You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Robert D. Abernethy IV" <ab...@dynedge.com> on 2003/09/23 19:04:49 UTC
Tomcat + Apache + SSL
I have apache set up to redirect requests for a specific context to
Tomcat. I am curious if there is a way to force all requests to that
context to be redirected through SSL.
http://servername/securecontext --> https://servername/sercurecontext
http://servername/everythingelse --> http://servername/everythingelse
Is this something I set up in workers2.properties or httpd.conf? Can
anyone point me at a decent tutorial? Thanks.
Rob Abernethy
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat + Apache + SSL
Posted by Bill Barker <wb...@wilshire.com>.
Where is Tim when you need him ;-).
http://jakarta.apache.org/tomcat/faq/security.html#https
"Robert D. Abernethy IV" <ab...@dynedge.com> wrote in message
news:005901c381f4$cc52af00$2e01a8c0@neo...
> I have apache set up to redirect requests for a specific context to
> Tomcat. I am curious if there is a way to force all requests to that
> context to be redirected through SSL.
>
> http://servername/securecontext --> https://servername/sercurecontext
> http://servername/everythingelse --> http://servername/everythingelse
>
> Is this something I set up in workers2.properties or httpd.conf? Can
> anyone point me at a decent tutorial? Thanks.
>
> Rob Abernethy
Re: Tomcat + Apache + SSL
Posted by Bill Barker <wb...@wilshire.com>.
Where is Tim when you need him ;-).
http://jakarta.apache.org/tomcat/faq/security.html#https
"Robert D. Abernethy IV" <ab...@dynedge.com> wrote in message
news:005901c381f4$cc52af00$2e01a8c0@neo...
> I have apache set up to redirect requests for a specific context to
> Tomcat. I am curious if there is a way to force all requests to that
> context to be redirected through SSL.
>
> http://servername/securecontext --> https://servername/sercurecontext
> http://servername/everythingelse --> http://servername/everythingelse
>
> Is this something I set up in workers2.properties or httpd.conf? Can
> anyone point me at a decent tutorial? Thanks.
>
> Rob Abernethy
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Tomcat + Apache + SSL
Posted by "Robert D. Abernethy IV" <ab...@dynedge.com>.
I tried that with mixed results. I was able to use mod_rewrite to
redirect non-Tomcat contexts, but was unable to redirect what I wanted.
Does apache process the mod_jk stuff first? It looks like it is seeing
securecontext and passing it to Tomcat before it gets to the rewrite
rules. Here's my results using mod_rewrite (foo is a directory in the
web server root, while secure context is a Tomcat webapp).
http://servername/* -> http://servername/*
http://servername/foo -> https://servername/foo
http://servername/securecontext -> http://servername/securecontext
Rob Abernethy
-----Original Message-----
From: Sean Bruton [mailto:sbruton@neospire.net]
Sent: Tuesday, September 23, 2003 2:07 PM
To: Tomcat Users List
Subject: Re: Tomcat + Apache + SSL
You can use mod_rewrite in Apache. It's been a while but I believe
something such as this in your httpd.conf should do the trick:
RewriteEngine On
RewriteRule ^/securecontext(.*) https://servername/securecontext$1 [R]
I may be off a bit, so check the docs at:
http://httpd.apache.org/docs/mod/mod_rewrite.html
or this helpful guide:
http://www.engelschall.com/pw/apache/rewriteguide/
On Tue, 2003-09-23 at 12:04, Robert D. Abernethy IV wrote:
> I have apache set up to redirect requests for a specific context to
> Tomcat. I am curious if there is a way to force all requests to that
> context to be redirected through SSL.
>
> http://servername/securecontext --> https://servername/sercurecontext
> http://servername/everythingelse --> http://servername/everythingelse
>
> Is this something I set up in workers2.properties or httpd.conf? Can
> anyone point me at a decent tutorial? Thanks.
>
> Rob Abernethy
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
--
Sean Bruton <sb...@neospire.net>
Senior Engineer Network Services
NeoSpire, Inc. www.neospire.net
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Tomcat + Apache + SSL
Posted by "Robert D. Abernethy IV" <ab...@dynedge.com>.
