Hi, I think you left somewhere in your conf-files a "localhost". I had the same error working on Apache and Tomcat and after some searching I found out that I forgot to modify httpd.conf in a way that my server no longer was the localhost but had a real name.
I suggest, that you scan your conf-files for the string "localhost" . That must be the cause for the error. Cheers, Nick Steve Baker wrote: > ------------------------------------------------------------------ > It appears that much of the code from my first post got wiped out. > Trying the message again here a second time. Thanks. -SB > ------------------------------------------------------------------ > > Have any of you experienced Tomcat changing the *domain name* of the > request to "localhost" when you're trying to automatically redirect from > HTTP to HTTPS? We know that it's supposed to change the protocol and the > port, but the domain as well? > > Here's the situation: > I have a directory ("db") on my site (for the sake of this email, > "www.mysite.com") that I want to protect using SSL. Additionally, I > need any wayward HTTP requests to this directory to be automatically > redirected to HTTPS to ensure that they are SSL-encrypted. > > To set this up, I followed the SSL Configuration How-To, created the > keystore, and generated a private key. I then edited /conf/server.xml > and /WEB-INF/web.xml (details below) to automatically redirect those > certain HTTP requests over to HTTPS. Finally, I restarted Tomcat. > > Now when I reference my HTTPS URL *directly*, SSL kicks in, the browser > padlock is locked, and everything works great: > https://www.mysite.com:8443/db/index.jsp > > As I stated, however, I've configured the HTTP request: > http://www.mysite.com:8080/db/index.jsp > > To automatically redirect to that HTTPS URL from above: > https://www.mysite.com:8443/db/index.jsp > > BUT, for some reason, Tomcat is changing the domain to LOCALHOST: > https://localhost:8443/db/index.jsp > > So... basically, Tomcat's got it about 80% right. The protocol and port > were succesfully redirected (http 8080 -> https 8443), but the domain > was changed. This instance of Tomcat is on a remote machine, *NOT* my > local machine, so localhost fails. My question -- why would Tomcat be > changing the server name in such a way? > > > FYI, here is the relevant code from conf/server.xml: > --------------------------------- > <!-- Non-SSL Connector on Port 8080 --> > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" > port="8080" minProcessors="5" maxProcessors="75" > enableLookups="false" redirectPort="8443" > acceptCount="10" connectionTimeout="60000" debug="0" > scheme="http" secure="false"/> > > <!-- SSL Connector on Port 8443 --> > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" > port="8443" minProcessors="5" maxProcessors="75" > enableLookups="false" > acceptCount="10" connectionTimeout="60000" debug="0" > scheme="https" secure="true"> > <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" > clientAuth="false" protocol="TLS" /> > </Connector> > > <!-- Standard Engine --> > <Engine name="Standard Engine" defaultHost="www.mysite.com" debug="0"> > <Host name="www.mysite.com" > appBase="/home/baker/jbaker/web" > debug="0" > unpackWARs="false"> > <Context path="" docBase="" debug="0" reloadable="true"/> > </Host> > </Engine> > --------------------------------- > > > Here is the relevant code from web.xml: > --------------------------------- > <security-constraint> > <web-resource-collection> > <web-resource-name>Secure SSL Access</web-resource-name> > <url-pattern>/db/*</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > --------------------------------- > > Note that I have: > * uncommented the SSL connector > * properly set the HTTP connector's redirectPort to SSL's 8443 > * changed the Engine's defaulthost to www.mysite.com > * changed the Host's name to www.mysite.com > * set the url-pattern match to /db/* in web.xml > * added the CONFIDENTIAL transport-guarantee > > Nothing really extraordinary here. Moreover, a grep for "localhost" in > both of these files returns zero results. I'm just not sure where it's > coming from ... especially when Tomcat seems to be doing everything > *else* correctly here. > > Any ideas? Thanks in advance!! > > -Steve Baker > > > p.s. Performing a brute force solution such as: > -------------------- > if (request.getScheme().equals("http")) { > // oops! response.Redirect() to the https URL instead. > } > -------------------- > ... at the top of every .jsp in my HTTPS-only directory isn't going to > be the right choice for this particular project. I will eventually > employ that as a backup to ensure security, but I don't wish to go with > that as my first line of defense... > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- Nikolas A. Rathert Fraunhofer Institute for Computer Graphics e-Learning & Knowledge Management Fraunhoferstrasse 5 D-64283 Darmstadt Germany Fon +49 6151 155 552 Fax +49 6151 155 569 email: [EMAIL PROTECTED] www: http://www.igd.fhg.de -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>