Re: force https

From: Steven Matkoski (matkoski_at_nysernet.org)
Date: 07/12/05

  • Next message: Donotsend_at_hotmail.com: "Session Monitoring"
    Date: Tue, 12 Jul 2005 10:04:30 -0400
    To: Leon <roastin@yahoo.com>, security-basics@securityfocus.com
    
    

    Hi Leon,

    why not use a redirect/refresh on the http site and redirect to the https site?
    then the redirect is transparent to the user. For example:

    header of the http - index.html page:

    <meta http-equiv="refresh" content="0; url=https://your.site.com/">

    -s.
    At 10:17 AM 7/7/2005, Leon wrote:
    >Hello,
    >
    >I have a web-based frontend for an application that
    >users will be accessing. It can use http or https. I
    >would like to allow only https. This is a more
    >relaxed company so it will be harder to enforce a
    >management policy (as in dont do this do this) so I
    >would like to enforce this through the use of
    >techonlogy. I know i could set a router acl to permit
    >only https to the server but this seems kind of like a
    >kludge (first off it wont prevent people on the same
    >subnet from doing what they want). How can I
    >configure IIS to only except https connections?
    >
    >Thx,
    >
    >Leon
    >
    >__________________________________________________
    >Do You Yahoo!?
    >Tired of spam? Yahoo! Mail has the best spam protection around
    >http://mail.yahoo.com


  • Next message: Donotsend_at_hotmail.com: "Session Monitoring"

    Relevant Pages

    • Re: http://companyname/remote no longer redirects or works
      ... It seems that the SBSFLT ISAPI filter is missing. ... The filter is used to redirect all incoming ... RWW requests from HTTP to HTTPS if SSL is enabled. ... Microsoft CSS Online Newsgroup Support ...
      (microsoft.public.windows.server.sbs)
    • RE: HTTPS automatic redirection
      ... but there's no redirection to https. ... Don't want to do a static redirect, ... client will be ... >automatically redirected to the HTTPS Web site. ...
      (microsoft.public.inetserver.iis.security)
    • Re: redirect http to https for virtual directories
      ... at the URL and if it comes over "80" redirect to ... Enable anonymous access and unchecked the Require SSL ... If proper authentication is provided, ... custom error not handling http to https redirects ...
      (microsoft.public.inetserver.iis)
    • Re: automatically change from http to https
      ... HTTPS Test: ... Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file ... >>> my question is why is my installation auto correcting the link and his ... >> was disabled that kind of redirect would not work. ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: SSL Redirect for OWA 2003?
      ... Fresh Windows Server 2003, Fresh Exchange 2003. ... https: versions of the above 3 addreses. ... Step 3) Add a default.asp file to your wwwroot directory with the following ... redirect for #3, but I'm trying to get my users to stop remembering annoying ...
      (microsoft.public.exchange.setup)