I tried that with mixed results. I was able to use mod_rewrite to
redirect non-Tomcat contexts, but was unable to redirect what I wanted.
Does apache process the mod_jk stuff first? It looks like it is seeing
securecontext and passing it to Tomcat before it gets to the rewrite
rules. Here's my results using mod_rewrite (foo is a directory in the
web server root, while secure context is a Tomcat webapp).
http://servername/* -> http://servername/*
http://servername/foo -> https://servername/foo
http://servername/securecontext -> http://servername/securecontext
Rob Abernethy
-----Original Message-----
From: Sean Bruton [mailto:sbruton@neospire.net]
Sent: Tuesday, September 23, 2003 2:07 PM
To: Tomcat Users List
Subject: Re: Tomcat + Apache + SSL
You can use mod_rewrite in Apache. It's been a while but I believe
something such as this in your httpd.conf should do the trick:
RewriteEngine On
RewriteRule ^/securecontext(.*) https://servername/securecontext$1 [R]
I may be off a bit, so check the docs at:
http://httpd.apache.org/docs/mod/mod_rewrite.html
or this helpful guide:
http://www.engelschall.com/pw/apache/rewriteguide/
On Tue, 2003-09-23 at 12:04, Robert D. Abernethy IV wrote:
> I have apache set up to redirect requests for a specific context to
> Tomcat. I am curious if there is a way to force all requests to that
> context to be redirected through SSL.
>
> http://servername/securecontext --> https://servername/sercurecontext
> http://servername/everythingelse --> http://servername/everythingelse
>
> Is this something I set up in workers2.properties or httpd.conf? Can
> anyone point me at a decent tutorial? Thanks.
>
> Rob Abernethy
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
--
Sean Bruton <sb...@neospire.net>
Senior Engineer Network Services
NeoSpire, Inc. www.neospire.net
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat + Apache + SSL
Posted by Sean Bruton <sb...@neospire.net>.
You can use mod_rewrite in Apache. It's been a while but I believe
something such as this in your httpd.conf should do the trick:
RewriteEngine On
RewriteRule ^/securecontext(.*) https://servername/securecontext$1 [R]
I may be off a bit, so check the docs at:
http://httpd.apache.org/docs/mod/mod_rewrite.html
or this helpful guide:
http://www.engelschall.com/pw/apache/rewriteguide/
On Tue, 2003-09-23 at 12:04, Robert D. Abernethy IV wrote:
> I have apache set up to redirect requests for a specific context to
> Tomcat. I am curious if there is a way to force all requests to that
> context to be redirected through SSL.
>
> http://servername/securecontext --> https://servername/sercurecontext
> http://servername/everythingelse --> http://servername/everythingelse
>
> Is this something I set up in workers2.properties or httpd.conf? Can
> anyone point me at a decent tutorial? Thanks.
>
> Rob Abernethy
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
--
Sean Bruton <sb...@neospire.net>
Senior Engineer Network Services
NeoSpire, Inc. www.neospire.net
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat + Apache + SSL
Posted by Sean Bruton <sb...@neospire.net>.
You can use mod_rewrite in Apache. It's been a while but I believe
something such as this in your httpd.conf should do the trick:
RewriteEngine On
RewriteRule ^/securecontext(.*) https://servername/securecontext$1 [R]
I may be off a bit, so check the docs at:
http://httpd.apache.org/docs/mod/mod_rewrite.html
or this helpful guide:
http://www.engelschall.com/pw/apache/rewriteguide/
On Tue, 2003-09-23 at 12:04, Robert D. Abernethy IV wrote:
> I have apache set up to redirect requests for a specific context to
> Tomcat. I am curious if there is a way to force all requests to that
> context to be redirected through SSL.
>
> http://servername/securecontext --> https://servername/sercurecontext
> http://servername/everythingelse --> http://servername/everythingelse
>
> Is this something I set up in workers2.properties or httpd.conf? Can
> anyone point me at a decent tutorial? Thanks.
>
> Rob Abernethy
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
--
Sean Bruton <sb...@neospire.net>
Senior Engineer Network Services
NeoSpire, Inc. www.neospire.net