As far as SSL goes, the SSL encryption will be in place from the client to apache, but not from apache to tomcat. This is ok because apache and tomcat are both in the same trusted subnet (in fact, on the same machine). If that weren't the case, you could alter the rewrite rule on the SSL vhost to send requests to tomcat's ssl connector, thereby encrypting all connections.
-Josh
Joshua -
Are tomcat and apache running on the same server? If so, it appears from what you have here that they are on the same port...so...what am I missing?
Also, how do you handle .jsps and .dos that need to be handled by Tomcat securely (using SSL). This seems to pass them all off to the non-secure version. Would it just be a more complex RewriteRule that tests for https vs. http?
Thanks, Matt
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
