Re: force https

[Micheal Espinola Jr <michealespinola () gmail com>]

if the redirect is file based, the redirection can be avoided via
direct links to alternate pages.

for this to be fool proof in IIS, the redirect should be done at the
Web Site level with an URL redirection to an alternate Web Site.  The
redirect should be applied to the home directory of the site (the site
that responds to port 80).  The alternate website should only respond
to port 443.

On 7/12/05, Steven Matkoski <matkoski () nysernet org> wrote:
> Hi Leon,
>
> why not use a redirect/refresh on the http site and redirect to the https site?
> then the redirect is transparent to the user. For example:
>
> header of the http - index.html page:
>
> <meta http-equiv="refresh" content="0; url=https://your.site.com/";>
>
> -s.
> At 10:17 AM 7/7/2005, Leon wrote:
> > Hello,
> >
> > I have a web-based frontend for an application that
> > users will be accessing.  It can use http or https.  I
> > would like to allow only https.  This is a more
> > relaxed company so it will be harder to enforce a
> > management policy (as in dont do this do this) so I
> > would like to enforce this through the use of
> > techonlogy.  I know i could set a router acl to permit
> > only https to the server but this seems kind of like a
> > kludge (first off it wont prevent people on the same
> > subnet from doing what they want).  How can I
> > configure IIS to only except https connections?
> >
> > Thx,
> >
> > Leon
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam protection around
> > http://mail.yahoo.com


-- 
ME2  <http://www.santeriasys.net/>