SSL redirect to non-SSL
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > SSL redirect to non-SSL




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    SSL redirect to non-SSL  
Daniel Kaplan


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
03-15-06 01:48 AM

Not sure if I am in the right group, but question.

If I am going from an SSL page to a non-SSL page (like after loggin on) is
there a way to get the browser to NOT give that "you are being redirected to
a non-secure page" ?

Thanks




[ Post a follow-up to this message ]



    Re: SSL redirect to non-SSL  
Bernard Cheah [MVP]


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
03-15-06 07:49 AM

I believe this is browse site issue. IIS will just redirect the request. it
is the browser that control the warning message.

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"Daniel Kaplan" <NoSPam@NoSpam.com> wrote in message
news:1142390142.647162@nntp.acecape.com...
> Not sure if I am in the right group, but question.
>
> If I am going from an SSL page to a non-SSL page (like after loggin on) is
> there a way to get the browser to NOT give that "you are being redirected
> to
> a non-secure page" ?
>
> Thanks
>
>
>




[ Post a follow-up to this message ]



    Re: SSL redirect to non-SSL  
David Wang [Msft]


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
03-15-06 12:49 PM

IIS cannot control browser configuration. If it could, that would be a
security vulnerability since a malicious website can just make browser
insecure and use it to hack the user.

Since you must make the browser go from HTTPS to HTTP, the browser will
observe the change, and you are complete up to browser configuration for
such a change. Nothing the webserver can do about it.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//

"Daniel Kaplan" <NoSPam@NoSpam.com> wrote in message
news:1142390142.647162@nntp.acecape.com...
> Not sure if I am in the right group, but question.
>
> If I am going from an SSL page to a non-SSL page (like after loggin on) is
> there a way to get the browser to NOT give that "you are being redirected
> to
> a non-secure page" ?
>
> Thanks
>
>
>




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 03:40 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register