You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Stephen Bacon <sb...@aod.cx> on 2001/11/05 22:35:42 UTC
How to prevent non-ssl access to an app?
Hello,
I have just installed RedHat Linux 7.1 with Apache (v 1.3.19 r5) and
Tomcat (v 3.2.3 r1)
I have enabled SSL and installed certificates and it's all working fine.
However!
my jsp app can be reached via both http://blah_blah_blah and
https://blah_blah_blah (i.e. encrypted and non-encrypted)
I would like to restrict it to only being served via SSL.
I cannot figure out how to do this, so any guidance would be appreciated.
thanks,
-Steve Bacon
the only change I've made to my server.xml is the addition of (at the
bottom of the <ContextManager> section):
<Context path="/stbapp"
docBase="webapps/stbapp"
debug="0"
reloadable="true" >
</Context>
my web.xml is similarly basic:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
<web-app>
<display-name>stbapp</display-name>
<description>
stbapp
</description>
</web-app>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>