tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fletcher Cocquyt" <fcocq...@stanford.edu>
Subject FIXED: Tomcat returning absolute http:// URL behind SSL Proxy instead of keeping https://
Date Thu, 08 Apr 2004 19:29:20 GMT
Turns out the BigIP SSL proxies have a 
 

Rewrite Redirects
If you want to configure rewrite redirects, you can specify whether the
proxy should rewrite only those URIs matching the URI originally
requested by the client (minus the trailing slash), or all URIs. If you
select All from the list, the the proxy always rewrites URIs as if they
matched the originally requested URIs.
 
Feature - I turned this on for the SSL Proxy and it works as advertised 
 
Thanks,
 
Fletcher Cocquyt
Senior Systems Administrator
fcocquyt@stanford.edu
 
 
-----Original Message-----
From: Fletcher Cocquyt [mailto:fcocquyt@stanford.edu] 
Sent: Thursday, April 08, 2004 8:44 AM
To: 'Tomcat Users List'
Subject: RE: Tomcat returning absolute http:// URL behind SSL Proxy
instead of keeping https://
 
Actually I don't care what the Apache<==>Tomcat connector is talking.
 
I want to avoid the URL being rewritten as http when the original
request came in from the users browser as https:// - this is happening
when the JkMount is made.
 
I believe the relevant doc says:
"the servlet container must convert the relative URL to an absolute URL"
How to make it always return https for this app??
 
sendRedirect
public void sendRedirect(java.lang.String location)
                  throws java.io.IOException
Sends a temporary redirect response to the client using the specified
redirect location URL. This method can accept relative URLs; the servlet
container must convert the relative URL to an absolute URL before
sending the response to the client. If the location is relative without
a leading '/' the container interprets it as relative to the current
request URI. If the location is relative with a leading '/' the
container interprets it as relative to the servlet container root.
 
 
Fletcher Cocquyt
Senior Systems Administrator
fcocquyt@stanford.edu
 
 
-----Original Message-----
From: Yansheng Lin [mailto:yansheng.lin@silvacom.com] 
Sent: Thursday, April 08, 2004 7:53 AM
To: 'Tomcat Users List'
Subject: RE: Tomcat returning absolute http:// URL behind SSL Proxy
instead of keeping https://
 
hi, for tomcat to accept https protocal, you need to define a SSL
connector.
take a look in your server.xml to see if the SSL connector was commented
out.
and the scheme attribute defaults to "https".  
 
Hope this helps:).
 
-Yan
 
-----Original Message-----
From: Fletcher Cocquyt [mailto:fcocquyt@stanford.edu] 
Sent: Wednesday, April 07, 2004 7:51 PM
To: tomcat-user@jakarta.apache.org
Subject: Tomcat returning absolute http:// URL behind SSL Proxy instead
of
keeping https://
 
 
Hi,
We have the classic 3 tiered webapp architecture with BigIP
loadbalancers acting as SSL Proxies - such that requests for the webapp:
 
https://server/jkmount/
 
1)       Come into the BigIP - the BigIP Proxies the HTTPS and sends the
same request to the Apache servers on port 80
2)       Apache sees the URI with a matching jkmount and sends the
request to the Tomcat worker
3)       PROBLEM: tomcat constructs the absolute URL to return based on
the assumption its port 80 and returns the insecure
http://server/jkmount/index.jsp
 
Found some relevant docs here:
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/proxy-howto.html
 
But its unclear how to get tomcat to keep the https:// instead of
returning the absolute http:// 
 
Apache 2.0.48
Tomcat 4.1.30
 
Thanks for any tips!
 
Fletcher Cocquyt
Senior Systems Administrator
fcocquyt@stanford.edu
 
 
 
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
 
 
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message