Hi Chris, One question / doubt:
As I mentioned earlier, the below URLS already working in the browser > https://server.lbg.com:8443/towl > https://example.lbg.com:8443/towl -> redirect ( which means when I hit in browser) it points to https://server.lbg.com:8443/towl ---> To be frank, even I donot need redirect here, not sure why it redirects. My question is why its working even though SAN is not registered with the certificate ? It doesnot even throw warning in the browser. Why https://server.lbg.com/towl or https://example.lbg.com/towl --> How it should work with New SAN certificate ? Thanks, Lavanya On Thu, Apr 25, 2024 at 10:16 AM lavanya tech <lavanyatech...@gmail.com> wrote: > Hi Chris, > > > Thanks I will request new certificate with SANs and I will try to fix the > things from our end. > > Best Regards, > Lavanya > > On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> Lavanya, >> >> On 4/24/24 15:39, lavanya tech wrote: >> > Local host means the machine i am logged in to server.lbg.com >> > >> > You are right, example.lbg.com is CNAME record. >> >> Okay, thanks for clearing that up. >> >> > I dont have any SAN configured for the certificate. The certificate is >> > requested for only server.lbg.com >> >> You will never be able to make a secure request to anything other than >> server.lbg.com without seeing an error. I highly recommend adding the >> other hostname as a SAN to your certificate if you really want to >> support this. >> >> Even if you wanted https://example.lbg.com/whatever to return an HTTP >> 302 redirect to https://server.lbg.com/whatever, the user would see a >> certificate hostname mismatch error which is ugly. It's best to make it >> work without users seeing ugly things. >> >> > So if i just request new certificate with SAN it should work ? If yes, I >> > will request for it and follow your steps as below suggested. >> >> Yes, it should. >> >> > Should i use CName record or DNS? Does it make difference? >> >> CNAME *is* DNS. >> >> Whenever possible, use hostnames and not IP addresses as SANs. It's more >> flexible that way, and users get to see hostnames instead of IP addresses. >> >> -chris >> >> > On Wednesday, April 24, 2024, Christopher Schultz < >> > ch...@christopherschultz.net> wrote: >> > >> >> Lavanya, >> >> >> >> On 4/24/24 07:37, lavanya tech wrote: >> >> >> >>> Sorry I understood wrongly here with regards to my environment, Let me >> >>> start from the beginning. I donot want to use redirect at all. I >> simply >> >>> wanted to force apache tomcat to use both localhost and dns name of >> the >> >>> localhost via url. >> >>> >> >> >> >> When you say "force" what do you mean? >> >> >> >> When you say "use both localhost and DNS name" what do you mean? >> >> >> >> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm >> >> logged-into right now"? >> >> >> >> I have DNS resollution as below. >> >>> >> >>> server.lbg.com --> localhost >> >>> >> >> >> >> Is that a CNAME record? >> >> >> >> nslookup server.lbg.com (localhost) >> >>> Name: server.lbg.com >> >>> Address: 192.168.100.20 >> >>> alias: example.lbg.com >> >>> >> >> >> >> That's a weird DNS response. The DNS name "localhost" should *always* >> >> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return >> >> 191.168.100.20. >> >> >> >> We have working the below urls working: >> >>> https://server.lbg.com:8443/towl >> >>> https://example.lbg.com:8443/towl --> redirects to >> >>> >> >> >> >> What do you mean "redirect"? Does it return a 30x response that causes >> the >> >> browser to make a new request to \/ >> >> >> >> https://server.lbg.com:8443/towl --> still works --> we have SSL >> >>> configured for the same but this SSL certificate doesnot have >> additional >> >>> DNS