Question

Locked

HTTPS security isue

By vipul.baijal ·
Dear Techies
I have a websiter whose URL starts with "HTTPS://"
However if I try to open the URL using "HTTP://" , it works.

How can I prevent this?

The code is written in ASP.

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Reroute..............

by ThumbsUp2 In reply to HTTPS security isue

Put up an index page that reroutes anyone visiting the HTTP to the HTTPS URL.

Collapse -

re: Your Personal Message (PM)

by ThumbsUp2 In reply to Reroute..............

I received your personal message (PM). In the future, please don't send personal messages to people unless you know who you're sending to. It exposes your true email address, which I see is a bank, and could open you up to a whole slew of new SPAM. In addition, most of us will not reply to a personal message, exposing our own email address, unless we invited you to send one.

For the benefit of everyone else reading this forum/thread who might have the same questions as you do, I'm going to post your PM here and attempt to answer it. So, here is the personal message:

I m actually new to the team & no one knows if we are actully using a SSL. Although I can see the padlock icon in the status bar, I want to confirm if my site is actually SSL enabled. How do I check it ?

If SSL was not enabled, you would not be able to reach the HTTPS URL and you would not have a padlock icon.

However, customers attempting to reach your HTTPS web site will still receive a warning that it MAY not be secure unless you purchase a site security certificate and install it on your server. Verisign is one source of security certificates. GoDaddy is another. There are many others who provide this service, so make sure you go with the reputable ones. I personally use GoDaddy. But, for a bank, I would stick with Verisign.

When you purchase the security certificate for your site, THEY check to make sure that it is indeed secure before they issue the certificate. If it's not, they won't issue it.

.

Collapse -

Block the http port at the firewall

by The 'G-Man.' In reply to HTTPS security isue

or on the local machine.

Collapse -

Redirect in the DNS is the best option

by jdclyde In reply to Block the http port at th ...

unless someone is copying in a link, no one actually writes out the http:// anyways.

If people are hitting that, it is because it is registered that way.

Have all hits to the domain go to the https

and then turn that port OFF on the server. It is vulnerable to exploit.

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums