tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Mayr <>
Subject Re: [OT] Forward TLS connection information from AWS ELB -> httpd -> Tomcat
Date Wed, 01 Oct 2014 18:18:01 GMT
Am 01.10.2014 19:18, schrieb Christopher Schultz:
>>> What I'm mainly looking for is a way to say "the incoming
>>> connection (from ELB) is HTTP and I want to pretend that the
>>> connection is HTTPS".
>> Then the easier solution seems using ELB for SSL termination and
>> using the X-Forwarded-Proto header, passing from apache to tomcat
> Yes. Just looking for a way to say "oh, the connection is also encrypted".

If I remember correctly this needs only one line in Apache httpd to 
forward it to Tomcat

SetEnvIf X-Forwarded-Proto https HTTPS=on

mod_jk should use this information and mark it as a secure connection 
for you. Then you can require a secure connection in your webapp web.xml 
or check it in httpd with the same environment variable:

Order Deny,Allow
Deny from all
Allow from env=HTTPS

If the httpd is only a helper process to pass this information to Tomcat 
you can also use the Proxy-Valves:

Something like this should serve your purpose:

Togehter with transport-guarantee CONFIDENTIAL in your web.xml this 
would eliminate the need to configure anything on Apache httpd at all.

- Stefan

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message