setup. >> >>> >> >> >> >> What SANs are in your certificate? How many certificates do you have? >> >> >> >> But I would need to somehow access https://example.lbg.com --> which >> >>> means >> >>> I would need to access via 443 here ? >> >>> >> >> >> >> I'm so confused. What needs to access what? >> >> >> >> I tried to adding the below to server.xml as below, but that doesnot >> seems >> >>> to work. >> >>> >> >>> <Connector port="80" >> >>> protocol="org.apache.coyote.http11.Http11NioProtocol" >> >>> connectionTimeout="20000" >> >>> redirectPort="443" /> >> >>> >> >> >> >> This will only redirect (HTTP 302) requests to >> http://yourhost/anything >> >> to https://yourhost/anything *if the application specifically requests >> >> CONFIDENTIAL transport*. It doesn't just redirect everything by >> default. If >> >> you want it to redirect everything, you'll need to set that up e.g. >> using >> >> RewriteValve. There are other options, too. >> >> >> >> Do i need additional SSL certificate for the https://example.lbg.com >> to >> >>> make it work ? >> >>> >> >> >> >> If you don't want your browser to complain, you will need at least one >> TLS >> >> certificate that contains every Subject Alternative Name (SAN) for >> every >> >> possible hostname you expect to use with this service. You ca do it >> with >> >> multiple certificates as well, but a single cert with multiple SANs is >> less >> >> work. >> >> >> >> Do i need to set up an additional web server for this like apache or >> nginx >> >>> for redirecting requests? >> >>> >> >> >> >> No. >> >> >> >> Please stop saying "redirect" because it sounds like you almost never >> mean >> >> "HTTP 30x redirect" and that's confusing everything. >> >> >> >> I *think* you only need the following: >> >> >> >> 1. A TLS certificate with the following SANs: >> >> >> >> * server.lbg.com >> >> * example.lbg.com >> >> * localhost (you shouldn't do this) >> >> >> >> 2. DNS configured for all hostnames: >> >> >> >> * server.lbg.com -> A 192.168.100.20 >> >> * example.lgb.com -> A 192.168.100.20 >> >> >> >> 3. Tomcat configured with a single <Host> which is the default virtual >> >> host. Note that this is the *default Tomcat configuration* and doesn't >> need >> >> to be changed from the default. >> >> >> >> 4. Tomcat configured with your certificate like this: >> >> >> >> <Connector ... >> >> SSLEnabled="true"> >> >> <SSLHostConfig> >> >> <Certificate >> >> certificateFile="/path/to/your/cert.crt" >> >> certificateKeyFile="/path/to/your/key.pem" /> >> >> <!-- You may need certificateKeyPassword in <Certificate> --> >> >> </SSLHostConfig> >> >> </Connector> >> >> >> >> If your SANs are configured properly, this should allow you to connect >> >> using any of these URLs: >> >> >> >> $ curl https://server.lbg.com/towl/login.jsp >> >> >> >> (returns login page) >> >> >> >> $ curl https://example.lbg.com/towl/login.jsp >> >> >> >> (returns login page) >> >> >> >> If your application's web.xml contains something like this: >> >> >> >> <security-constraint> >> >> <web-resource-collection> >> >> <web-resource-name>theapp</web-resource-name> >> >> <url-pattern>/*</url-pattern> >> >> </web-resource-collection> >> >> <user-data-constraint> >> >> <transport-guarantee>CONFIDENTIAL</transport-guarantee> >> >> </user-data-constraint> >> >> </security-constraint> >> >> >> >> ... then these URLs insecure HTTP URLs should redirect your clients: >> >> >> >> $ curl http://server.lbg.com/towl/login.jsp >> >> >> >> (returns HTTP 302 redirect to https://server.lbg.com/towl/login.jsp >> ) >> >> >> >> $ curl https://server.lbg.com/towl/login.jsp >> >> >> >> (returns HTTP 302 redirect to >> https://example.lbg.com/towl/login.jsp) >> >> >> >> I don't think you need any use of the RewriteValve unless you want to >> >> handle sending HTTP 302 redirect responses to insecure requests without >> >> specifying the CONFIDENTIAL transport-guarantee in your application's >> >> web.xml file. But I don't see any reason NOT to have that in there. >> >> >> >> -chris >> >> >> >> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz < >> >>> ch...