|
Home > Archive > IIS Server Security > April 2006 > Port 80 still works after "Require secure channel (SSL)"
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Port 80 still works after "Require secure channel (SSL)"
|
|
| Shifarad 2006-04-28, 7:19 am |
| Hi all,
After i locked down a Win2003 Server I installed a certificate, checked the
"Require secure channel (SSL)" , but i can still logon to this web
application over http. https is working also fine.
Any Ideas?
Thanks,
Shif
| |
| David Wang [Msft] 2006-04-28, 7:19 am |
| "Require Secure Channel (SSL)" applies at a per-URL basis.
Port 80 functioning applies at a per-ServerBinding basis.
The two are not equivalent unless you mark the root of the website as
"Require Secure Channel" and it inherits throughout the website -- so the
fact that both HTTP and HTTPS work with "Require Secure Channel" depends
totally on your configuration, which you did not provide.
Please provide:
1. Exact URL that works for both HTTP and HTTPS
2. The value of the AccessSSLFlags property that applies to that URL
I suspect you have some non-obvious misconfiguration, perhaps via an
IIsWebFile, by accident.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Shifarad" <Shifarad@discussions.microsoft.com> wrote in message
news:ECD2A25E-3383-4AD2-A769-0E7BDAE43D5D@microsoft.com...
> Hi all,
> After i locked down a Win2003 Server I installed a certificate, checked
> the
> "Require secure channel (SSL)" , but i can still logon to this web
> application over http. https is working also fine.
>
> Any Ideas?
>
> Thanks,
> Shif
>
|
|
|
|
|