It is not clear to me what you are trying to accomplish.
By the time the user's HTTPS request gets redirected by your website,
your webserver has already spent 90% of the CPU cycles doing the SSL
handshake, only to tell the user to make ANOTHER HTTP request to your
server. Thus, your redirection idea doubles the number of requests
(increasing bandwidth usage) to your server and does not save any CPU
cycles from SSL.
Basically, you cannot control whether users or robots use HTTP or
HTTPS to reach your website. Since SSL binds at an IP:Port level, you
cannot do URL-level access control like "prevent people from accessing
certain pages via HTTPS". You have to take the CPU hit to do SSL just
to find out which URL they are trying to access.
A better solution is to not have Google index your HTTPS pages.
//David
http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang //
On Feb 22, 10:48=A0am, Brian Madden
[quoted text, click to view] <BrianMad...@discussions.microsoft.com> wrote:
> Hello All,
>
> Is there an easy way to prevent people from accessing certain pages via
> HTTPS? Basically google is indexing some pages via HTTPS, and we'd just li=
ke
> to forward people to the HTTP version if they happen to accidentally land =
on
> an HTTPS version.
>
> My first thought was to just setup a second site in IIS, and to make that
> one only HTTPS and set it up just to be a forwarding site. Then I'd remove=
> the SSL port from the main site in IIS and all would be good! The only
> problem with that is that there are some pages we need HTTPS for in the ma=
in
> site, so I can't really just disable SSL on that site altogether.
>
> So, any ideas out there? It seems that it should be simple, but I'm bangin=
g
> my head against a wall here.
>
> Thanks in advance!
> Brian
Is there any reason why you don't want the users using HTTPS?
But if you really need to do this, can't you use a HTTP module or otherwise
put some code into your pages, that perform the redirect for you?
I'm struggling to think of any native IIS functionality that does this, so i
think you need to do it in your application.
Cheers
Ken
[quoted text, click to view] "Brian Madden" <BrianMadden@discussions.microsoft.com> wrote in message
news:0A8D5FD6-64CD-4F10-9F14-69C72A2306B3@microsoft.com...
> Hello All,
>
> Is there an easy way to prevent people from accessing certain pages via
> HTTPS? Basically google is indexing some pages via HTTPS, and we'd just
> like
> to forward people to the HTTP version if they happen to accidentally land
> on
> an HTTPS version.
>
> My first thought was to just setup a second site in IIS, and to make that
> one only HTTPS and set it up just to be a forwarding site. Then I'd remove
> the SSL port from the main site in IIS and all would be good! The only
> problem with that is that there are some pages we need HTTPS for in the
> main
> site, so I can't really just disable SSL on that site altogether.
>
> So, any ideas out there? It seems that it should be simple, but I'm
> banging
> my head against a wall here.
>
> Thanks in advance!
> Brian
Don't see what you're looking for? Try a search.
