G
Groove
Hopefully, this isn't too dumb of a question. I have a asp.net (2) app
running on a dedicated Windows 2003 server. My host provider who manages
the machine purchased and "installed" the SSL certificate and took care of
all of the details (no experience on my part) to enabled SSL on our app. We
can now browse the site using HTTPS. The little lock in IE appears and it
seems to be encrypted.
How can I prevent any of the app/site being viewed or browsed outside of
SSL? I can browse around the site and all seems fine. But if I remove the
"s" from the https in the URL, the site continues to work normally. This is
what I want to prevent. Is there some way in IIS6 to redirect all non-SSL
requests to the log in (default) page of the app in https?
Does this make sense?
(This server is running 2 sites and I'm using IIS to detect the host header
value and direct to the proper folder for the pages.)
running on a dedicated Windows 2003 server. My host provider who manages
the machine purchased and "installed" the SSL certificate and took care of
all of the details (no experience on my part) to enabled SSL on our app. We
can now browse the site using HTTPS. The little lock in IE appears and it
seems to be encrypted.
How can I prevent any of the app/site being viewed or browsed outside of
SSL? I can browse around the site and all seems fine. But if I remove the
"s" from the https in the URL, the site continues to work normally. This is
what I want to prevent. Is there some way in IIS6 to redirect all non-SSL
requests to the log in (default) page of the app in https?
Does this make sense?
(This server is running 2 sites and I'm using IIS to detect the host header
value and direct to the proper folder for the pages.)