httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Manni Wood" <mw...@digitas.com>
Subject RE: Invitation to HTTPD commiters in tomcat-dev
Date Tue, 20 Jul 2004 15:50:55 GMT
> > Anyway, for business sites, any servlet being able to know if the
> > original connection was secure or not is a total deal-breaker on
whether
> > or not to use a particular technology (in this case, Apache/Tomcat)
to
> > host a web site.

> Could you develop ?

AJP already does this, so it's already been developed. I just want to
ensure this functionality is preserved in the new connector you are
working on.

But if you are inviting me to develop this for the new connector, I'm
flattered! But I don't believe I have to technical expertise to do so. I
assume this sort of stuff requires knowledge of C/Unix socket
programming, which I've never done much of. Sadly, I know how to develop
database-backed interactive websites for businesses, but I don't know
how to develop truly sophisticated browser plugins.

-Manni


-----Original Message-----
From: Henri Gomez [mailto:hgomez@apache.org] 
Sent: Tuesday, July 20, 2004 11:36 AM
To: dev@httpd.apache.org
Subject: Re: Invitation to HTTPD commiters in tomcat-dev

Manni Wood wrote:

> One of the things I thought AJP did that HTTP proxying to Tomcat could
> not (but correct me here if I'm wrong) is let the servelt container
know
> whether or not the connection is HTTP vs. HTTPS. This sort of
> information needs to get passed back to the servlet container to
satisfy
> the servlet specification.

Of course HTTPS and SSL infos are forwarded from Apache to Tomcat.

> Typcially, in an Apache/Tomcat configuration, Apache deals with all of
> the https connections (because it's better at it), and requests for
> servlet/JSP stuff are passed back to Tomcat, with information on
whether
> or not the connection Apache has with the browser is HTTP or HTTPS.

Exact, so Tomcat avoid crypto works workload.

> Anyway, for business sites, any servlet being able to know if the
> original connection was secure or not is a total deal-breaker on
whether
> or not to use a particular technology (in this case, Apache/Tomcat) to
> host a web site.

Could you develop ?



Mime
View raw message