HestonJames
Programmer
Hello Chaps,
I've got a site configured in IIS6 which I need to ensure is only accessible as https so that nobody is simply finding the paths of resources within the site and then hitting them over standard http.
I've played in the past with using server side code to check the url and pass the user onto an https version if they're not already looking at it, however, this doesn't work for resources which are not governed by the server side app, such as html, css, images etc etc.
I see in IIS directory security I'm able to enforce only https access and also 128-bit encryption! this is great as it keeps things secure however if the user browses to the basic domain name then they get an error message whereas I'd rather they just be forwarded to the https version of whatever resources they're trying to access.
I'd appreciate your thoughts on the best way to handle this.
Heston
I've got a site configured in IIS6 which I need to ensure is only accessible as https so that nobody is simply finding the paths of resources within the site and then hitting them over standard http.
I've played in the past with using server side code to check the url and pass the user onto an https version if they're not already looking at it, however, this doesn't work for resources which are not governed by the server side app, such as html, css, images etc etc.
I see in IIS directory security I'm able to enforce only https access and also 128-bit encryption! this is great as it keeps things secure however if the user browses to the basic domain name then they get an error message whereas I'd rather they just be forwarded to the https version of whatever resources they're trying to access.
I'd appreciate your thoughts on the best way to handle this.
Heston