Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 13490 invoked from network); 6 Aug 2002 23:17:32 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 6 Aug 2002 23:17:32 -0000 Received: (qmail 29914 invoked by uid 97); 6 Aug 2002 23:17:56 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org Received: (qmail 29881 invoked by uid 97); 6 Aug 2002 23:17:55 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 29869 invoked by uid 98); 6 Aug 2002 23:17:55 -0000 X-Antivirus: nagoya (v4198 created Apr 24 2002) Message-ID: <20020806231730.51549.qmail@web14307.mail.yahoo.com> Date: Tue, 6 Aug 2002 16:17:30 -0700 (PDT) From: Eddie Ruvinsky Subject: Re: Problem when Apache does SSL with a JK 2 Connector (Tomcat 4.1) backend? To: Tomcat Developers List Cc: Bojan Smojver In-Reply-To: <1028674637.1180.21.camel@beast.rexursive.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Hi Bojan, Thanks for pointing me to the JK documentation. I browsed through it along with the Tomcat Workers HOW-TO doc, and found one relevant snippet in the section entitled "ajp13 Workers properties": "ajpv13 has special treatment for SSL information so that the container can implement SSL related methods such as isSecure()." What does this mean exactly? My question is that when Apache is configured to process SSL requests along with a Tomcat worker, and an HTTPS request for a servlet comes in, does it forward the request as HTTP (post-SSL work) to the Tomcat worker? If so, does it also [need to] tell the Tomcat worker that the original request used HTTPS so that Tomcat can properly set the getScheme() and isSecure() ServletRequest methods for that request? Thanks, Eddie --- Bojan Smojver wrote: > Not 100% sure I understand your question, but as far > as I know mod_jk > was written to support connections over SSL. Most > information is in > mod_jk documentation: > > http://jakarta.apache.org/tomcat/tomcat-3.3-doc/mod_jk-howto.html > > Bojan > > On Wed, 2002-08-07 at 05:04, Eddie Ruvinsky wrote: > > Hi all, > > > > I had a question about the intended behavior for > > servlets when a front-end web server proxies > Tomcat > > traffic while performing SSL processing, as > intended > > for the JK 2 Connector supplied with Tomcat 4.1. > I'm > > wondering if the web server plugin will downgrade > the > > inbound HTTPS security to HTTP when it reaches > Tomcat > > on the backend? If so, this would result in the > > getScheme() and isSecure() ServletRequest calls to > > return "http" and "false," respectively. Is this > the > > intended/proper behavior, or should Tomcat be > > "tricked" into stating "https"/"true" for the > above > > calls instead when the inbound request uses HTTPS? > > > Otherwise, can webapps that expect HTTPS requests > > break with this kind of configuration? I'm not > sure > > if this is a problem. > > > > Thanks, > > Eddie __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com -- To unsubscribe, e-mail: For additional commands, e-mail: