Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Automatically redirect on SSL port?

Posted on 2004-08-24
2
Medium Priority
?
654 Views
Last Modified: 2013-12-10
Two part question

Part 1:
Using Websphere, how do I automatically switch or redirect to the SSL port.
For example if a user types in http://www.mydomain.com/secure/login.jsp , I would like the server to automatically switch the request to https://www.mydomain.com/secure/login.jsp.

Part 2:
Once in https I would like to have a link (relative to the domin) (ie <a href="../products.jsp"> click here </a>) such that it will use http instead of https.

TIA
0
Comment
Question by:yoshir
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
pluim earned 1000 total points
ID: 11886926
There are several options:

1. Set up the IBM HTTP Server (that sits in front of WAS) to redirect any requests. See http://www.sitepoint.com/forums/showthread.php?t=139605 for details.
Just change the "dir" in RewriteCond %{REQUEST_URI} ^/dir.*$ to "secure", and any page under /secure will be forced to https

2. Set up two virtual hosts, one for port 80 and one for port 443. Redirect any requests for pages under /secure coming into the virtual host on port 80 to https.
See post 5: http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=909cse%24105e%241%40news.software.ibm.com&rnum=3&prev=/groups%3Fq%3DIHS%2520redirect%2520http%2520https%26hl%3Den%26lr%3D%26ie%3DUTF-8%26sa%3DN%26tab%3Dwg

3. Modify the login.jsp to detect the protocol and do the redirect there via Javascript. See http://www.experts-exchange.com/Web/Web_Servers/IIS/Q_20757759.html. Obviously, you'll have to include the Javascript in every page that you want to force into https.

The Javascript option helps with the second part. You can't change protocols through relative links, and using fully qualified URLs is a poor solution because of maintenance. You're better off by using Javascript in your products.jsp file as described in the PAQ above:

<SCRIPT LANGUAGE="JavaScript">
if (location.protocol != 'http:'){
     window.location= 'http://' + location.host + location.pathname + location.search
}
</SCRIPT>

Why would you want to drop out of SSL though? Once the connection has been set up, the encryption/ decryption overhead is minimal. Switching protocols can also give those annoying pop-up warnings you're about to leave a secure connection.
0
 

Author Comment

by:yoshir
ID: 11896379
plumin

I changed the rewrite rule by qualifying it more and took out the conditions. I applied a similar rule in the 443 virtual host to go from https to http when the link was back at the root (no longer in /secure)

Thanks
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This exercise is about for the following scenario: Dmgr and One node with 2 application server. Each application server contains it owns application. Application server name as follows server1 contains app1 server2 contains app1 Prereq…
Most of the developers using Tomcat find it easy to configure the datasource in Server.xml and use the JNDI name in the code to get the connection.  So the default connection pool using DBCP (or any other framework) is made available and the life go…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question