I am hoping that one of you might be able to point me in the right direction. I have several IIS based web sites that are using SSL certificates. For the most part these sites only have a folder or two that need to be forced into SSL, which I can do with the server. Where my problem is coming in is that end users are able to use SSL over the ENTIRE site simply by adding HTTPS to the URL. It doesn't appear that I can stop this behavior with IIS.
With Apache web servers the answer was simple, we just rewrite their URLS back to HTTP on any folder that doesn't need to be encrypted. Since we don't have that option on IIS, I would like to do it with the CSS if possible.
Only possible if you terminate SSL on the CSS.
This is the only way for the CSS to see the url and decide if it should be sent to port 80 or port 443.