First, each site that uses SSL, must be bound to an IP address. SSL sites can only be segmented by IP (and port) and cannot be segmented by host name.
The only implication by segmenting by host is that if a given site goes down (literally stopped) and if there is a site listening only on IP, it will "choose" that site. So, the effect is a user goes to site A and sees the stuff from site B. If all sites segment on host, this isn't a problem.
For public sites that assume 80 and 443 for http and https, you really can only segment on IP or host. Most users will not be expecting to navigate to something on a different port and you would need to open special ports on the hosting system's firewall to allow for requests on those ports.
发布评论
评论(1)
首先,每个使用 SSL 的站点都必须绑定到一个 IP 地址。 SSL 站点只能按 IP(和端口)分段,不能按主机名分段。
按主机分段的唯一含义是,如果给定站点出现故障(实际上是停止)并且有一个站点仅侦听 IP,它将“选择”该站点。因此,效果是用户访问站点 A 并看到站点 B 中的内容。如果所有站点都在主机上分段,则这不是问题。
对于假设 http 和 https 为 80 和 443 的公共站点,您实际上只能在 IP 或主机上进行分段。大多数用户不会期望导航到不同端口上的某些内容,并且您需要在托管系统的防火墙上打开特殊端口以允许这些端口上的请求。
First, each site that uses SSL, must be bound to an IP address. SSL sites can only be segmented by IP (and port) and cannot be segmented by host name.
The only implication by segmenting by host is that if a given site goes down (literally stopped) and if there is a site listening only on IP, it will "choose" that site. So, the effect is a user goes to site A and sees the stuff from site B. If all sites segment on host, this isn't a problem.
For public sites that assume 80 and 443 for http and https, you really can only segment on IP or host. Most users will not be expecting to navigate to something on a different port and you would need to open special ports on the hosting system's firewall to allow for requests on those ports.