Turns out the BigIP SSL proxies have a
Rewrite Redirects If you want to configure rewrite redirects, you can specify whether the proxy should rewrite only those URIs matching the URI originally requested by the client (minus the trailing slash), or all URIs. If you select All from the list, the the proxy always rewrites URIs as if they matched the originally requested URIs. Feature - I turned this on for the SSL Proxy and it works as advertised Thanks, Fletcher Cocquyt Senior Systems Administrator [EMAIL PROTECTED] -----Original Message----- From: Fletcher Cocquyt [mailto:[EMAIL PROTECTED] Sent: Thursday, April 08, 2004 8:44 AM To: 'Tomcat Users List' Subject: RE: Tomcat returning absolute http:// URL behind SSL Proxy instead of keeping https:// Actually I don't care what the Apache<==>Tomcat connector is talking. I want to avoid the URL being rewritten as http when the original request came in from the users browser as https:// - this is happening when the JkMount is made. I believe the relevant doc says: "the servlet container must convert the relative URL to an absolute URL" How to make it always return https for this app?? sendRedirect public void sendRedirect(java.lang.String location) throws java.io.IOException Sends a temporary redirect response to the client using the specified redirect location URL. This method can accept relative URLs; the servlet container must convert the relative URL to an absolute URL before sending the response to the client. If the location is relative without a leading '/' the container interprets it as relative to the current request URI. If the location is relative with a leading '/' the container interprets it as relative to the servlet container root. Fletcher Cocquyt Senior Systems Administrator [EMAIL PROTECTED] -----Original Message----- From: Yansheng Lin [mailto:[EMAIL PROTECTED] Sent: Thursday, April 08, 2004 7:53 AM To: 'Tomcat Users List' Subject: RE: Tomcat returning absolute http:// URL behind SSL Proxy instead of keeping https:// hi, for tomcat to accept https protocal, you need to define a SSL connector. take a look in your server.xml to see if the SSL connector was commented out. and the scheme attribute defaults to "https". Hope this helps:). -Yan -----Original Message----- From: Fletcher Cocquyt [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 07, 2004 7:51 PM To: [EMAIL PROTECTED] Subject: Tomcat returning absolute http:// URL behind SSL Proxy instead of keeping https:// Hi, We have the classic 3 tiered webapp architecture with BigIP loadbalancers acting as SSL Proxies - such that requests for the webapp: https://server/jkmount/ 1) Come into the BigIP - the BigIP Proxies the HTTPS and sends the same request to the Apache servers on port 80 2) Apache sees the URI with a matching jkmount and sends the request to the Tomcat worker 3) PROBLEM: tomcat constructs the absolute URL to return based on the assumption its port 80 and returns the insecure http://server/jkmount/index.jsp Found some relevant docs here: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/proxy-howto.html But its unclear how to get tomcat to keep the https:// instead of returning the absolute http:// Apache 2.0.48 Tomcat 4.1.30 Thanks for any tips! Fletcher Cocquyt Senior Systems Administrator [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
