|
Home > Archive > IIS Server Security > March 2006 > IIS 6.0 SSL for whole site EXCEPT a few directories
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IIS 6.0 SSL for whole site EXCEPT a few directories
|
|
| Kevin Jackson 2006-03-01, 8:01 am |
| We deploy a ASP.NET 1.1 web app by creating a new website. The entire
website is set to SSL. We are hearing back from our operations people, it
then is not possible to turn off SSL for a few directories under the
website.
Shouldn't it be possible to go into the directories and turn off Require
Secure Channel?
The way we have gotten by this in the past is to not secure the whole
website and go through every folder we want to use SSL and turn on Require
Secure Channel but this takes quite a bit of time.
| |
| David Wang [Msft] 2006-03-01, 8:01 am |
| Your operations people are mistaken.
IIS is flexible. It allows either:
1. All directories require SSL EXCEPT for specific named ones
2. All directories work with HTTP and SOME specific named ones require SSL
The right choice? Depends on which is easiest and makes sense for you.
It sounds like you rather default to require SSL except for some specific
directories... which is easily supported by IIS.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Kevin Jackson" <kjackson@powerwayinc.com> wrote in message
news:u0qwrWLPGHA.344@TK2MSFTNGP11.phx.gbl...
> We deploy a ASP.NET 1.1 web app by creating a new website. The entire
> website is set to SSL. We are hearing back from our operations people, it
> then is not possible to turn off SSL for a few directories under the
> website.
>
> Shouldn't it be possible to go into the directories and turn off Require
> Secure Channel?
>
> The way we have gotten by this in the past is to not secure the whole
> website and go through every folder we want to use SSL and turn on Require
> Secure Channel but this takes quite a bit of time.
>
>
>
| |
| Kevin Jackson 2006-03-01, 5:54 pm |
| David,
So if SSL is turned on at the site level, we should still be able to go to
various files and directories and turn it off right?
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:uAQliITPGHA.2604@TK2MSFTNGP09.phx.gbl...
> Your operations people are mistaken.
>
> IIS is flexible. It allows either:
> 1. All directories require SSL EXCEPT for specific named ones
> 2. All directories work with HTTP and SOME specific named ones require SSL
>
> The right choice? Depends on which is easiest and makes sense for you.
>
> It sounds like you rather default to require SSL except for some specific
> directories... which is easily supported by IIS.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
>
> "Kevin Jackson" <kjackson@powerwayinc.com> wrote in message
> news:u0qwrWLPGHA.344@TK2MSFTNGP11.phx.gbl...
>
>
| |
| David Wang [Msft] 2006-03-03, 6:27 pm |
| Yup. It's simply the way the IIS configuration system works.
Values set at the parent node (i.e. site level) automatically inherit to the
children node UNLESS specifically overriden at the children node (i.e.
various files/directories).
So if you set any property globally or per-site, it automatically applies
everywhere UNLESS some child node decides to override it with another value.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Kevin Jackson" <kjackson@powerwayinc.com> wrote in message
news:%23tm43mTPGHA.1040@TK2MSFTNGP12.phx.gbl...
> David,
>
> So if SSL is turned on at the site level, we should still be able to go to
> various files and directories and turn it off right?
>
>
> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> news:uAQliITPGHA.2604@TK2MSFTNGP09.phx.gbl...
>
>
|
|
|
|
|