0 Replies Latest reply on Oct 22, 2004 4:21 AM by Toni Beckman

    Using HTTPS for parts of a webapplication

    Toni Beckman Novice


      I have setup HTTPS with client authentification and everything runs smoothly.

      In my webapplication I have pages, which should be accessed via HTTPS only.

      However, access to any other pages should be allowed via http.

      In terms of URLs the scenario can be described as follows:

      HTTPS://mydomainname.com:8443/secret_data/ # Access allowed
      HTTP://mydomainname.com/secret_data/ # Access forbidden
      HTTP://mydomainname.com/* # Access allowed

      People who access http://mydomainname.com/secret_data/ do not have to get redirected to "HTTPS://mydomainname.com:8443/secret_data/". Access should just be denied.

      So to make a long story short: I want that access is denied to people who try to access pages below "mydomainname.com/secret_data/" via http .

      On the other hand acces to pages via HTTPS should be granted. I have no idea how I can set this up using only one webapplication - which is what I want.

      Note: I'm not using apache so I can't use any apache directives to restrict access to "/secret_data"!