Scott, We don't really have a good reason for turning it off. Here were some of the reasons:
- The initial thought was secure connections between web and application servers was not necessary as these are behind the firewall. - We also thought we might be improving performance by not encrypting requests between servers, but we never verified these benefits. - We also use mod_jk and it communicates insecurely using is own AJP protocol. Is your recommendation to turn on security and have mod_proxy communicate directly to port 8443? Brett On Thu, Mar 4, 2010 at 11:00 AM, Scott Gray <[email protected]>wrote: > On 4/03/2010, at 10:50 AM, Brett Palmer wrote: > > > We use Apache web servers to communicate with our OFBiz servers using a > > combination of mod_jk and mod_proxy. For our mod_proxy configuration, we > > forward secure requests (https) from Apache to a non-secure port (8080) > on > > Tomcat/OFBiz. > > > > > Hi Brett > > Why do you transfer from https to http? If you stopped doing that wouldn't > all your problems go away? > > Regards > Scott
