Re: force https

["Greg Stiavetti" <gstiavetti () rentoneonline com>]

Here's the real scoop, on the change to IIS6.0, to enforce only https access

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/8d9f2a8f-cd23-448c-b2c7-f4e87b9e2d2c.mspx


Greg Stiavetti
Network Administrator

office ~ 831.438.3141 ext. 213
e-mail ~ gstiavetti () RentOneOnline com

Rent One Online: The Fastest Growing 100% Web-based Vacation Rental 
Management Software


----- Original Message ----- 
From: "Keenan Smith" <kc_smith () clark net>
To: "'Leon'" <roastin () yahoo com>; <security-basics () securityfocus com>
Sent: Wednesday, July 13, 2005 10:32 AM
Subject: RE: force https


> In the properties for the web site, remove the TCP port number but leave
> the SSL port number.  Or shut down port 80 in your fire wall.  Or at the
> application level, all requests to http can be redirected to https.
>
> Keenan
>
> -----Original Message-----
> From: Leon [mailto:roastin () yahoo com]
> Sent: Thursday, July 07, 2005 10:18 AM
> To: security-basics () securityfocus com
> Subject: force https
>
>
> Hello,
>
> I have a web-based frontend for an application that
> users will be accessing.  It can use http or https.  I
> would like to allow only https.  This is a more
> relaxed company so it will be harder to enforce a
> management policy (as in dont do this do this) so I
> would like to enforce this through the use of
> techonlogy.  I know i could set a router acl to permit
> only https to the server but this seems kind of like a
> kludge (first off it wont prevent people on the same
> subnet from doing what they want).  How can I
> configure IIS to only except https connections?
>
> Thx,
>
> Leon
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com