> On Dec 11, 2014, at 4:46 PM, Christopher Schultz > <ch...@christopherschultz.net> wrote: > > On 12/11/14 2:42 PM, Jesse Barnum wrote: >> I should have mentioned in my original post - IIS receives both >> HTTP as well as HTTPS requests. Both types of requests are proxied >> to a single HTTP connector in Tomcat. >> >> Is the only option to create two separate HTTP connectors on two >> different ports, set the secure attribute to true on one of them, >> and then configure ARR to send to HTTPS requests to the secure >> one? > > That's exactly what we do in our load-balanced setups: a separate port > for each. Note that if you use an <Executor>, there is very little > overhead to maintaining two separate connectors, one for each port: > they can both share a thread pool (which is what Tomcat calls an > <Executor>). > >> It seems like there should be a simpler solution. Could we instead >> configure ARR to include some header that Tomcat would recognize? > > When using mod_jk from Apache httpd and the AJP13 protocol, this > information is transmitted in the way you describe (the SSL > information is transmitted to Tomcat in a format that is not easy to > forge -- like it would be if it were part of an HTTP header). I've > never used the ISAPI redirector, but I think mod_jk supports IIS and > might be able to provide this information in a similar way. > > Reading the Tomcat IIS reference, it doesn't say anything about SSL, > so I'm not entirely sure. > > Hope that helps, > - -chris
Thank you Chris - I didn’t think about using the Executor shared pool. I’m going to look into Mark’s suggestion to look at RemoteIpFilter and see what I can figure out. --Jesse Barnum, President, 360Works --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
