gpt4 book ai didi

ssl - IIS:HTTPS 绑定(bind)的 RequireSSL false

转载 作者:太空宇宙 更新时间:2023-11-03 13:36:38 26 4
gpt4 key购买 nike

在仅具有 https 绑定(bind)的 IIS 网站中,我转到 SSL 设置:

将 RequireSSL 设置为 true 或 false 有什么区别?

最佳答案

从这里(http://weblogs.asp.net/scottgu/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates):

  • The IIS 7.0 admin tool has an "SSL Settings" node that you can select for each site, directory or file that allows you to control whether that particular resource (and by default its children) requires an SSL request in order to execute. This is useful for pages like a login.aspx page, where you want to guarantee that users can only enter their credentials when they are posting via an encrypted channel. If you configure the login.aspx page to require SSL, IIS 7.0 will block browsers from accessing it unless they are doing so over SSL.
  • Within an ASP.NET page or handler, you can programmatically check whether the current request is using SSL by checking the Request.IsSecure property (it will return "true" if the incoming browser request is over SSL).
  • You can set the "requireSSL" attribute on the configuration section within web.config files to have ASP.NET's forms-authentication system ensure that forms-authentication cookies are only set and used on SSL enabled pages and URLs. This avoids the risk of a hacker trying to intercept the authentication cookie on a non-SSL secured page, and then trying to use a "replay attack" from a different machine to impersonate a user.

因此,此设置似乎只有在网站具有 http 和 https 绑定(bind)以区分哪些特定资源需要 https 或根本不需要时才有意义。

关于ssl - IIS:HTTPS 绑定(bind)的 RequireSSL false,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37875397/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com