Shared or Exclusive IPs - Page 2

John W · 07-31-2010, 02:48 PM

This was a helpful discussion. Reading it, though, I still don't understand exactly why the main domain should be on its own IP address not shared with any clients. Maybe someone can explain that?

Also, I have a client I just set up a web store and purchased an SSL certificate for. And then after purchasing the certificate I recalled that tech support had told me I would need an exclusive IP I think for that domain alone. Is that correct? And why is a "dedicated" IP necessary?

Thanks!

**MikeMann** · 07-31-2010, 06:44 PM

Quote:

Originally Posted by John W

This was a helpful discussion. Reading it, though, I still don't understand exactly why the main domain should be on its own IP address not shared with any clients. Maybe someone can explain that?

Also, I have a client I just set up a web store and purchased an SSL certificate for. And then after purchasing the certificate I recalled that tech support had told me I would need an exclusive IP I think for that domain alone. Is that correct? And why is a "dedicated" IP necessary?

The SSL certificate is tied to an IP address through Plesk, this is why you need a dedicated IP address for that. Typically, you will want to have a dedicated IP address for each client who needs to have a SSL certificate setup for them. This would also be the reason it is suggested the main domain have its own IP address. For you to be able to add your own SSL certificate. At least, that's the way I see it.

John W · 07-31-2010, 11:10 PM

Thanks for the reply, Mike.

I did also talk to tech support about the first question. I'm not sure, but it sounds to me almost as if the reason might be more procedural than technical: that an SSL is supposed to certify a particular web site and can only really do that accurately if there's only one domain associated with the IP the SSL cert is associated with.

But I may not have understood clearly.

As far as the second question goes, if I'm not running payments or a web store or logins on my main domain, then does it really matter if my main domain in on an IP shared between it and a number of clients?

I set things up long before I ran across the recommendation to have just your main domain on one IP and all clients on another. So I'm trying to understand whether there's a compelling reason or advantage to move all clients to the one domain. Also relevant is whether I'd likely run into technical hassles by doing so.

**NexDog** · 08-01-2010, 04:55 AM

We encourage users to place a main domain on one IP and then clients on another IP in case a client gets DoSed (so your site would still be up).

As Mike says, a cert is applied to an IP. We can apply the IP direct to the certificate in the IP Pool but then if you have multiple sites on that IP going to https on any domain would show that certificate.

**RobbieLePommie** · 08-01-2010, 05:01 AM

John,

SSL is one reason.

The other critical reason: If one of your clients gets attacked by a DDOS (Denial of Service) attack, the techs will block access to the IP address being blocked.

If you use shared: all the clients on that server get affected - you won't be popular

If you use you MAIN exclusive IP, your MAIN website goes down as well as all your clients'. Clients won't know what's up, and you need to move everyone (inlcuding yourself)

If you use your SECOND exclusive IP, your clients go down, but your website stays up. You can then move your good clients to your first IP address, whilst the nasty one is fixed. Then restore later.

DDOS attacks on "casual" sites are rare, but you don't know if they happen or what triggers them. So this minimises the damage.

**RobbieLePommie** · 08-01-2010, 05:04 AM

Doh - type longer explinations, Laurence. Then I can finish mine first

John W · 08-01-2010, 07:40 PM

Thanks for the replies and explanations, Laurence & Rob. Very helpful and much appreciated!