> All seems to work fine, but there's a hole. If I go to http://qa-wap1, I > am properly redirected to https://qa-wap1. As I login, follow links, > etc., I stay on the secure URL. However, if get into a secure URL... say > https://qa-wap1/submitProfile.jsp and change the URL in my browser to > http://qa-wap1:80/submitProfile.jsp and refresh the browser, the entire > page (content and images, both) reloads and looks perfect. The obvious > problem is that I just circumvented the secure URL concept. There's a > hole somewhere that I haven't been able to plug. This occurs with > multiple browsers.
I think I see where the hiccup is. > LoadModule jk2_module modules/mod_jk2.so > AddModule mod_jk2.c If this is at the bottom of your httpd.conf, if effectively appends the AddModule for mod_jk2.c to the bottom of the AddModule list. If you haven't rearranged the other AddModules, that means that mod_jk2 gets a chance to handle the request before mod_rewrite does. You want mod rewrite to get it first. (AddModule works like a stack, the _last_ one added gets the request _first_. So, the AddModule for mod_jk2 should appear *before* the AddModule for mod_rewrite). mod_rewrite will get a chance to handle http://qa-wap1/, because none of your jk2.properties because none of the [uri:] blocks in your jk2.properties match it. Finally, When moving the AddModule, don't forget to move the corresponding LoadModule directive. -- Steve --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]