Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

R: force https

From: "Blindhorizon" <blindhorizon () tiscali ti>
Date: Tue, 12 Jul 2005 00:11:06 +0200
Hi
        you can do a couple of things:
        you can erase the application in IIS working on 80 port, so people
can find something only on the 443 port, where the https application works
(with a normal http request they won't found anything)...or you can do
something smarter: on the website using http you can put a web page with a
meta redirecting on the https link you wany all people to use...

Bye

-----Messaggio originale-----
Da: Leon [mailto:roastin () yahoo com] 
Inviato: giovedì 7 luglio 2005 16.18
A: security-basics () securityfocus com
Oggetto: force https

Hello,

I have a web-based frontend for an application that users will be accessing.
It can use http or https.  I would like to allow only https.  This is a more
relaxed company so it will be harder to enforce a management policy (as in
dont do this do this) so I would like to enforce this through the use of
techonlogy.  I know i could set a router acl to permit only https to the
server but this seems kind of like a kludge (first off it wont prevent
people on the same subnet from doing what they want).  How can I configure
IIS to only except https connections?

Thx,

Leon

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: