We are trying to enable SSL for our web site. The softwares we are using are IIS 4.0, JRun 2.3.3. What we found out was, if the whole site is set up to require SSL(https://), then attempt to access any page using non-ssl will be denied. This is desired behavior. However, if we only set up a couple of directories requiring SSL, then users can still access them using non-ssl (http://...) to access JSP pages. Access to anything else, such as asp, html, are denied. It looks like JRun intercepted the access request before IIS does. What we really want is to achieve: 1. set up only selected directories in the website using SSL. 2. Access to JSP pages under these protected directories using http://... should be denied. Can anyone shed some light on this issue? Thanks, Jeff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
