You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Gordon Ross <G....@ccw.gov.uk> on 2004/06/12 16:30:33 UTC
Stop Tomcat over non-SSL connection with Apache2/JK2
I'm setting up a "simple" Apache 2/Tomcat4 configuration with Mod_JK2
and SSL.
Without using SSL, I got going pretty quickly with Apache 2/Tomcat
4/JK2. i.e. I could go to http://hostname/gwise/blah (where gwise was a
tomcat webapp) and that worked fine.
I then introduced SSL, and I could then go to
https://hostname/gwise/blah fine as well.
The problem, is that I do *NOT* want the webapp available over the
non-SSL connection.
In the <VirtualHost> section in Apache 2 where I defined the SSL
VirtualHost, I put a JkUriSet command, but the tomcat apps were still
available over port 80 (non-SSL) - even though there was no other
mention of tomcat elsewhere in the Apache config - or anything in
workers2.properties.
What do I need to do to only have tomcat apps available over SSL ?
I'm using Apache v2.0.49, mod_ssl v2.0.49, mod_jk2 v2.04 and tomcat
v4.1.29
Thanks,
GTG
Gordon Ross,
Network Manager/Rheolwr Rhydwaith
Countryside Council for Wales/Cyngor Cefn Gwlad Cymru
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Stop Tomcat over non-SSL connection with Apache2/JK2
Posted by Michael Echerer <me...@tngtech.com>.
Gordon Ross wrote:
>
> The problem, is that I do *NOT* want the webapp available over the
> non-SSL connection.
>
> In the <VirtualHost> section in Apache 2 where I defined the SSL
> VirtualHost, I put a JkUriSet command, but the tomcat apps were still
> available over port 80 (non-SSL) - even though there was no other
> mention of tomcat elsewhere in the Apache config - or anything in
> workers2.properties.
I had the same problem. Guess the virtual host support is not as good in
connection with JkUriSet as we thought.
I also tried to put some Mappings in http vhost only, some only https
vhost. But JkUriSet seemed to ignore that.
>
> What do I need to do to only have tomcat apps available over SSL ?
The solution is that you explicitly deny the UriMappings in your http
vhost as Apache will block them before mod_jk comes in.
e.g. something like
<Location ...>
Order Deny,Allow
Deny from All
</Location>
but check the Apache documentation for details.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org