Limiting traffic to the SSL version of the page only

Question

Limiting traffic to the SSL version of the page only

We have an external service that is currently available through HTTP (port 80, not SSL) and https (port 443, SSL).

What is the best way to limit the connection to only an https address? This is what we can do using IIS, or it needs to be done using code.

Additional information: The usual ASP.NET web service (.asmx) running on IIS on a Windows 2003 server. The service is built on C # on .NET 3.5.

+4

ssl web-services iis

mattsmith321 Aug 27 '08 at 19:25

source share

3 answers

Require SSL in the application
On the custom error page for 403, redirects the browser to the incoming URL, changing http to https along the way.

Note. Open port 80 for this - or there will be no server to listen to requests for redirection.

+5

Greg hurlman Aug 27 '08 at 19:28

source share

Is only the absence of any connections on port 80 an option? I am a complete noob web server, so I don’t know if the server can work without an insecure listening port, but if the server can only work with listening on port 443, which would seem to be the easiest option.

Another option would be to redirect from an insecure port to a secure one.

0

dagorym Aug 27 '08 at 19:31

source share

Duncan smart · Accepted Answer · 2008-08-27T19:34:52+0000

Greg Point Only 1. IIS Manager> Site Properties> Directory Security> Secure Communications> Require Secure Channel (SSL)

Limiting traffic to the SSL version of the page only

More articles: