[OT] how to reject non-HTTPS instead of redirect?

[Erik Weber <er...@mindspring.com>]

Sorry for the OT but I thought I'd try here since this should be simple 
and I don't subscribe to tomcat-user.

Anyone know how to configure Tomcat (5.0) to simply reject a non-HTTPS 
request when the transport guarantee is CONFIDENTIAL, rather than to 
issue a redirect?

I can't find anything on this in the documentation. I tried removing the 
redirectPort attribute from the Connector element, and it seemed to make 
no difference. The doc says this:

|redirectPort|

If this *Connector* is supporting non-SSL requests, and a request is 
received for which a matching |<security-constraint>| requires SSL 
transport, Catalina will automatically redirect the request to the port 
number specified here.


How do I turn off this automatic redirect? I would rather issue an error 
response.

Thanks,
Erik


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org