views:

381

answers:

4

We have an external service that is currently accessible via the http (port 80, non-SSL) and https (port 443, SSL) addresses.

What is the best way to limit connections to only the https address? Is it something we can do via IIS or does it have to be done via code.

Additional info: Regular ASP.NET web service (.asmx) running on IIS on Windows 2003 server. Service is built with C# on .NET 3.5.

Thanks, Matt

+4  A: 
  1. Require SSL on the application
  2. In a custom error page for the 403 redirect the browser to the incoming URL, changing http to https along the way.

Note: Keep port 80 open for this - or there won't be a server to listen for requests to redirect.

Greg Hurlman
A: 

Is just not accepting any connections on port 80 an option? I'm a complete web server noob so I don't know if the server can operate without an unsecured listen port but if the server can operate only listen on port 443 that would seem to be simplest option.

Another option would be a redirect from the unsecure port to the secure one

dagorym
+2  A: 

Just to clarify Greg's point 1. IIS Manager > Site properties > Directory Security > Secure Communications > Require Secure Channel (SSL)

Duncan Smart
A: 

@Greg - While your answer was first and 'Require SSL on the application' is correct, I was looking for the specific way to do that in IIS.

@Duncan - Thanks for following up with the details. That made it super easy and was what I was looking for. I was pretty close in my digging in IIS but I was working locally and everything under 'Secure communications' was greyed out and also had me thinking it was specific to client certificates. Your answer prompted me to go to a real server and find the options available.

@dagorym - Yes, that was what I was looking to do but needed a little guidance on how to do it in IIS (if it could be done).

@all - This is actually my first post here and only got access this morning so I may or may not have followed protocol. I'll get better as I spend more time here. Thanks for your patience.

Matt

mattsmith321