> >----- Original Message ---- > >From: Krist van Besien <[EMAIL PROTECTED]> > > > >You can't do what you are trying to do. Passing SSL without > decrypting > >it to tomcat is something that can't be done with apache. > How is apache > >to know what to do with a request when the request is just a > stream of > >apparently random noise? > > > >It is also something you don't need apache for. Just do a > port forward > >on the OS level. > > Thank you for the reply. > > > > Unfortunately I can't do a port forward at the os level. My > environment is on a shared server. Many domains are setup on > the machine - all of course for port 80/443. At the os level > can I determine that the request was for a certain domain and > forward to a different > port based on that domain? I think the way the hosting > company has it > setup is that multiple domains are mapping to one ip - though > it might be a slightly different setup. The requests then > all go to the one box where apache is sitting in front and > using connectors to direct the requests to the particular > instance of tomcat ( in the case of the ssl request it is > decrypting the request and directing them). > > > My issue is that in Tomcat I want to have any http request > redirected to https. mod_proxy creates an infinite loop in > this situation since apache turns the https into http and > tomcat thinks it needs to redirect. mod_jk handles this > properly and is able to pass extra heuristics to tomcat but > for some reason creates a massive performance problem. > Rather than figure out why mod_jk is creating this > performance problem I was hoping there was someway just to > have apache send the ssl on.... seems like I am stuck either > switching to a dedicated machine and removing apache from the > equation or figureing out the problem with mod_jk. > > > Any other ideas? >
I presume your problem is that someone can access the Tomcat directly via HTTP as well as through Apache. If it's just Apache then you can set up your virtual hosts to only forward HTTPS connections to the Tomcat and not proxy HTTP ones. Another solution is to forward the SSL-decrypted connection from Apache to a different HTTP connector (ie different port) on Tomcat which only accepts connection from Apache. On this HTTP connector set "isSecure" to true. Then your application should only redirect back to https if the the connection is on the other HTTP connector (ie when the request returns isSecure=false). Ryan Murray element^n berytech technology centre mkalles-beirut, lebanon +961 4 533 040 ext. 3030 (office) +961 3 767 083 (lebanon mobile) +973 3603 9118 (bahrain mobile) www.elementn.com This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient(s) please contact the sender by reply email and destroy all copies of the original message and any attachments. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
