I'm confused, did you upgrade to Jetty 7, 8 or 9? Or are you still on Jetty 4? (a codebase that was retired in 2006)
It will be tough finding anyone with experience in Jetty 4. We don't even have access to the source code or old binaries of Jetty 4 anymore. -- Joakim Erdfelt <[email protected]> webtide.com <http://www.webtide.com/> Developer advice, services and support from the Jetty & CometD experts eclipse.org/jetty - cometd.org On Thu, Jun 27, 2013 at 11:30 AM, Catatonic <[email protected]>wrote: > I have a webapp built with a framework (Jacada) that uses Jetty 4 (yes, > it’s old) as the web server. It runs on Windows Server 2003. > > I have successfully enabled SSL support by setting up an SSL listener. > However, I have run into a security issue. A tester, after reaching the > site via the secure URL, changed the URL from https to http and was able to > continue working. That is, my configuration is allowing non-secured traffic > to travel over the SSL port. > > I would like to force my SSL listener to only allow secured traffic. > Here’s what I’ve tried: > > I added the following to > [web_app_home_folder]\utils\web\jetty\etc\jetty.xml: > > <Call name="addHandler"> > <Arg><New class="org.mortbay.http.handler.HTAccessHandler"> > <Set name="AccessFile">.htaccess</Set> > </New></Arg> > </Call> > > In [web_app_home_folder], I created a file named .htaccess that contains > the following: > > RewriteEngine On > RewriteCond %{HTTPS} !=on > RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] > > That did not have any effect. At this point I do not know if my changes to > jetty.xml and my .htaccess file are even being detected. > > Any ideas on what I might have missed? Is there a better way to get the > behavior I want? > > Thanks. > > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users > >
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
