Security Basics mailing list archives
Re: force https
From: Micheal Espinola Jr <michealespinola () gmail com>
Date: Tue, 12 Jul 2005 14:01:43 -0400
if the redirect is file based, the redirection can be avoided via direct links to alternate pages. for this to be fool proof in IIS, the redirect should be done at the Web Site level with an URL redirection to an alternate Web Site. The redirect should be applied to the home directory of the site (the site that responds to port 80). The alternate website should only respond to port 443. On 7/12/05, Steven Matkoski <matkoski () nysernet org> wrote:
Hi Leon, why not use a redirect/refresh on the http site and redirect to the https site? then the redirect is transparent to the user. For example: header of the http - index.html page: <meta http-equiv="refresh" content="0; url=https://your.site.com/"> -s. At 10:17 AM 7/7/2005, Leon wrote:Hello, I have a web-based frontend for an application that users will be accessing. It can use http or https. I would like to allow only https. This is a more relaxed company so it will be harder to enforce a management policy (as in dont do this do this) so I would like to enforce this through the use of techonlogy. I know i could set a router acl to permit only https to the server but this seems kind of like a kludge (first off it wont prevent people on the same subnet from doing what they want). How can I configure IIS to only except https connections? Thx, Leon __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
-- ME2 <http://www.santeriasys.net/>
Current thread:
- force https Leon (Jul 11)
- RE: force https Mike Tierney (Jul 12)
- Re: force https Greg Stiavetti (Jul 13)
- Re: force https Greg Stiavetti (Jul 12)
- Re: force https security (Jul 12)
- R: force https Blindhorizon (Jul 12)
- RE: force https Mutallip ABLIMIT (Jul 12)
- Re: force https Sean M. Duckett (Jul 12)
- Re: force https Steven Matkoski (Jul 12)
- Re: force https Micheal Espinola Jr (Jul 13)
- Re: force https Paul Kurczaba (Jul 13)
- RE: force https Keenan Smith (Jul 18)
- Re: force https Greg Stiavetti (Jul 20)
- Re: force https Ivan C (Jul 20)
- <Possible follow-ups>
- RE: force https Depp, Dennis M. (Jul 12)
- RE: force https Kirk Brady (Jul 13)
- RE: force https Mike Tierney (Jul 12)