tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: ssl on tomcat
Date Thu, 05 Dec 2013 12:00:18 GMT
Please do not top-post.
It is annoying when someone is trying to figure out what you are talking about.

Randeep wrote:
> Chris,
> Yes. I have so many http links as  some of our old submitted apps used non
> secured http links. as the apps are in use we cannot change it. I cannot
> use any redirect rules to convert all the http to https because of that.
> 

Well then, basically, you are doomed.
The basic problem is that these old apps are very badly written, if they use absolute URLs

to point to things on the same site.

The only real good way to do this, is to modify these apps and pages, to use relative 
links.  Maybe you could do that with some automated script ?

s#http://myserver.com/(.*)$#/$1#g

Otherwise, you are going to be applying patches over patches over redirects over rewrites

all over the place, and there will always be something not working, and it will be a 
maintenance nightmare.

What you have to think about it this :
- If *the browser* gets a html page containing a link that starts with "http://", then 
*the browser* is going  to establish a HTTP (non-secure) connection with the server, and 
send that request through this connection.
- If *the browser* gets a html page containing a link that starts with "https://", then 
*the browser* is going  to establish a HTTPS (secure) connection with the server, and pass

that request through this connection.

There is nothing that the server can do, to magically change a HTTP to a HTTPS connection.
(At best, the server could send back a "redirect" response).

So if your pages, server-side, originally contain links that start with "http://", you 
have to change those links, *inside of the pages*, before you send them to the browser.
Otherwise there is little that you can do on the server side.

You can theoretically achieve this, on the server side, with a filter which examines all 
the outgoing pages and replaces the links in them before they go out to the browser, but 
as you can imagine this is very inefficient, and prone to errors.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message