[EMAIL PROTECTED] wrote:
Yes, I do it!Is it possible to automatically redirect any http request to https in an Apache + Tomcat environment? For example, If I enter http://my.domain.com/mycontext <http://my.domain.com/mycontext> , I would be automatically redirected to https://my.domain.com/mycontext?
What needs to be remembered is that since you are doing the SSL bit in Apache, you don't use the 'transport guarantee' thang in Tomcat (which is how Tomcat 'knows' it has to switch to HTTPS). SO, on my site, I have an unprotected home page .../drs/home with a link to the protected home page .../drs/private/home. Along the way, Tomcat authenticates the user via my login form .../drs/login. The login form (and every subsequent page of course) needs to be SSL-encrypted.
So, here's how I do this in httpd.conf...
<VirtualHost macx.ei.jrc.it>
ServerName macx.ei.jrc.it
#################### <hostname>:/drs ####################
# Redirect Tomcat's http:.../login request to https:.../login
#
Redirect /drs/login https://macx.ei.jrc.it/drs/login
Redirect /drs/private/home https://macx.ei.jrc.it/drs/private/home
# Static files
Alias /drs "/usr/local/tomcat/webapps/drs"
<Directory "/usr/local/tomcat/webapps/drs">
Options Indexes FollowSymLinks
DirectoryIndex web/index.html
</Directory>
# Deny direct access to WEB-INF and META-INF
#
<Location "/drs/WEB-INF/*">
AllowOverride None
deny from all
</Location>
<Location "/drs/META-INF/*">
AllowOverride None
deny from all
</Location>
JkMount /drs/home ajp13
JkMount /drs/auth_error ajp13
JkMount /drs/login_error ajp13
</VirtualHost>
<VirtualHost macx.ei.jrc.it:443>
# General setup for the virtual host
DocumentRoot "/usr/local/apache2/htdocs"
ServerName macx.ei.jrc.it:443
ServerAdmin [EMAIL PROTECTED]
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/macx.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.crt/macx-private.key
<Files ~ "/drs/login">
SSLOptions +StdEnvVars
</Files>
<Directory "/drs/private">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
#################### macx.ei.jrc.it/drs ####################
# Static files
Alias /drs "/usr/local/tomcat/webapps/drs"
<Directory "/usr/local/tomcat/webapps/drs">
Options Indexes FollowSymLinks
DirectoryIndex /web/index.html
</Directory>
# Deny direct access to WEB-INF and META-INF
#
<Location "/drs/WEB-INF/*">
AllowOverride None
deny from all
</Location>
<Location "/drs/META-INF/*">
AllowOverride None
deny from all
</Location>
JkMount /drs/j_security_check ajp13
JkMount /drs/private/* ajp13
JkMount /drs/auth_error ajp13
JkMount /drs/login ajp13
</VirtualHost>
HTH
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
