Hi,
I think you left somewhere in your conf-files a "localhost". I had the
same error working on Apache and Tomcat and after some searching I found
out that I forgot to modify httpd.conf in a way that my server no longer
was the localhost but had a real name.
I suggest, that you scan your conf-files for the string "localhost" .
That must be the cause for the error.
Cheers,
Nick
Steve Baker wrote:
> ------------------------------------------------------------------
> It appears that much of the code from my first post got wiped out.
> Trying the message again here a second time. Thanks. -SB
> ------------------------------------------------------------------
>
> Have any of you experienced Tomcat changing the *domain name* of the
> request to "localhost" when you're trying to automatically redirect from
> HTTP to HTTPS? We know that it's supposed to change the protocol and the
> port, but the domain as well?
>
> Here's the situation:
> I have a directory ("db") on my site (for the sake of this email,
> "www.mysite.com") that I want to protect using SSL. Additionally, I
> need any wayward HTTP requests to this directory to be automatically
> redirected to HTTPS to ensure that they are SSL-encrypted.
>
> To set this up, I followed the SSL Configuration How-To, created the
> keystore, and generated a private key. I then edited /conf/server.xml
> and /WEB-INF/web.xml (details below) to automatically redirect those
> certain HTTP requests over to HTTPS. Finally, I restarted Tomcat.
>
> Now when I reference my HTTPS URL *directly*, SSL kicks in, the browser
> padlock is locked, and everything works great:
> https://www.mysite.com:8443/db/index.jsp
>
> As I stated, however, I've configured the HTTP request:
> http://www.mysite.com:8080/db/index.jsp
>
> To automatically redirect to that HTTPS URL from above:
> https://www.mysite.com:8443/db/index.jsp
>
> BUT, for some reason, Tomcat is changing the domain to LOCALHOST:
> https://localhost:8443/db/index.jsp
>
> So... basically, Tomcat's got it about 80% right. The protocol and port
> were succesfully redirected (http 8080 -> https 8443), but the domain
> was changed. This instance of Tomcat is on a remote machine, *NOT* my
> local machine, so localhost fails. My question -- why would Tomcat be
> changing the server name in such a way?
>
>
> FYI, here is the relevant code from conf/server.xml:
> ---------------------------------
> <!-- Non-SSL Connector on Port 8080 -->
> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> port="8080" minProcessors="5" maxProcessors="75"
> enableLookups="false" redirectPort="8443"
> acceptCount="10" connectionTimeout="60000" debug="0"
> scheme="http" secure="false"/>
>
> <!-- SSL Connector on Port 8443 -->
> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> port="8443" minProcessors="5" maxProcessors="75"
> enableLookups="false"
> acceptCount="10" connectionTimeout="60000" debug="0"
> scheme="https" secure="true">
> <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
> clientAuth="false" protocol="TLS" />
> </Connector>
>
> <!-- Standard Engine -->
> <Engine name="Standard Engine" defaultHost="www.mysite.com" debug="0">
> <Host name="www.mysite.com"
> appBase="/home/baker/jbaker/web"
> debug="0"
> unpackWARs="false">
> <Context path="" docBase="" debug="0" reloadable="true"/>
> </Host>
> </Engine>
> ---------------------------------
>
>
> Here is the relevant code from web.xml:
> ---------------------------------
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Secure SSL Access</web-resource-name>
> <url-pattern>/db/*</url-pattern>
> </web-resource-collection>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
> ---------------------------------
>
> Note that I have:
> * uncommented the SSL connector
> * properly set the HTTP connector's redirectPort to SSL's 8443
> * changed the Engine's defaulthost to www.mysite.com
> * changed the Host's name to www.mysite.com
> * set the url-pattern match to /db/* in web.xml
> * added the CONFIDENTIAL transport-guarantee
>
> Nothing really extraordinary here. Moreover, a grep for "localhost" in
> both of these files returns zero results. I'm just not sure where it's
> coming from ... especially when Tomcat seems to be doing everything
> *else* correctly here.
>
> Any ideas? Thanks in advance!!
>
> -Steve Baker
>
>
> p.s. Performing a brute force solution such as:
> --------------------
> if (request.getScheme().equals("http")) {
> // oops! response.Redirect() to the https URL instead.
> }
> --------------------
> ... at the top of every .jsp in my HTTPS-only directory isn't going to
> be the right choice for this particular project. I will eventually
> employ that as a backup to ensure security, but I don't wish to go with
> that as my first line of defense...
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
--
Nikolas A. Rathert
Fraunhofer Institute for Computer Graphics
e-Learning & Knowledge Management
Fraunhoferstrasse 5
D-64283 Darmstadt
Germany
Fon +49 6151 155 552
Fax +49 6151 155 569
email: [EMAIL PROTECTED]
www: http://www.igd.fhg.de
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
