Home/ Questions/Q 6665893
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T02:46:16+00:00

I was recently looking around at some of the features my current web host

  • 0

I was recently looking around at some of the features my current web host offers, and am now wondering about a few things. Even if you can only answer part of this, I appreciate any help you can provide.

I have a domain, mydomian.com, and the host offers shared SSL so I can use HTTPS by using this address https://mydomain.myhost.com. The SSL certificate is good for *.myhost.com.

  1. I don’t know a lot about SSL, but I’m assuming this means that the data between site users and ANY domain on myhost.com is encrypted. So was curious if this meant that if someone else on the same host as me somehow intercepted the data from my site would they be able to view it, since they would also have a https://theirdomain.myhost.com address, which uses the same SSL certificate? I may have no idea at all, and this was pretty much a guess.

  2. If HTTPS is used on a login page, but after logging in the other pages are viewed over HTTP, is this a security issue?

  3. Is there any way to show a web form via HTTP for bots like Google, but have real users redirected to the HTTPS version? Would be ideal if this could be done via .htaccess. I currently have some rewrite rules that redirect certain pages to HTTPS, but the rest as HTTP. So if a visitor visits the contact form they get the HTTPS version automatically, but it automatically switches back to HTTP for pages that don’t contain forms. So, via htaccess, is there a way to direct real users to the HTTPS version, but have bots directed to the HTTP version? I would like these pages to still be indexed by the search engines, but would like users to see it via HTTPS.

Thanks in advance for any help you can provide.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’m going to guess you’ll be okay for number one. If your host does it correctly, individual subdomains never get to see the SSL keys. Here’s how it would work:

    1. Some guy with a browser sends an encrypted request to your subdomain server.
    2. Your host’s master server receives the request and decrypts it.
    3. The master server sends the decrypted request to your subdomain server.

    And any HTTPS responses you send back go through that process in reverse. It should be easy to check if they’ve set things up that way: If you can set up shared SSL without personally handling any key files, you’re good. If you actually get your hands on some key files… not good.

    For two: If you encrypt the login, you protect the passwords, which is good. But if you switch back to HTTP afterwards, you open yourself up to other attacks. See: Firesheep. There may be others.

    And for three. Yes – definitely doable. Check out mod_rewrite. Can’t give you an example, as I’ve never used this particular case, but I can point you to this page – particularly the section entitled “Browser Dependent Content.”

    Hope that helps!

    • 0