I don't have a recommendation as such, it was just a thought to get you to the quickest possible solution.
The options as I see it are: 1. Switch back to using https 2. Submit patches so that these warnings/error aren't logged for every request, perhaps just at startup or perhaps have another configuration to disable the warnings It wasn't clear to me how you are ensuring the same level of security that OFBiz provides OOTB but I would recommend that maintaining it should be your highest priority. Regards Scott On 4/03/2010, at 11:21 AM, Brett Palmer wrote: > Scott, > > We don't really have a good reason for turning it off. Here were some of > the reasons: > > - The initial thought was secure connections between web and application > servers was not necessary as these are behind the firewall. > - We also thought we might be improving performance by not encrypting > requests between servers, but we never verified these benefits. > - We also use mod_jk and it communicates insecurely using is own AJP > protocol. > > Is your recommendation to turn on security and have mod_proxy communicate > directly to port 8443? > > > Brett > > > > On Thu, Mar 4, 2010 at 11:00 AM, Scott Gray <scott.g...@hotwaxmedia.com>wrote: > >> On 4/03/2010, at 10:50 AM, Brett Palmer wrote: >> >>> We use Apache web servers to communicate with our OFBiz servers using a >>> combination of mod_jk and mod_proxy. For our mod_proxy configuration, we >>> forward secure requests (https) from Apache to a non-secure port (8080) >> on >>> Tomcat/OFBiz. >>> >> >> >> Hi Brett >> >> Why do you transfer from https to http? If you stopped doing that wouldn't >> all your problems go away? >> >> Regards >> Scott
smime.p7s
Description: S/MIME cryptographic signature
