Aggarwal, Ajay wrote:
> Thanks to all who have given different suggestions.
>
> Binding HTTP (port 80) to 127.0.0.1 and HTTPS (port 443) to external/public IP will not
work for me. My situation is slightly more complicated.
Now why did I guess that already ?
Probably the experience of customer-written specifications.
:-)
For external clients, I want to enforce SSL only on part of my application (certain URLs)
not all.
>
> I will look into URL Rewrite as suggested by Nicholas.
>
And when you really take into account all aspects of the requirements (authentication for
the externals ?), you may still want to have a second look at the 2 <Host> possibilities.
Mixing SSL and non-SSL parts within the same application is - in my humble view - a recipe
for a lot of complications and user inconvenience.
(Such as : some browsers will pop up a message to the user, when switching from HTTP to
HTTPS and vice-versa)
Q: if a part of it, for some category of users, has to go through HTTPS, then what stops
you from making it all HTTPS for everyone, internal and external ?
Q: what about a simple front-end proxy, which would take care of the HTTPS part for the
externals, and connect internally to Tomcat over standard HTTP ?
The internals can go around the proxy and access the application directly via HTTP.
A minimal Apache httpd, running on the same box, would do that easily.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|