Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 75719 invoked by uid 500); 15 Oct 2001 18:01:43 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk Reply-To: tomcat-user@jakarta.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 75707 invoked from network); 15 Oct 2001 18:01:42 -0000 X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C155A3.830B8ECC" Subject: Workaround for IIS redirector + SSL problem ?? Date: Mon, 15 Oct 2001 14:02:10 -0400 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Workaround for IIS redirector + SSL problem ?? Thread-Index: AcFVo3D8tLU3OSgGSAa4yVh1rSefCg== From: "Hawkins, Keith (Keith)" To: "tomcat-user" X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N ------_=_NextPart_001_01C155A3.830B8ECC Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I received a reply to my post regarding configuring IIS redirector for use with SSL. (See below.) The reply indicates that the IIS redirector has the unfortunate side-effect of bypassing SSL security and that a patch for the problem is in the works but won't be available immediately. =20 So what are my options? Can I follow the instructions for having Tomcat perform SSL and still use the IIS redirector? Will that even work? Any suggestions are welcome. I am sure that I am not the only one who needs SSL + IIS redirector simultaneously. What are other people doing to get past this problem? Thanks, Keith ------_=_NextPart_001_01C155A3.830B8ECC Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 Received: from NJ7460AVEXP1.global.avaya.com ([198.152.6.27]) by nj7460avexu2.global.avaya.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 15 Oct 2001 10:42:07 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Received: from rhw.post.avaya.com ([198.152.7.29]) by NJ7460AVEXP1.global.avaya.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 15 Oct 2001 10:38:10 -0400 Received: from ierw.net.avaya.com by rhw.post.avaya.com (8.9.3+Sun/EMS-1.5a Solaris/Relay/POST) id KAA08346; Mon, 15 Oct 2001 10:41:37 -0400 (EDT) Received: from ierw.net.avaya.com (localhost [127.0.0.1]) by ierw.net.avaya.com (8.9.3+Sun/8.9.3) with ESMTP id KAA29406 for ; Mon, 15 Oct 2001 10:40:26 -0400 (EDT) Received: from apache.org (daedalus.apache.org [64.125.133.20]) by ierw.net.avaya.com (8.9.3+Sun/8.9.3) with SMTP id KAA29370 for ; Mon, 15 Oct 2001 10:40:25 -0400 (EDT) Received: (qmail 48854 invoked by uid 500); 15 Oct 2001 14:40:28 -0000 Return-Path: X-Mailer: Internet Mail Service (5.0.1457.3) X-OriginalArrivalTime: 15 Oct 2001 14:38:10.0217 (UTC) FILETIME=[02FD1190:01C15587] Delivered-To: mailing list tomcat-user@jakarta.apache.org Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm List-Post: X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N content-class: urn:content-classes:message Subject: RE: Configuring SSL with IIS redirector Date: Mon, 15 Oct 2001 10:38:05 -0400 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Configuring SSL with IIS redirector Thread-Index: AcFVh5Es4+6RS6YjQdGcnT8+90aHmg== List-Help: List-Unsubscribe: From: "Ignacio J. Ortega" To: Reply-To: You are facing a known problem ( at least for me :) of isapi_redirector, see , here you will get an answer to that and a possible patch.., probably will be applied shortly... but i can not assure how short will be the waiting :). I need to figure put how to detect which version of IIS is running, i can recall someones talk to me about how detect which IIS version is the filter running on..,.. Saludos , Ignacio J. Ortega > -----Mensaje original----- > De: Keith [mailto:kphawkins@avaya.com] > Enviado el: lunes 15 de octubre de 2001 16:02 > Para: tomcat-user@jakarta.apache.org > Asunto: Configuring SSL with IIS redirector >=20 >=20 > Hello, >=20 > What are the proper steps to configure SSL security on portions of > Web-context served by Tomcat via the IIS redirector? The on-line > documentation I have read doesn't address this scenario. >=20 > Here is the situation I am running into: if I create a=20 > virtual directory >=20 > under IIS and set the directory properties to require SSL and this > directory IS NOT a context that the Tomcat redirector is configured to > handle, then SSL is properly enforced. (Naturally since Tomcat is not > even in the picture here.) However, if I then edit my > uriworkermap.properties such that this directory IS a context that the > redirector will handle, then SSL is bypassed. I can access the page > without using https. It seems like the redirector grabs it=20 > before IIS > attempts to enforce the SSL requirement. >=20 > So how do I set up SSL access to portions of a context that the IIS > redirector is handling so that SSL is actually enforced? >=20 > Thanks, > Keith > kphawkins@avaya.com >=20 >=20 ------_=_NextPart_001_01C155A3.830B8ECC--