The choice between this and setting the SSLRequireSSL directive in the
apache config depends on what you want the client browser to see. if you
use the directive approach, an http request will see the forbidden response
code. If you allow the request to invoke the servlet, you must decide in
your code how to response. You would be able to send a custom-formatted
response, for example.
Finally, you can use mod_rewrite to redirect an http request back to the
server with the scheme changed to https. This is probably the most
user-friendly approach.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Ed Yu
> Sent: Tuesday, May 23, 2000 8:50 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: restrict access to a servlet
>
>
> Yes, you can use req.getScheme() to determine if the request is http or
> https.
>
> > -----Original Message-----
> > From: Yu, Leo [SMTP:[EMAIL PROTECTED]]
> > Sent: Monday, May 22, 2000 7:33 PM
> > To: '[EMAIL PROTECTED]'
> > Subject: restrict access to a servlet
> >
> >
> >
> > Hi,
> > Is there a way I can restrict access to a servlet unless it is an
> > https request ? I am able to incoprate mod-ssl into apache.
> >
> > Thanks!
> > Leo
> >
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
