You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Joël Wijngaarde [Us Media]" <jo...@usmedia.nl> on 2003/05/06 15:07:11 UTC

Apache modjk2 : How to accept only ssl connections

Hi,

I have a working configuration with Apache 2 + SSL and mod_jk2 running
my web application. Now I want to surf the web application only over
HTTPS. What happens is that the application is available over HTTPS and
over normal HTTP.

What i tried is to force a redirect to the HTTPS website from the normal
HTTP website, but this does not seem to work. It looks like the mod_jk2
module receives all requests to the mapped URI before Apache can force a
redirect.

Anyone any suggestions on this?

Regards,

Joel



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Apache modjk2 : How to accept only ssl connections

Posted by Tim Funk <fu...@joedog.org>.

Bottom question:
http://tomcatfaq.sourceforge.net/security.html

-Tim

Joël Wijngaarde [Us Media] wrote:
> Hi,
> 
> I have a working configuration with Apache 2 + SSL and mod_jk2 running
> my web application. Now I want to surf the web application only over
> HTTPS. What happens is that the application is available over HTTPS and
> over normal HTTP.
> 
> What i tried is to force a redirect to the HTTPS website from the normal
> HTTP website, but this does not seem to work. It looks like the mod_jk2
> module receives all requests to the mapped URI before Apache can force a
> redirect.
> 
> Anyone any suggestions on this?
> 
> Regards,
> 
> Joel
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Apache modjk2 : How to accept only ssl connections

Posted by Giovanni Formenti <fo...@ariadne.it>.

If i understand ur problem, in Tomcat, u must put a <security-constraint>
element in
ur web.xml with inside the section:
  <user-data-constraint>
   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>

Giovanni

----- Original Message -----
From: "Joël Wijngaarde [Us Media]" <jo...@usmedia.nl>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Tuesday, May 06, 2003 3:07 PM
Subject: Apache modjk2 : How to accept only ssl connections


> What i tried is to force a redirect to the HTTPS website from the normal
> HTTP website, but this does not seem to work. It looks like the mod_jk2
> module receives all requests to the mapped URI before Apache can force a
> redirect.
>
> Anyone any suggestions on this?


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org