I have apache 1.3+mod_ssl and mod_jk (ajp13) "fronting" a Tomcat 4.0.3 server which has a servlet protected by:
<user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> I assume that for performance reasons that it would be best if I could run no connectors other than the AJP13 one. Ideally, calls to the above servlet as http should be redirected to the equivalent https page. To that end, I have, in my server.xml: <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector className="org.apache.ajp.tomcat4.Ajp13Connector" port="8009" minProcessors="30" maxProcessors="150" acceptCount="10" debug="0" enableLookups="false" redirectPort="443" secure="false" scheme="http" address="127.0.0.1" tomcatAuthentication="true"/> however the redirect won't work (Status 500 error) unless I put in an HTTPS connector as well in server.xml (note that it doesn't have to be accessible at all, hence the 127.0.0.1 and port 8443 is blocked off so it doesn't seem to play any part in the whole deal other than to signal to Tomcat that it can handle redirects to SSL): <!-- Define an SSL HTTP/1.1 Connector on port 8443 --> <Connector className="org.apache.catalina.connector.http.HttpConnector" address="127.0.0.1" port="8443" minProcessors="5" maxProcessors="75" enableLookups="false" acceptCount="10" debug="0" scheme="https" secure="true"> <Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="false" protocol="TLS" keystorePass="foo"/> </Connector> (I tried putting in an additional ajp13 connector that mod_jk sent anything that showed up as SSL to, but that didn't work). Is this how it's supposed to work? If so, it should be documented somewhere... Thanks, Adi -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>