Re: force https
From: Steven Matkoski (matkoski_at_nysernet.org)
Date: 07/12/05
- Previous message: Dieter Sarrazyn: "RE: Dsniff usage"
- In reply to: Leon: "force https"
- Next in thread: Micheal Espinola Jr: "Re: force https"
- Reply: Micheal Espinola Jr: "Re: force https"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 12 Jul 2005 10:04:30 -0400 To: Leon <roastin@yahoo.com>, security-basics@securityfocus.com
Hi Leon,
why not use a redirect/refresh on the http site and redirect to the https site?
then the redirect is transparent to the user. For example:
header of the http - index.html page:
<meta http-equiv="refresh" content="0; url=https://your.site.com/">
-s.
At 10:17 AM 7/7/2005, Leon wrote:
>Hello,
>
>I have a web-based frontend for an application that
>users will be accessing. It can use http or https. I
>would like to allow only https. This is a more
>relaxed company so it will be harder to enforce a
>management policy (as in dont do this do this) so I
>would like to enforce this through the use of
>techonlogy. I know i could set a router acl to permit
>only https to the server but this seems kind of like a
>kludge (first off it wont prevent people on the same
>subnet from doing what they want). How can I
>configure IIS to only except https connections?
>
>Thx,
>
>Leon
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam? Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com
- Previous message: Dieter Sarrazyn: "RE: Dsniff usage"
- In reply to: Leon: "force https"
- Next in thread: Micheal Espinola Jr: "Re: force https"
- Reply: Micheal Espinola Jr: "Re: force https"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
