Thorsten Scherler schrieb: > On Tue, 2007-06-26 at 15:31 +0200, Andreas Hartmann wrote: >> Andreas Hartmann schrieb: >>> Thorsten Scherler schrieb: >>>> On Tue, 2007-06-26 at 12:13 +0200, Andreas Hartmann wrote: >>> [...] >>> >>>>> To avoid this, we'd have to use a global SSL proxy URL for the CSS and >>>>> image URLs. IMO we should use the SSL variants of all outgoing links >>>>> on an SSL-encrypted page by default. >>>>> >>>>> WDYT? >>>> this.ssl = _request.isSecure(); >>>> >>>> You mean something like this in the setup method of the >>>> proxyTransformer? >>> Yes, exactly. I'm not quite sure if this works reliably with SSL >>> offloading, but we'll find out. >> When the SSL is handled by Apache, request.isSecure() returns false. > > Did you try with > request.getScheme();
Yes, it always returns "http". Tomcat has no chance to find out what kind of request Apache served. > That should return http | https. > > I think if it is working that is better then have a dependency on > mod_jk. What's wrong with mod_jk? AFAIK it is the recommended connector anyway, at least until mod_proxy_ajp is generally accepted (http://www.mail-archive.com/[EMAIL PROTECTED]/msg32372.html). -- Andreas > > salu2 > >> One could try to use an SSL connector in Tomcat, but then the SSL >> encryption CPU processing coulnd't be offloaded in a clustered >> environment. >> >> A workaround might be to use different hostnames (localhost/127.0.0.1) >> in the RewriteRule statements and check for these in the >> ProxyTransformer, but that would be my last choice. >> >> Any ideas? Maybe mod_jk would offer more options? >> >> -- Andreas >> -- Andreas Hartmann, CTO BeCompany GmbH http://www.becompany.ch --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
