Aggarwal, Ajay wrote:
Yes local clients are programs running on the same machine as the server and they access
my application over the localhost IP, i.e. 127.0.0.1. Whereas external clients access my
application over external interface, i.e. public IP. And yes, this machine running the
server is connected directly to the internet with an interface having a
"public" IP.
Allright then.
I'm doing a bit of guesswork here, because I have never used this myself.
And also, apart from a cryptic reference in the Connector documentation, there does not
seem to be documentation for this.
You will probably need 2 separate <Connectors>, one for HTTP and the other for
HTTPS.
You probably need to set the "useIPVHosts" attribute inside your <Connector> tags to
"true". (see http://tomcat.apache.org/tomcat-6.0-doc/config/http.html).
This may help for the next part :
http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html
but it does not talk about "IP-based" virtual hosts, only about name-based ones, so I will
continue to guess.
You will probably need to define 2 separate <Host> sections, each one with its "name"
attribute set to the respective IP address which you want it to respond to.
Each one should also have its own "appBase" pointing to a distinct "webapps"
directory.
And inside these 2 webapps directories, you will need a separate copy of your
application.
In one you will set the configuration (in WEB-INF/web.xml) to not require SSL, and in the
other to require it.
Alternatively to the above, you may find a way to achieve this by using the
URLRewriteFilter, see http://www.tuckey.org/urlrewrite/
Note : that attribute "useIPVHosts" of the Connector seems to be the only place where
IP-based V-hosts are mentioned in the online documentation.
But I found some links which may be helpful in Google when searching for :
tomcat "useIPVHosts"
-----Original Message-----
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Tuesday, December 07, 2010 2:27 PM
To: Tomcat Users List
Subject: Re: enforcing SSL only for external clients
Aggarwal, Ajay wrote:
My tomcat application (running on a linux host) has 2 types of clients.
Local clients coming on localhost (127.0.0.1)
that sounds strange, unless the clients are really programs running on the same machine as
the server.
and external clients
coming on external interfaces. I want to enforce use of SSL only for
external clients. How do I do that? If I use <security-constraint> I am
assuming it will apply to both local as well as external clients.
I think you need to describe your network setup a bit more in detail.
For example, is this machine connected directly to the Internet with an interface having a
"public" IP address, or is there something in-between ?
Draw us a picture maybe ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
