Hi - I am new to all forms of web server configuration, so please bear with me! I am using Apache+mod_ssl and tomcat (mod_jk), with Cocoon installed under tomcat. I wish to create a username and logon page index.xml with secure transmission of data to connection.xml. After much agony, I managed to get to the stage where https://<the-host>/Cocoon/Connection/index.xml would give me a secure connection. However, http://<the-host>/Cocoon/Connection/index.xml would still work to give a non-secure connection. I added SSLRequireSSL to the <Directory> pointing to $TOMCAT-HOME/webapps/Cocoon, and included SSLOptions +StrictRequire in the SSL configuration, but to no avail. Do I need to inform tomcat of the SSL requirement, and if so how? Many thanks, Bob.