tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Restricting certain ports to certain contexts?
Date Wed, 17 Oct 2012 13:17:44 GMT
James Lampert wrote:
> We have a situation:
> A Tomcat server with a number of contexts.
> One of those contexts should be available unsecured on port 8080.
> The others should only be available secured, on port 443.
> Is there a way we can restrict 8080 to the one unsecured context?

I am not specialist, but in

I see this :


If this Connector is supporting non-SSL requests, and a request is received for which a
matching <security-constraint> requires SSL transport, Catalina will automatically
redirect the request to the port number specified here.


Let's suppose that the context in question is named "no-https", located in
And that a request is made for "http://yourserver:8080/no-https".

Seen the above, I would imagine that if that particular context does not have a
<security-constraint> requiring SSL transport (HTTPS), the request will not be re-directed
by the Connector for port 8080, and would thus remain HTTP.

On the other hand, if a request is received directly for
"https://yourserver:443/no-https", then it would belong to some servlet filter inserted in
that webapp, to send back a redirect response to "http://yourserver:8080/no-https".

But I may imagine wrong, since I am not a specialist.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message