On Friday 27 January 2006 16:17, Cliff Zhao wrote: > I'm not a Apache expert, but I think that you can have Apache redirect your > pages. Namely, when Apache gets http requests supposed to be https, Apache > will redirect them to the https equivalent. >
I think you have to be quite careful. The https causes the browser to negotiate the encryption, so you can't use apache to randomly change incoming protocols. I am not I understand the problem from earlier discussion in this thread. However ... I run an application that I want to be https when accessed from the internet (so that the basic authentication is properly encrypted - as well as the fact that the application is displaying sensitive financial data), but uses http when accessed from in tmy local area network. I have tomcat front ended by apache (which I use for all my security control). Effectively inside apache I have almose identical virtual host configurations for the two (by using a common include file and then use rewrite rules to block access from the internet to non https protocols. This acutally causes the user to see an error message if he tries it. However, tapestry builds urls in the correct protocol (http or https) as the incoming request. In order to get it to allow logon to selected areas, I use basic authentication (actually its enhanced to look up users and groups in a database) controlled via <location> blocks within the apache configuration. I gave up on tomcat's validation when I realised it didn't work with apache in from of it. What I suspect is being asked here is that when moving from one part of the application to another that you transition from http to https. In Tapestry 4 I beleive that what the "scheme" parameter is on the @DirectLink and @PageLink components is about. Even so, in this case, I think you will need separate virtual hosts inside apache for the http and https parts as http will be received on port 80 and https on port 443. -- Alan Chandler http://www.chandlerfamily.org.uk Open Source. It's the difference between trust and antitrust. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
