You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Gordon Ross <G....@ccw.gov.uk> on 2004/06/12 16:30:33 UTC

Stop Tomcat over non-SSL connection with Apache2/JK2

I'm setting up a "simple" Apache 2/Tomcat4 configuration with Mod_JK2
and SSL.

Without using SSL, I got going pretty quickly with Apache 2/Tomcat
4/JK2. i.e. I could go to http://hostname/gwise/blah (where gwise was a
tomcat webapp) and that worked fine.

I then introduced SSL, and I could then go to
https://hostname/gwise/blah fine as well.

The problem, is that I do *NOT* want the webapp available over the
non-SSL connection.

In the <VirtualHost> section in Apache 2 where I defined the SSL
VirtualHost, I put a JkUriSet command, but the tomcat apps were still
available over port 80 (non-SSL) - even though there was no other
mention of tomcat elsewhere in the Apache config - or anything in
workers2.properties.

What do I need to do to only have tomcat apps available over SSL ?

I'm using Apache v2.0.49, mod_ssl v2.0.49, mod_jk2 v2.04 and tomcat
v4.1.29

Thanks,

GTG

Gordon Ross,
Network Manager/Rheolwr Rhydwaith
Countryside Council for Wales/Cyngor Cefn Gwlad Cymru

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Stop Tomcat over non-SSL connection with Apache2/JK2

Posted by Michael Echerer <me...@tngtech.com>.


Gordon Ross wrote:

> 
> The problem, is that I do *NOT* want the webapp available over the
> non-SSL connection.
> 
> In the <VirtualHost> section in Apache 2 where I defined the SSL
> VirtualHost, I put a JkUriSet command, but the tomcat apps were still
> available over port 80 (non-SSL) - even though there was no other
> mention of tomcat elsewhere in the Apache config - or anything in
> workers2.properties.
I had the same problem. Guess the virtual host support is not as good in 
connection with JkUriSet as we thought.
I also tried to put some Mappings in http vhost only, some only https 
vhost. But JkUriSet seemed to ignore that.
> 
> What do I need to do to only have tomcat apps available over SSL ?
The solution is that you explicitly deny the UriMappings in your http 
vhost as Apache will block them before mod_jk comes in.
e.g. something like
<Location ...>
Order Deny,Allow
Deny from All
</Location>

but check the Apache documentation for details.



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org