@christopherschultz.net> wrote: >> >>> >> >>> Lavanya, >> >>>> >> >>>> On 4/22/24 05:21, lavanya tech wrote: >> >>>> >> >>>>> Could you please explain, what you exactly mean ? So here redirect >> is >> >>>>> >> >>>> not a >> >>>> >> >>>>> solution right ? >> >>>>> >> >>>> >> >>>> Redirecting is fine. >> >>>> >> >>>> Perhaps you should take a step back and decide: what do you actually >> >>>> want, here? You might be trying to solve problem X by applying >> solution >> >>>> Y, and you've already decided that solution Y is correct so you are >> >>>> trying to get help with that. >> >>>> >> >>>> Perhaps ask for help with Problem X? >> >>>> >> >>>> For example, "I don't want users to have to type the name of my >> >>>> application to reach it so I want example.com/ to go to my >> application >> >>>> instead of example.com/myapp/". >> >>>> >> >>>> Or, "I have multiple domains and I want all of them to redirect to >> the >> >>>> canonical domain example.com and to go to me web application /myapp >> so >> >>>> everything goes to example.com/myapp/". >> >>>> >> >>>> "You'd have to use a glob/regex if >> >>>>> you wanted to check for [anything and maybe nothing.]example.com." >> >>>>> >> >>>> >> >>>> There is nothing in your configuration or question that suggests that >> >>>> the hostname in the request is relevant, but you are making it a >> >>>> *requirement* that the request contains a specific Host header. IF >> you >> >>>> don't actually need that, why do you have it? >> >>>> >> >>>> -chris >> >>>> >> >>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz < >> >>>>> ch...@christopherschultz.net> wrote: >> >>>>> >> >>>>> Ammu, >> >>>>>> >> >>>>>> On 4/19/24 08:32, lavanya tech wrote: >> >>>>>> >> >>>>>>> Thank you very much. I removed <Host> for example.com as well as >> >>>>>>> >> >>>>>> adding >> >>>> >> >>>>> an >> >>>>>> >> >>>>>>> <Alias> in server.xml >> >>>>>>> I copied context.xml file >> >>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml >> >>>>>>> Removed < in rewrite.config files. >> >>>>>>> >> >>>>>>> But still I dont redirect the URL. >> >>>>>>> >> >>>>>> >> >>>>>> If you have <Context> in server.xml and also your application in >> the >> >>>>>> webapps/ directory, then you will be double-deploying your >> application. >> >>>>>> >> >>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be >> >>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are >> >>>>>> important) >> >>>>>> and remove the <Context> element from your server.xml. >> >>>>>> >> >>>>>> Then start your server and read the logs. >> >>>>>> >> >>>>>> *nslookup alias.example.com <http://alias.example.com> >> >>>>>>> gives-->Non-authoritative answer:Name: www.example.com >> >>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases: >> >>>>>>> >> >>>>>> alias.example.com >> >>>>>> >> >>>>>>> <http://alias.example.com>* >> >>>>>>> >> >>>>>>> >> >>>>>>> Just to give some information here, *www.example.com >> >>>>>>> <http://www.example.com>* has alias* "alias.example.com >> >>>>>>> <http://alias.example.com>"* >> >>>>>>> But https://www.example.com:7777/example --> works fine with out >> >>>>>>> >> >>>>>> issues >> >>>> >> >>>>> but >> >>>>>> >> >>>>>>> the alias doesnot works (https://alias.example.com) >> >>>>>>> So i am not sure if the redirect url helps or if its correct >> >>>>>>> >> >>>>>> >> >>>>>> Your rewrite configuration says