Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Is a website still secure without HTTPS?

Posted on 2013-01-07
4
Medium Priority
?
440 Views
Last Modified: 2013-01-08
Hello,

I have built a website and when I log in to the site, the site's URL turns to HTTPS. I have a valid certificate from Network Solutions, and the little logo from Network Solutions says the site is secure.  The home page has a HTTPS. However, I can go to a page's address in Internet Explorer and take out the "S" in the URL. The page still comes up, but is the HTTP request being transferred in an encrypted way when I take out the "S"?

Thanks.
0
Comment
Question by:PBIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 1400 total points
ID: 38753904
No, it isn't.

Most sites have a listener on 443 (for https) and on 80 (for http) - your browser is smart enough to pick the correct port when you change the url.

you can verify this easily enough by running wireshark or microsoft network monitor (both free!) at same time as testing, and seeing what they can "see" of the traffic.
0
 
LVL 83

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 600 total points
ID: 38754091
You can also force https if wanted. In the website ssl settings, check require ssl
or do a url rewrite
<rule name="Force HTTPS" enabled="true">
        <match url="(.*)" ignoreCase="false" />
        <conditions>
            <add input="{HTTPS}" pattern="off" />
        </conditions>
        <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
    </rule>
0
 

Author Comment

by:PBIT
ID: 38755635
Ve3ofa,  would this code be placed in the aspx page? I am using c# ASP. NET.  Where would this code be?

I would want to force the pages to keep thier https as much as possible.

Thanks.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 1400 total points
ID: 38755681
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question