTPS website compatibility

Category: Everything else


DNS Redirector blocks both HTTP and HTTPS (secure) sites because both are resolved using DNS.
There is a limitation that any HTTPS site which is blocked cannot display the blocked message. This is because nobody should be forging an SSL certificate (the blocked site would need to forge the real SSL cert to display anything besides an error). Answering the HTTPS request (albeit incorrectly) is likely faster than letting the browser timeout waiting for a response.

You can try visiting any https:// site as http:// and the blocked message will display.

Resolution

Option A) Run SimpleHTTP on port 443 (the HTTPS port) which will reject the request, the browser will display a connection error.

   1) Download: SimpleHTTP-rejectHTTPS.zip and extract to C:\SIMPLEHTTP
   2) Right-click on the .zip file you downloaded, select Properties, click the Unblock button (if this button is not present just proceed), click OK
   3) Change simplehttp.ini IP=[value] to match dnsredir.ini BlockedIP=[value]
   4) Run: SimpleHTTP-install.bat  and follow the on-screen instructions

Option B) Enable your welcome or blocked site with a Self-Signed Certificate per below, the browser will display a certificate warning or a connection error.

For IIS 6...
   1) Install: Internet Information Services (IIS) 6.0 Resource Kit Tools
   2) Create the cert and apply it to your site in IIS...
C:\Program Files\IIS Resources\SelfSSL>selfssl /N:CN=[yoursite.example.com] /K:2048 /V:365 /S:[Identifier_number_in_IIS] /T
Replace [yoursite.example.com] with your own FQDN for this site
Replace [Identifier_number_in_IIS] with the number as it appears in the IIS Management console
   3) Ensure the SSL site is bound to a static IP address assigned to the server...
In the IIS Management console, right-click on the website
Go to "Properties"
Under the first "Web Site" tab click the "Advanced..." button
Under the second section "Multiple SSL identities for this Web site" click the "Edit" button
Select the same IP address as defined for the port 80 site

For IIS 7...
   1) Follow the instructions: Create a Self-Signed Server Certificate in IIS 7
   2) Bind the SSL cert to a site...
In the IIS Management console, click on the website
On the right Actions pane click "Bindings..."
Click the "Add" button
Type: https: | IP address: (the same IP address as defined for the port 80 site) | Port: 443
SSL certificate: (pick the cert you created)



 
DNS Redirector | Legal Information | 2003-2017