Sorry,
I just answered on a mail where some of the original text was missing. I
just saw that you searched for the string in every part.
Then I do not have any idea. Could this problem be a result of
src-compilation? I have no idea.
Cheers,
Nick
Nikolas A. Rathert wrote:
> Hi,
> I think you left somewhere in your conf-files a "localhost". I had the
> same error working on Apache and Tomcat and after some searching I found
> out that I forgot to modify httpd.conf in a way that my server no longer
> was the localhost but had a real name.
>
> I suggest, that you scan your conf-files for the string "localhost" .
> That must be the cause for the error.
>
> Cheers,
>
> Nick
>
> Steve Baker wrote:
>
>> ------------------------------------------------------------------
>> It appears that much of the code from my first post got wiped out.
>> Trying the message again here a second time. Thanks. -SB
>> ------------------------------------------------------------------
>>
>> Have any of you experienced Tomcat changing the *domain name* of the
>> request to "localhost" when you're trying to automatically redirect
>> from HTTP to HTTPS? We know that it's supposed to change the protocol
>> and the port, but the domain as well?
>>
>> Here's the situation:
>> I have a directory ("db") on my site (for the sake of this email,
>> "www.mysite.com") that I want to protect using SSL. Additionally, I
>> need any wayward HTTP requests to this directory to be automatically
>> redirected to HTTPS to ensure that they are SSL-encrypted.
>>
>> To set this up, I followed the SSL Configuration How-To, created the
>> keystore, and generated a private key. I then edited /conf/server.xml
>> and /WEB-INF/web.xml (details below) to automatically redirect those
>> certain HTTP requests over to HTTPS. Finally, I restarted Tomcat.
>>
>> Now when I reference my HTTPS URL *directly*, SSL kicks in, the
>> browser padlock is locked, and everything works great:
>> https://www.mysite.com:8443/db/index.jsp
>>
>> As I stated, however, I've configured the HTTP request:
>> http://www.mysite.com:8080/db/index.jsp
>>
>> To automatically redirect to that HTTPS URL from above:
>> https://www.mysite.com:8443/db/index.jsp
>>
>> BUT, for some reason, Tomcat is changing the domain to LOCALHOST:
>> https://localhost:8443/db/index.jsp
>>
>> So... basically, Tomcat's got it about 80% right. The protocol and
>> port were succesfully redirected (http 8080 -> https 8443), but the
>> domain was changed. This instance of Tomcat is on a remote machine,
>> *NOT* my local machine, so localhost fails. My question -- why would
>> Tomcat be changing the server name in such a way?
>>
>>
>> FYI, here is the relevant code from conf/server.xml:
>> ---------------------------------
>> <!-- Non-SSL Connector on Port 8080 -->
>> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
>> port="8080" minProcessors="5" maxProcessors="75"
>> enableLookups="false" redirectPort="8443"
>> acceptCount="10" connectionTimeout="60000" debug="0"
>> scheme="http" secure="false"/>
>>
>> <!-- SSL Connector on Port 8443 -->
>> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
>> port="8443" minProcessors="5" maxProcessors="75"
>> enableLookups="false"
>> acceptCount="10" connectionTimeout="60000" debug="0"
>> scheme="https" secure="true">
>> <Factory
>> className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
>> clientAuth="false" protocol="TLS" />
>> </Connector>
>>
>> <!-- Standard Engine -->
>> <Engine name="Standard Engine" defaultHost="www.mysite.com" debug="0">
>> <Host name="www.mysite.com"
>> appBase="/home/baker/jbaker/web"
>> debug="0"
>> unpackWARs="false">
>> <Context path="" docBase="" debug="0" reloadable="true"/>
>> </Host>
>> </Engine>
>> ---------------------------------
>>
>>
>> Here is the relevant code from web.xml:
>> ---------------------------------
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>Secure SSL Access</web-resource-name>
>> <url-pattern>/db/*</url-pattern>
>> </web-resource-collection>
>> <user-data-constraint>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>> ---------------------------------
>>
>> Note that I have:
>> * uncommented the SSL connector
>> * properly set the HTTP connector's redirectPort to SSL's 8443
>> * changed the Engine's defaulthost to www.mysite.com
>> * changed the Host's name to www.mysite.com
>> * set the url-pattern match to /db/* in web.xml
>> * added the CONFIDENTIAL transport-guarantee
>>
>> Nothing really extraordinary here. Moreover, a grep for "localhost"
>> in both of these files returns zero results. I'm just not sure where
>> it's coming from ... especially when Tomcat seems to be doing
>> everything *else* correctly here.
>>
>> Any ideas? Thanks in advance!!
>>
>> -Steve Baker
>>
>>
>> p.s. Performing a brute force solution such as:
>> --------------------
>> if (request.getScheme().equals("http")) {
>> // oops! response.Redirect() to the https URL instead.
>> }
>> --------------------
>> ... at the top of every .jsp in my HTTPS-only directory isn't going to
>> be the right choice for this particular project. I will eventually
>> employ that as a backup to ensure security, but I don't wish to go
>> with that as my first line of defense...
>>
>>
>>
>> --
>> To unsubscribe, e-mail:
>> <mailto:[EMAIL PROTECTED]>
>> For additional commands, e-mail:
>> <mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
