# setup a secure windows 2003 webserver



## AKA Arizona (Jul 22, 2003)

I hope I am explaining this correctly, I have a customer that has content on his website that he wants secure so only people that signup for his subscription can access, I will be using paypal to handle the subscription part of the deal but how do I setup my server {Windows server 2003} to run https web pages and only allow the folks with a subscription access.


----------



## Rockn (Jul 29, 2001)

Look up paypal merchant services on their site. You would more than likely have to write some custom script to validate member access. You could do it all manually through paypal and activate their accounts on the site once their payments clear. You can create SSL certificates on your server or you can buy them and apply them manually. Paypal is already secure so there is really no reason to have a certificate on your site unless you just want to use it on your login page.


----------



## AKA Arizona (Jul 22, 2003)

They have a perl script for an apache server but im running winders, any idea on that?


----------



## Rockn (Jul 29, 2001)

Who has a perl script? If they are on Apache I haven't a clue setting up SSL on it.


----------



## AKA Arizona (Jul 22, 2003)

On the PayPal website its part of the merchant tools


----------



## Squashman (Apr 4, 2003)

You would just need to load Active Perl State on your Winders box.
http://www.activestate.com/Products/ActivePerl/


----------



## AKA Arizona (Jul 22, 2003)

OK so after installing the Active Perl I will be able to run perl scripts?


----------



## AKA Arizona (Jul 22, 2003)

I am not sure if this is a new thread but its in the same line, How do I set it up so when I enter say http://www.pcso.com/secure it will open a website with the https://www.pcso.com/secure/secure.aspx


----------



## Rockn (Jul 29, 2001)

Here is a tutorail for adding server certificates to Windows 2003 server:
http://www.isaserver.org/img/upl/vpnkitbeta2/installenterpriseca.htm

YOu can make any directory on your site use SSL in the IIS settings.


----------



## AKA Arizona (Jul 22, 2003)

OK and that will do as I discribed above correct


----------



## AKA Arizona (Jul 22, 2003)

Maybe I am trying to do the wrong thing here. How is a person prevented from viewing a page without a password?(actually I think I figured that one out but if someone could explain it so I can make sure I did it correctly. Then how would there user/password be entered on my server? that would be the perl script correct?


----------



## Sequal7 (Apr 15, 2001)

You can use .htaccess files to create the https: redirect;
http://www.whoopis.com/howtos/apache-rewrite.html
then if you needed multiple user logins variables create a user login area in asp, php or whatever then protect the critical pages with authoring script (part of your signup or login session) or if you want to manually add registered users, you can use a simple .htpasswd to verify user(s);
http://www.sysbotz.com/articles/webprotect.htm


----------



## AKA Arizona (Jul 22, 2003)

Does .htaccess work with winders 2003 server?


----------



## Rockn (Jul 29, 2001)

No it doesn't. From your second description it seems you do not need SSL. If you want to secure certain parts of your site set up a login section and have a session variable set for the pages you want secured, if the session variable does not match or they try and acces a page that requires one they will be given an error or thrown back to the login page. You would have to write this yourself. You could also use Windows authentication, but you would have to create a Windows user account for each person.


----------



## Squashman (Apr 4, 2003)

IISpassword. 
This way you don't have to setup NTLM authentication in IIS.
http://www.troxo.com/products/iispassword/


----------



## Rockn (Jul 29, 2001)

Cool, and it's free no less!


----------



## Squashman (Apr 4, 2003)

Rockn said:


> Cool, and it's free no less!


Free is my specialty!


----------



## AKA Arizona (Jul 22, 2003)

OK I have that downloaded I'll get it installed and see if does what I need it to, Squash do you use it?


----------



## Squashman (Apr 4, 2003)

AKA Arizona said:


> OK I have that downloaded I'll get it installed and see if does what I need it to, Squash do you use it?


No I don't. I am an Apache guy. Don't have those kinds of problems with Apache. I have recommended it to several people and most of them has said it works fine for them.


----------

