|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
SSL problemI have installed a Certificate and it seems correct but I am not doing
something correctly. IIS5, Server 2000. I used FrontPage to create a sub site 'test2" and checked the "require secure connection" option. FrontPage see the site as https//www.blah.blah/test2 When I brows to it https//www.blah.blah/test2 and http//www.blah.blah/test2 both work. So is there something I should be doing in IIS to restrict access to https only? Thanks John Sometime you need to clear your browser cache. See if that works
Show quoteHide quote "John Brennan" wrote: > I have installed a Certificate and it seems correct but I am not doing > something correctly. IIS5, Server 2000. I used FrontPage to create a sub > site 'test2" and checked the "require secure connection" option. FrontPage > see the site as https//www.blah.blah/test2 > > When I brows to it https//www.blah.blah/test2 and http//www.blah.blah/test2 > both work. So is there something I should be doing in IIS to restrict access > to https only? > > Thanks > > John > > > There are two areas that control SSL in a FP web site.
The FrontPage server extensions administration tool (a blue and white web site) where you can check "require ssl". That one dictates that you edit with FrontPage in SSL. (it's supposed to anyway, I don't use it) There is also a setting in IIS concerning forcing all connections to use HTTPS. Checking that on a folder will cause a 503 error page to appear instead of the actual page if the user attempts to use HTTP rather than HTTPS. You are getting these two. You are BROWSING which is the second option above. FrontPage (I expect) will not let you log in unless you use HTTPS mode in the "Open Web" option. (The first option has _nothing_ to do with how browsing occurs.) So... the question is what are you trying to accomplish? Users view the site in HTTPS? Or editing in HTTPS so non-NTLM passwords are safe from a network full of bored college students with packet sniffers? Those are separate problems that need to be treated separately for solutions. Show quoteHide quote "John Brennan" <bren***@ohiou.edu> wrote in message news:eaikkGLhGHA.1324@TK2MSFTNGP04.phx.gbl... >I have installed a Certificate and it seems correct but I am not doing >something correctly. IIS5, Server 2000. I used FrontPage to create a sub >site 'test2" and checked the "require secure connection" option. FrontPage >see the site as https//www.blah.blah/test2 > > When I brows to it https//www.blah.blah/test2 and > http//www.blah.blah/test2 both work. So is there something I should be > doing in IIS to restrict access to https only? > > Thanks > > John > > My goal was to users view the pages in https.
Thanks John Show quoteHide quote "Funkadyleik Spynwhanker" <youreallywantoemailmepu***@winblows.gov> wrote in message news:447db0c0$1_2@newspeer2.tds.net... > There are two areas that control SSL in a FP web site. > > The FrontPage server extensions administration tool (a blue and white web > site) where you can check "require ssl". That one dictates that you edit > with FrontPage in SSL. (it's supposed to anyway, I don't use it) > > There is also a setting in IIS concerning forcing all connections to use > HTTPS. Checking that on a folder will cause a 503 error page to appear > instead of the actual page if the user attempts to use HTTP rather than > HTTPS. > > You are getting these two. You are BROWSING which is the second option > above. FrontPage (I expect) will not let you log in unless you use HTTPS > mode in the "Open Web" option. (The first option has _nothing_ to do with > how browsing occurs.) > > So... the question is what are you trying to accomplish? > > Users view the site in HTTPS? > > Or editing in HTTPS so non-NTLM passwords are safe from a network full of > bored college students with packet sniffers? > > Those are separate problems that need to be treated separately for > solutions. > > "John Brennan" <bren***@ohiou.edu> wrote in message > news:eaikkGLhGHA.1324@TK2MSFTNGP04.phx.gbl... >>I have installed a Certificate and it seems correct but I am not doing >>something correctly. IIS5, Server 2000. I used FrontPage to create a sub >>site 'test2" and checked the "require secure connection" option. FrontPage >>see the site as https//www.blah.blah/test2 >> >> When I brows to it https//www.blah.blah/test2 and >> http//www.blah.blah/test2 both work. So is there something I should be >> doing in IIS to restrict access to https only? >> >> Thanks >> >> John >> >> > > You need to check the box in IIS then.
