A first draft of the iis rewrite rules may look something like this.
However, thought needs to be given to content server from within the webtop
that is not actually within the webtop, such as the FarCry cache.
<rewrite>
<rules>
<clear />
<rule name="Use https for webtop and cfide" stopProcessing="
true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures=
"false">
<add input="{HTTPS}" pattern="off" />
<add input="{URL}" pattern="(^/webtop|^/cfide)(.*)"/>
</conditions>
<action type="Redirect" url="
https://{HTTP_HOST}{REQUEST_URI}"; appendQueryString="false" redirectType="
Temporary" />
</rule>
<rule name="use http for everything except webtop and cfide"
stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures=
"false">
<add input="{HTTPS}" pattern="on" />
<add input="{URL}" pattern="(^/webtop|^/cfide)(.*)"
negate="true" />
</conditions>
<action type="Redirect" url="
http://{HTTP_HOST}{REQUEST_URI}"; appendQueryString="false" redirectType="
Temporary" />
</rule>
<rule name="FarCry inbound rewrite" stopProcessing="true">
<match url="^([^\.]+)$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures=
"false">
<add input="{URL}" pattern="
(^/form|^/induction|^/servicesites|^/imsp|^/farcry|^/webtop|^/flex2gateway|^/flashservices|^/cfide)($|/)
" negate="true" />
</conditions>
<action type="Rewrite" url="/index.cfm?furl=/{R:1}&
{C:1}" />
</rule>
</rules>
</rewrite>
On Wednesday, February 20, 2013 12:09:43 PM UTC+11, tHeSmUrF wrote:
>
> Hi,
>
> We are looking at a way to secure the webtop on our sites with SSL and was
> wondering what the best way was to achieve this. We only want to secure
> the webtop, not the frontend of the sites. We are using IIS7.5
>
> We have looked at using rules to force requests to the webtop to the https
> binding but this creates another problem. If a content editor previews a
> page and navigates around the site it’s all on https. If they then
> copy/paste a link into FarCry there is a chance of them pasting a complete
> link including https. While they shouldn’t be pasting full links it is a
> possibility and I would like a solution that avoids this from happening.
>
> One idea was to have all requests to webtop rewritten to https and then a
> second rule that had any requests NOT going to webtop rewritten to http.
> While
> I think this would work it seems a bit messy.
>
> Has anyone got a better way to use SSL only for the webtop?
>
> While on this topic, I’ve been thinking that we need to protect the entire
> webtop but is that offering any real benefits over just projecting
> login.cfm with SSL (e.g. doing something similar to this post
> **<https://groups.google.com/forum/?fromgroups#!searchin/farcry-dev/SSL/farcry-dev/12hdzk_qunc/hTmGUDX2cDIJ>
> *
> https://groups.google.com/forum/?fromgroups#!searchin/farcry-dev/SSL/farcry-dev/12hdzk_qunc/hTmGUDX2cDIJ<https://groups.google.com/forum/?fromgroups#!searchin/farcry-dev/SSL/farcry-dev/12hdzk_qunc/hTmGUDX2cDIJ)><https://groups.google.com/forum/?fromgroups#!searchin/farcry-dev/SSL/farcry-dev/12hdzk_qunc/hTmGUDX2cDIJ)>
> *<https://groups.google.com/forum/?fromgroups#!searchin/farcry-dev/SSL/farcry-dev/12hdzk_qunc/hTmGUDX2cDIJ)>
> )
>
> Cheers
> Mark
>
--
You received this message cos you are subscribed to "farcry-dev" Google group.
To post, email: [email protected]
To unsubscribe, email: [email protected]
For more options: http://groups.google.com/group/farcry-dev
--------------------------------
Follow us on Twitter: http://twitter.com/farcry
---
You received this message because you are subscribed to the Google Groups
"farcry-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