that you have to be using host >> >>>>>> "example.com" but your request goes to www.example.com. Your >> >>>>>> configuration should only redirect a request such as: >> >>>>>> >> >>>>>> $ curl -v http://example.com:7777/something >> >>>>>> >> >>>>>> HTTP/1.1 301 Moved Permanently >> >>>>>> ... >> >>>>>> Location: https://www.example.com:7777/example >> >>>>>> >> >>>>>> If you make a request like: >> >>>>>> >> >>>>>> $ curl -v http://www.example.com:7777/something >> >>>>>> >> >>>>>> I wouldn't expect a redirect because of your "host" condition. The >> >>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header and not >> >>>>>> just >> >>>>>> anything that ends in "example.com". You'd have to use a >> glob/regex if >> >>>>>> you wanted to check for [anything and maybe nothing.]example.com. >> >>>>>> >> >>>>>> You'd also have to make sure that your application is serving >> responses >> >>>>>> to requests to / which is why I'm recommending you use the ROOT web >> >>>>>> application name instead of "towl". >> >>>>>> >> >>>>>> -chris >> >>>>>> >> >>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz < >> >>>>>>> ch...@christopherschultz.net> wrote: >> >>>>>>> >> >>>>>>> Ammu, >> >>>>>>>> >> >>>>>>>> On 4/18/24 09:34, lavanya tech wrote: >> >>>>>>>> >> >>>>>>>>> I am attaching server.xml and context.xml and rewrite.config >> files. >> >>>>>>>>> The paths are >> >>>>>>>>> >> >>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml >> >>>>>>>>> <Context> >> >>>>>>>>> <Valve >> >>>>>>>>> >> >>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve" >> >>>>>> >> >>>>>>> /> >> >>>>>>>> >> >>>>>>>>> <!-- Other context configuration --> >> >>>>>>>>> </Context> >> >>>>>>>>> >> >>>>>>>> >> >>>>>>>> This file ^^^ is in the wrong place. It should be in >> >>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml >> >>>>>>>> >> >>>>>>>> >> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config >> >>>>>>>>> >> >>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC] >> >>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example >> [R=301,L] >> >>>>>>>>> >> >>>>>>>> >> >>>>>>>> Why do you have < symbols at the beginning of these lines? >> >>>>>>>> >> >>>>>>>> server.xml >> >>>>>>>>> >> >>>>>>>>> > [...] >> >>>>>>>> >> >>>>>>>>> >> >>>>>>>>> <Host name="example.com" appBase="webapps" >> >>>>>>>>> >> >>>>>>>> unpackWARs="true" >> >>>> >> >>>>> autoDeploy="true"> >> >>>>>>>>> <Context path="" docBase="towl" /> >> >>>>>>>>> >> >>>>>>>> >> >>>>>>>> It's best not to define any <Context> in server.xml. I would >> remove >> >>>>>>>> >> >>>>>>> this >> >>>> >> >>>>> <Context> entirely and allow Tomcat to auto-reploy from your >> >>>>>>>> webapps/towl directory. If you need this application to be >> deployed >> >>>>>>>> as >> >>>>>>>> the ROOT context (on / and not /towl) then you should re-name >> >>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to >> >>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT >> >>>>>>>> >> >>>>>>>> You also don't need a <Host> for example.com as well as adding >> an >> >>>>>>>> <Alias> for the same domain (though this is probably to >> anonymize the >> >>>>>>>> configuration). You can feel free to simply use the "localhost" >> >>>>>>>> <Host> >> >>>>>>>> as the default <Host> and deploy everything into it. This makes >> your >> >>>>>>>> configuration changes relative to a stock Tomcat less >> significant and >> >>>>>>>> easier to apply to new versions if/when necessary. >> >>>>>>>> >> >>>>>>>> -chris >> >>>>>>>> >> >>>>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz < >> >>>>>>>>> ch...@christopherschultz.net> wrote: >> >>>>>>>>> >> >>>>>>>>> Ammu, >> >>>>>>>>>> >> >>>>>>>>>> On 4/18/24 07:45, lavanya tech wrote: >> >>>>>>>>>> >> >>>>>>>>>>> I added classname rewrite valeus in contex.xml file . >> >>>>>>>>>>> >> >>>>>>>>>>> <!