I have IIS 6.0 hosting two websites at the same IP address (port 80). Everything works good until I have to reuse the same payment module for both sites. So I copied the same module code from the original site to the new site. But curiously when I go to https://www.newsite.com/checkout.php the control somehow navigates to https://www.oldsite.com/checkout.php (no difference when I use http instead of https) and apparently it got blocked there. For SSL I’m using port 443 at a different IP address for the new site. I’m lost at what’s causing this unexpected context switching to the old site. Other than the payment module I’m also using a lot of the same php’s with minor changes for the new site but they stay in the new context.
Does this ‘payment module’ have a configuration file/database where you hard coded the site URL?
No it’s actually not independent of the entire site code so it’s acquiring the settings from the main Web.Config file.
I just found that it’s the https that causes the problem even though I don’t know why. If I use http instead I got the following exception:
[NotSupportedException: The given path’s format is not supported.]
System.Security.Util.StringExpressionSet.CanonicalizePath(String path, Boolean needFullPath) +230
System.Security.Util.StringExpressionSet.AddExpressions(String str, Boolean checkForDuplicates, Boolean needFullPath) +461
System.Security.Permissions.FileIOPermission.AddPathList(FileIOPermissionAccess access, String pathListOrig, Boolean checkForDuplicates, Boolean needFullPath, Boolean copyPathList) +401
System.Security.Permissions.FileIOPermission…ctor(FileIOPermissionAccess access, String pathList, Boolean checkForDuplicates, Boolean needFullPath) +43
System.IO.Path.GetFullPath(String path) +82
System.Web.HttpApplication.CheckSuspiciousPhysicalPath(String physicalPath) +19
System.Web.Configuration.HttpConfigurationSystem.ComposeConfig(String reqPath, IHttpMapPath configmap) +175
System.Web.HttpContext.GetCompleteConfigRecord(String reqpath, IHttpMapPath configmap) +434
System.Web.HttpContext.GetCompleteConfig() +49
System.Web.HttpContext.GetConfig(String name) +195
System.Web.CustomErrors.GetSettings(HttpContext context, Boolean canThrow) +20
System.Web.HttpResponse.ReportRuntimeError(Exception e, Boolean canThrow) +39
System.Web.HttpRuntime.FinishRequest(HttpWorkerRequest wr, HttpContext context, Exception e) +486
I’m pretty sure it’s the default https port 443 that’s being used by the old site. But when I changed the port for the new site to 4443 the connection just timed out. I thought IIS 6.0 should support mutiple ssl’s at different ports.
It does support multiple SSL sites so long as you are running in unique ports or host headers. Are you running a firewall, it is probably opened for the standard HTTP/HTTPS ports (80/443) but not anything alternative.
The exception makes me suspect you’ve got some url cannonicalization running that might mess with IIS.
Personally would not post my credit card to a url looking like https://someothersitesname.com:4443/checkout.php, a second IP would be cheaper. Or setting up a wildcard at something like https://mysitename.mycheckoutcentername.net/checkout.php or secure another IP.
Yeah https://www.newsite.com:4443/checkout.php would not be an option but I just want to see if using a different SSL port would make it work. And it doesn’t even though I disabled my firewall and allowed traffic thru all ports. I can also use SAN option for the SSL certificate but it’s an expensive alternative as the new site will draw very little traffic initially. Wildcard certificate will not do either as it requires me to set up the new site as a subdomain. So right now I’m leaning toward getting another dedicated IP for the new site.