tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "A. Scott White" <>
Subject RE: Tomcat + SSL
Date Mon, 05 Jun 2000 16:45:21 GMT
Let me make sure I understand you.

> Configure Tomcat to only use the "ajpv12" protocol (in the
> server.xml file). Have Apache handle all http/https
> traffic.

This simply shuts down Tomcat's http server, right?

> In the "tomcat.conf" file (which will be read in at the end of your
> httpds.conf file) put lines similar to the following:
> ApJservMount /examples ajpv12://localhost:8007/examples

(I'm assuming "httpds.conf" was simply a typo, and not a config file that I
am unaware of. Is that right?)

This routes any Apache requests with an URL pattern of /examples to Tomcat,
regardless of the underlying protocol, right? If so, how do you allow only
https (encrypted) requests to get to Tomcat, rejecting http (plain text)
requests? Is there a mechanism for catching this at the web server level, or
must each servlet check the encryption status of the request?

As I think about this it seems more like a web server issue than a Servlet
container issue. Perhaps there is a way to tell Apache to only allow
encrypted access to a particular URL pattern. Surely this facility must
exist to protect static pages. If so, Apache could catch the request and
deny it before it as ever forwarded to Tomcat.

Does anyone know?

A. Scott White
Director of Information Systems and Product Strategy
ACS Healthcare Solutions Group

View raw message