I am now using apache web server with SSL already setup. that means I can connect to HTTP server using SSL: https://10.0.0.105:443/ or I can connect to HTTP server w/o SSL http://10.0.0.105:80 I can make a request to servlet using SSL: https://10.0.0.105:443/admin/servlet/com.app.Admin or I can make request to servelt w/o SSL http://10.0.0.105/admin/servlet/com.app.Admin Will I get a secure connection between servlet & web browser if I - block all port that can access servlet engine(e.g. tomcat) from internet (e.g. 80, 8080) except SSL port 443. - now web browser to apache web server connection is secure. - apache server to tomcat is not secure but only apache can access tomcat, then it means tomcat(servlet) is secure too?? If the above way is secure. how can I block access to servlet through port 80? or block access to a sepecific web application through port 80? which means access is only granted through SSL port 443. (in tomcat for example) Since i need to send private info up from web browser to servlet and make sure no one spy it. ( user/password for example ) thanks. __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
