Re: force https

From: Steven Matkoski (matkoski_at_nysernet.org)
Date: 07/12/05

  • Next message: Donotsend_at_hotmail.com: "Session Monitoring"
    Date: Tue, 12 Jul 2005 10:04:30 -0400
    To: Leon <roastin@yahoo.com>, security-basics@securityfocus.com
    
    

    Hi Leon,

    why not use a redirect/refresh on the http site and redirect to the https site?
    then the redirect is transparent to the user. For example:

    header of the http - index.html page:

    <meta http-equiv="refresh" content="0; url=https://your.site.com/">

    -s.
    At 10:17 AM 7/7/2005, Leon wrote:
    >Hello,
    >
    >I have a web-based frontend for an application that
    >users will be accessing. It can use http or https. I
    >would like to allow only https. This is a more
    >relaxed company so it will be harder to enforce a
    >management policy (as in dont do this do this) so I
    >would like to enforce this through the use of
    >techonlogy. I know i could set a router acl to permit
    >only https to the server but this seems kind of like a
    >kludge (first off it wont prevent people on the same
    >subnet from doing what they want). How can I
    >configure IIS to only except https connections?
    >
    >Thx,
    >
    >Leon
    >
    >__________________________________________________
    >Do You Yahoo!?
    >Tired of spam? Yahoo! Mail has the best spam protection around
    >http://mail.yahoo.com


  • Next message: Donotsend_at_hotmail.com: "Session Monitoring"