Only Allowing HTTPS

[TamedTech]

Hello Chaps,

I baught myself a shiny new SSL certificate this morning and have now installed it onto my site and everything seems to be working a real charm, when I browse to https:// I get the lovely padlock and all that stuff.

Now, the problem is that the unencrypted version of my site is still available through http:// which is not a good thing. I've spoken to a few of my software developer buddies and they've all given me code solutions to the problem, but to be honst that seems a little poor, I'd much rather have a proper network setup to stop people browsing the http:// version, and just as importantly, if they DO try, then forward them to the https:// version of the site.

Whats the best way to handle this?

Many thanks guys,

Rob

 

[porkchopexpress]

I think you need to check the Require secure channel (SSL) check box, i'm not certain so test it first.

http://www.microsoft.com/technet/pr...977-14f8-4867-9c51-34c346d48b04.mspx?mfr=true

 

[TechCarnivore]

Just curious, couldn't you remove Port 80 from the site properties leaving only the SSL port available?

 

[kmcferrin]

You can do it so that it requires a secure connection, but then if you don't use the https:// in your URL then it will just come back with a "page cannot be displayed" error. But if you do it programmatically like your friends suggested (i.e., put in a redirect page that gives them the https:// URL and then redirects them 5 seconds later) then you get the double benefit of using SSL as well as making sure that people can find the site.

For for example, your web site is usually stored in c:\inetpub\

http://wwwroot.

Move the entire site to c:\inetpub\

http://wwwroot\mysite.

Then set permissions on the "mysite" directory to require the secure connection. Then put the redirect page in c:\inetpub\

http://wwwroot

that points to

https://www.yourdomain.com/mysite.