Solved

Is a website still secure without HTTPS?

Posted on 2013-01-07
4
439 Views
Last Modified: 2013-01-08
Hello,

I have built a website and when I log in to the site, the site's URL turns to HTTPS. I have a valid certificate from Network Solutions, and the little logo from Network Solutions says the site is secure.  The home page has a HTTPS. However, I can go to a page's address in Internet Explorer and take out the "S" in the URL. The page still comes up, but is the HTTP request being transferred in an encrypted way when I take out the "S"?

Thanks.
0
Comment
Question by:PBIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 350 total points
ID: 38753904
No, it isn't.

Most sites have a listener on 443 (for https) and on 80 (for http) - your browser is smart enough to pick the correct port when you change the url.

you can verify this easily enough by running wireshark or microsoft network monitor (both free!) at same time as testing, and seeing what they can "see" of the traffic.
0
 
LVL 82

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 150 total points
ID: 38754091
You can also force https if wanted. In the website ssl settings, check require ssl
or do a url rewrite
<rule name="Force HTTPS" enabled="true">
        <match url="(.*)" ignoreCase="false" />
        <conditions>
            <add input="{HTTPS}" pattern="off" />
        </conditions>
        <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
    </rule>
0
 

Author Comment

by:PBIT
ID: 38755635
Ve3ofa,  would this code be placed in the aspx page? I am using c# ASP. NET.  Where would this code be?

I would want to force the pages to keep thier https as much as possible.

Thanks.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 350 total points
ID: 38755681
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question