You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Stephen Bacon <sb...@aod.cx> on 2001/11/05 22:35:42 UTC

How to prevent non-ssl access to an app?

Hello,
   I have just installed RedHat Linux 7.1 with Apache (v 1.3.19 r5) and 
Tomcat (v 3.2.3 r1)
I have enabled SSL and installed certificates and it's all working fine.
However!
my jsp app can be reached via both http://blah_blah_blah and 
https://blah_blah_blah (i.e. encrypted and non-encrypted)
I would like to restrict it to only being served via SSL.
I cannot figure out how to do this, so any guidance would be appreciated.
thanks,
   -Steve Bacon

the only change I've made to my server.xml is the addition of (at the 
bottom of the <ContextManager> section):

         <Context path="/stbapp"
                  docBase="webapps/stbapp"
                  debug="0"
                  reloadable="true" >
         </Context>



my web.xml is similarly basic:

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
     "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">

<web-app>
   <display-name>stbapp</display-name>
   <description>
     stbapp
   </description>
</web-app>


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>