tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Restricting certain ports to certain contexts?
Date Wed, 17 Oct 2012 13:17:44 GMT
James Lampert wrote:
> We have a situation:
> 
> A Tomcat server with a number of contexts.
> 
> One of those contexts should be available unsecured on port 8080.
> 
> The others should only be available secured, on port 443.
> 
> Is there a way we can restrict 8080 to the one unsecured context?
> 

I am not specialist, but in

http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Common_Attributes

I see this :

quote
redirectPort	

If this Connector is supporting non-SSL requests, and a request is received for which a
matching <security-constraint> requires SSL transport, Catalina will automatically
redirect the request to the port number specified here.

unquote

Let's suppose that the context in question is named "no-https", located in
(catalina_base)/webapps/no-https/.
And that a request is made for "http://yourserver:8080/no-https".

Seen the above, I would imagine that if that particular context does not have a
<security-constraint> requiring SSL transport (HTTPS), the request will not be re-directed
by the Connector for port 8080, and would thus remain HTTP.

On the other hand, if a request is received directly for
"https://yourserver:443/no-https", then it would belong to some servlet filter inserted in
that webapp, to send back a redirect response to "http://yourserver:8080/no-https".

But I may imagine wrong, since I am not a specialist.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message