Security Basics mailing list archives

RE: force https

From: "Keenan Smith" <kc_smith () clark net>
Date: Wed, 13 Jul 2005 13:32:41 -0400

In the properties for the web site, remove the TCP port number but leave
the SSL port number.  Or shut down port 80 in your fire wall.  Or at the
application level, all requests to http can be redirected to https.

Keenan

-----Original Message-----
From: Leon [mailto:roastin () yahoo com] 
Sent: Thursday, July 07, 2005 10:18 AM
To: security-basics () securityfocus com
Subject: force https

Hello,

I have a web-based frontend for an application that
users will be accessing.  It can use http or https.  I
would like to allow only https.  This is a more
relaxed company so it will be harder to enforce a
management policy (as in dont do this do this) so I
would like to enforce this through the use of
techonlogy.  I know i could set a router acl to permit
only https to the server but this seems kind of like a
kludge (first off it wont prevent people on the same
subnet from doing what they want).  How can I
configure IIS to only except https connections?

Thx,

Leon

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Current thread:

RE: force https, (continued)
- RE: force https Mike Tierney (Jul 12)
  - Re: force https Greg Stiavetti (Jul 13)
- Re: force https Greg Stiavetti (Jul 12)
- Re: force https security (Jul 12)
- R: force https Blindhorizon (Jul 12)
- RE: force https Mutallip ABLIMIT (Jul 12)
- Re: force https Sean M. Duckett (Jul 12)
- Re: force https Steven Matkoski (Jul 12)
  - Re: force https Micheal Espinola Jr (Jul 13)
- Re: force https Paul Kurczaba (Jul 13)
- RE: force https Keenan Smith (Jul 18)
  - Re: force https Greg Stiavetti (Jul 20)
  - Re: force https Ivan C (Jul 20)
- RE: force https Depp, Dennis M. (Jul 12)
- RE: force https Kirk Brady (Jul 13)