-- REWRITE VALVE --> >> >>>>>>>>>>> <Valve >> >>>>>>>>>>> >> >>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve" >> >>>>>>>> >> >>>>>>>>> /> >> >>>>>>>>>> >> >>>>>>>>>>> <!-- // --> >> >>>>>>>>>>> >> >>>>>>>>>>> created rewrite.config so both of them is located under conf >> >>>>>>>>>>> under >> >>>>>>>>>>> apache-tomcat. >> >>>>>>>>>>> >> >>>>>>>>>>> >> >>>>>>>>>>> <RewriteCond %{HTTP_HOST} >> example.com >> >>>>>>>>>>> [NC] >> >>>>>>>>>>> <RewriteRule ^/(.*)$ >> >>>>>>>>>>> https://www.example.com:7777/example [R=301,L] >> >>>>>>>>>>> >> >>>>>>>>>>> So according to the documentaion they say context.xml should >> be >> >>>>>>>>>>> >> >>>>>>>>>> placed >> >>>>>> >> >>>>>>> under webapps and rewrite.config file should be put in WEB-INF >> >>>>>>>>>>> >> >>>>>>>>>> folder >> >>>> >> >>>>> of >> >>>>>>>> >> >>>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but >> still >> >>>>>>>>>>> >> >>>>>>>>>> it >> >>>> >> >>>>> doesnot redirect. >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>> Can you give full paths to both server.xml and rewrite.config, >> >>>>>>>>>> >> >>>>>>>>> re-post >> >>>> >> >>>>> your current server.xml <Context> element, and the complete contents >> >>>>>>>>>> >> >>>>>>>>> of >> >>>>>> >> >>>>>>> rewrite.config? >> >>>>>>>>>> >> >>>>>>>>>> Have you looked at the log files after start? >> >>>>>>>>>> >> >>>>>>>>>> -chris >> >>>>>>>>>> >> >>>>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech < >> >>>>>>>>>>> >> >>>>>>>>>> lavanyatech...@gmail.com >> >>>>>> >> >>>>>>> >> >>>>>>>>> wrote: >> >>>>>>>>>>> >> >>>>>>>>>>> Hi Thomas, >> >>>>>>>>>>>> >> >>>>>>>>>>>> Thanks for the fast response. >> >>>>>>>>>>>> >> >>>>>>>>>>>> I added classname rewrite valeus in contex.xml file . >> >>>>>>>>>>>> >> >>>>>>>>>>>> <!-- REWRITE VALVE --> >> >>>>>>>>>>>> <Valve >> >>>>>>>>>>>> >> >>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve" >> >>>>>>>> >> >>>>>>>>> /> >> >>>>>>>>>> >> >>>>>>>>>>> <!-- // --> >> >>>>>>>>>>>> >> >>>>>>>>>>>> created rewrite.config so both of them is located under conf >> >>>>>>>>>>>> >> >>>>>>>>>>> under >> >>>> >> >>>>> apache-tomcat. >> >>>>>>>>>>>> >> >>>>>>>>>>>> So according to the documentaion they say context.xml should >> be >> >>>>>>>>>>>> >> >>>>>>>>>>> placed >> >>>>>> >> >>>>>>> under webapps and rewrite.config file should be put in WEB-INF >> >>>>>>>>>>>> >> >>>>>>>>>>> folder >> >>>>>> >> >>>>>>> of >> >>>>>>>> >> >>>>>>>>> apache-tomcat >> >>>>>>>>>>>> >> >>>>>>>>>>>> Thnks, >> >>>>>>>>>>>> Ammu >> >>>>>>>>>>>> >> >>>>>>>>>>>> >> >>>>>>>>>>>> >> >>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas < >> ma...@apache.org> >> >>>>>>>>>>>> >> >>>>>>>>>>> wrote: >> >>>>>> >> >>>>>>> >> >>>>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote: >> >>>>>>>>>>>>> >> >>>>>>>>>>>>>> Hi Team, >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I wanted to >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>> redirect >> >>>>>> >> >>>>>>> url >> >>>>>>>>>> >> >>>>>>>>>>> from https://example.com to https://www.servercom:7777 and >> for >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>> this i >> >>>>>>>> >> >>>>>>>>> modified the server.xml as below in tomcat config, and the below >> >>>>>>>>>>>>>> configuration doesnot seems to work. Does anyone has ideas. >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>> Please >> >>>> >> >>>>> suggest. >> >>>>>>>>>>>>> >> >>>>>>>>>>>>>> The url alone https://www.servercom:7777/ already works. >> But >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>> just >> >>>> >> >>>>> redirection from the old to one doesnot. >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true" >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>> autoDeploy="true"> >> >>>>>>>>>>>>> >> >>>>>>>>>>>>>> <Context path="" docBase="example" /> >> >>>>>>>>>>>>>> <Alias>example.com</Alias> >> >>>>>>>>>>>>>> <!