Re: force https

["Greg Stiavetti" <gstiavetti () rentoneonline com>]

That requires port 80 be open at the firewall to work. If the topic is 
security and not convenience, close the port?

Greg Stiavetti
Network Administrator

office ~ 831.438.3141 ext. 213
e-mail ~ gstiavetti () RentOneOnline com

Rent One Online: The Fastest Growing 100% Web-based Vacation Rental 
Management Software


----- Original Message ----- 
From: "Mike Tierney" <miket () marketview co nz>
To: "'Leon'" <roastin () yahoo com>; <security-basics () securityfocus com>
Sent: Monday, July 11, 2005 2:57 PM
Subject: RE: force https


> You could always just make the http page redirect to the https page?
>
> Or am I missing something? <---- not web expert
>
> Cheers
> Mike
>
> > -----Original Message-----
> > From: Leon [mailto:roastin () yahoo com]
> > Sent: Friday, 8 July 2005 2:18 a.m.
> > To: security-basics () securityfocus com
> > Subject: force https
> >
> > Hello,
> >
> > I have a web-based frontend for an application that users
> > will be accessing.  It can use http or https.  I would like
> > to allow only https.  This is a more relaxed company so it
> > will be harder to enforce a management policy (as in dont do
> > this do this) so I would like to enforce this through the use
> > of techonlogy.  I know i could set a router acl to permit
> > only https to the server but this seems kind of like a kludge
> > (first off it wont prevent people on the same subnet from
> > doing what they want).  How can I configure IIS to only
> > except https connections?
> >
> > Thx,
> >
> > Leon
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam protection
> > around http://mail.yahoo.com