Though, that's a really bad way to do it. You are much better off getting and using a very common ASP redirect script that redirects any user opening a page in HTTP to HTTPS. It's in a KB article somewhere concerning forcing SSL in Exchange server, but works on any site with IIS. (Or, probably Google groups has an archive of similar discussions that have it.) Show quoteHide quote "John Brennan" <bren***@ohiou.edu> wrote in message news:O6ARiqMhGHA.4404@TK2MSFTNGP05.phx.gbl... > My goal was to users view the pages in https. > > Thanks > John > "Funkadyleik Spynwhanker" <youreallywantoemailmepu***@winblows.gov> wrote > in message news:447db0c0$1_2@newspeer2.tds.net... >> There are two areas that control SSL in a FP web site. >> >> The FrontPage server extensions administration tool (a blue and white web >> site) where you can check "require ssl". That one dictates that you edit >> with FrontPage in SSL. (it's supposed to anyway, I don't use it) >> >> There is also a setting in IIS concerning forcing all connections to use >> HTTPS. Checking that on a folder will cause a 503 error page to appear >> instead of the actual page if the user attempts to use HTTP rather than >> HTTPS. >> >> You are getting these two. You are BROWSING which is the second option >> above. FrontPage (I expect) will not let you log in unless you use HTTPS >> mode in the "Open Web" option. (The first option has _nothing_ to do with >> how browsing occurs.) >> >> So... the question is what are you trying to accomplish? >> >> Users view the site in HTTPS? >> >> Or editing in HTTPS so non-NTLM passwords are safe from a network full of >> bored college students with packet sniffers? >> >> Those are separate problems that need to be treated separately for >> solutions. >> >> "John Brennan" <bren***@ohiou.edu> wrote in message >> news:eaikkGLhGHA.1324@TK2MSFTNGP04.phx.gbl... >>>I have installed a Certificate and it seems correct but I am not doing >>>something correctly. IIS5, Server 2000. I used FrontPage to create a sub >>>site 'test2" and checked the "require secure connection" option. >>>FrontPage see the site as https//www.blah.blah/test2 >>> >>> When I brows to it https//www.blah.blah/test2 and >>> http//www.blah.blah/test2 both work. So is there something I should be >>> doing in IIS to restrict access to https only? >>> >>> Thanks >>> >>> John >>> >>> >> >> > > Thanks
Show quoteHide quote "Funkadyleik Spynwhanker" <youreallywantoemailmepu***@winblows.gov> wrote in message news:447de564$1_3@newspeer2.tds.net... > You need to check the box in IIS then. > > Though, that's a really bad way to do it. > > You are much better off getting and using a very common ASP redirect > script that redirects any user opening a page in HTTP to HTTPS. > > It's in a KB article somewhere concerning forcing SSL in Exchange server, > but works on any site with IIS. (Or, probably Google groups has an archive > of similar discussions that have it.) > > "John Brennan" <bren***@ohiou.edu> wrote in message > news:O6ARiqMhGHA.4404@TK2MSFTNGP05.phx.gbl... >> My goal was to users view the pages in https. >> >> Thanks >> John >> "Funkadyleik Spynwhanker" <youreallywantoemailmepu***@winblows.gov> wrote >> in message news:447db0c0$1_2@newspeer2.tds.net... >>> There are two areas that control SSL in a FP web site. >>> >>> The FrontPage server extensions administration tool (a blue and white >>> web site) where you can check "require ssl". That one dictates that you >>> edit with FrontPage in SSL. (it's supposed to anyway, I don't use it) >>> >>> There is also a setting in IIS concerning forcing all connections to use >>> HTTPS. Checking that on a folder will cause a 503 error page to appear >>> instead of the actual page if the user attempts to use HTTP rather than >>> HTTPS. >>> >>> You are getting these two. You are BROWSING which is the second option >>> above. FrontPage (I expect) will not let you log in unless you use >>> HTTPS mode in the "Open Web" option. (The first option has _nothing_ to >>> do with how browsing occurs.) >>> >>> So... the question is what are you trying to accomplish? >>> >>> Users view the site in HTTPS? >>> >>> Or editing in HTTPS so non-NTLM passwords are safe from a network full >>> of bored college students with packet sniffers? >>> >>> Those are separate problems that need to be treated separately for >>> solutions. >>> >>> "John Brennan" <bren***@ohiou.edu> wrote in message >>> news:eaikkGLhGHA.1324@TK2MSFTNGP04.phx.gbl... >>>>I have installed a Certificate and it seems correct but I am not doing >>>>something correctly. IIS5, Server 2000. I used FrontPage to create a sub >>>>site 'test2" and checked the "require secure connection" option. >>>>FrontPage see the site as https//www.blah.blah/test2 >>>> >>>> When I brows to it https//www.blah.blah/test2 and >>>> http//www.blah.blah/test2 both work. So is there something I should be >>>> doing in IIS to restrict access to https only? >>>> >>>> Thanks >>>> >>>> John >>>> >>>> >>> >>> >> >> > > 
Other interesting topics
Private & Public Key storage location
HOW TO IIS -Security Security in SMTP Virtual Server Application Pool domain credentials IP Address and Domain Name Restrictions button greyed out - Help ! Access problems on "Windows Server 2003 Web Edition". using IIS 6.0 ASP error script and trojan IIS HTTPS + Windows XP How can digitally signed executable be "secure" ? HTTP Error 403.6 - Forbidden: IP address of the client has been re |
|||||||||||||||||||||||