-- Add RewriteValve and RewriteRule here --> >> >>>>>>>>>>>>>> <Valve >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>> >> className="org.apache.catalina.valves.rewrite.RewriteValve"/> >> >>>>>>>>>>>>> >> >>>>>>>>>>>>>> <Engine name="Catalina" defaultHost="localhost"> >> >>>>>>>>>>>>>> <Host name="example.com" appBase="app" >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>> unpackWARs="true" >> >>>>>> >> >>>>>>> autoDeploy="true"> >> >>>>>>>>>>>>>> <Context path="" docBase="example" /> >> >>>>>>>>>>>>>> <Alias>example.com</Alias> >> >>>>>>>>>>>>>> <Valve >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>> >> className="org.apache.catalina.valves.rewrite.RewriteValve"/> >> >>>>>>>>>>>>> >> >>>>>>>>>>>>>> <Engine name="Catalina" >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>> defaultHost="localhost"> >> >>>> >> >>>>> <Host name="example.com" appBase="app" >> >>>>>>>>>>>>>> unpackWARs="true" autoDeploy="true"> >> >>>>>>>>>>>>>> <Context path="" >> docBase="example" /> >> >>>>>>>>>>>>>> <Alias>example.com</Alias> >> >>>>>>>>>>>>>> <!-- Rewrite rule to redirect to >> >>>>>>>>>>>>>> www.servercom:8080/example --> >> >>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST} >> >>>>>>>>>>>>>> example\.com >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>> [NC] >> >>>>>> >> >>>>>>> <RewriteRule ^/(.*)$ >> >>>>>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L] >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>> >> >>>>>>>>>>>>> 1. That isn't valid XML. >> >>>>>>>>>>>>> >> >>>>>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest >> re-write >> >>>>>>>>>>>>> >> >>>>>>>>>>>> rules >> >>>> >> >>>>> in >> >>>>>>>> >> >>>>>>>>> a >> >>>>>>>>>> >> >>>>>>>>>>> Host element (or any other element)? >> >>>>>>>>>>>>> >> >>>>>>>>>>>>> </Host> >> >>>>>>>>>>>>>> </Engine> >> >>>>>>>>>>>>>> </Host> >> >>>>>>>>>>>>>> </Engine> >> >>>>>>>>>>>>>> </Host> >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>> >> >>>>>>>>>>>>> You need to configure the RewriteValve. >> >>>>>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html >> >>>>>>>>>>>>> >> >>>>>>>>>>>>> Mark >> >>>>>>>>>>>>> >> >>>>>>>>>>>>> >> >>>>>>>>>>>>> ------------------------------------------------------------ >> >>>>>> --------- >> >>>>>> >> >>>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> >>>>>>>>>>>>> For additional commands, e-mail: >> users-h...@tomcat.apache.org >> >>>>>>>>>>>>> >> >>>>>>>>>>>>> >> >>>>>>>>>>>>> >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>> ------------------------------------------------------------ >> >>>> --------- >> >>>> >> >>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> >>>>>>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >> >>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>> >> >>>>>>>> ------------------------------------------------------------ >> >>>>>>>> --------- >> >>>>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> >>>>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> >> >>>>>>> >> >>>>>> >> --------------------------------------------------------------------- >> >>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> >>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >> >>>>>> >> >>>>>> >> >>>>>> >> >>>>> >> >>>> --------------------------------------------------------------------- >> >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >> >>>> >> >>>> >> >>>> >> >>> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> >> >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >>