I should have mentioned in my original post - IIS receives both HTTP as well as HTTPS requests. Both types of requests are proxied to a single HTTP connector in Tomcat.
Is the only option to create two separate HTTP connectors on two different ports, set the secure attribute to true on one of them, and then configure ARR to send to HTTPS requests to the secure one? It seems like there should be a simpler solution. Could we instead configure ARR to include some header that Tomcat would recognize? > On Dec 11, 2014, at 2:18 PM, Mark Thomas <ma...@apache.org> wrote: > > On 11/12/2014 19:12, Jesse Barnum wrote: >> I have IIS 7 running with an SSL certificate. It receives HTTPS requests, >> and using ARR, it proxies them over HTTP to Tomcat. This works fine. >> >> The problem is that when we call HttpServletRequest.isSecure(), it returns >> false. This makes sense, since the request to tomcat is HTTP, but it’s not >> correct from the user’s standpoint, who is using HTTPS. >> >> Is there a recommended way to configure ARR with Tomcat so that the original >> HTTPS protocol can be recognized by Tomcat? > > Set the secure attribute on the connector to "true" but make sure you > only proxy requests originally received over HTTPS to it. > > Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
