RewriteRule with tomcat?

Mark
Mark used Ask the Experts™
on
I have what must be a common problem. I want to rewrite "http" to "https". No big deal for apache, but I am using apache and tomcat. The following works fine for non-tomcat folders, e.g. http://www.mydomain.com/index.html

RewriteCond %{HTTPS} !on
RewriteRule ^/?(.*) https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

However, if the folder is under tomcat's webapps it doesn't work, even if I have an .htaccess file in the tomcat folder. So, I would like:

http://www.mydomain.com/mywebapp/somepage.jsp -> https://www.mydomain.com/mywebapp/somepage.jsp

as I said, I tried putting an .htaccess file with the above rewrite rule in both htdocs and mywebapp, but it didn't work. I also tried the following in httpd.conf:

<Location /mywebapp>
RewriteCond %{HTTPS} !on
RewriteRule ^/?(.*) https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
</Location>

but that didn't work either. Strange, because I have another <Location> directive for authorization in another tomcat folder that *does* work.

I'm sure loads of people have run into this situation. How do I fix it?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2010

Commented:
Can you please provide few more details:

Do you have access to the Apache HTTPD.conf, or do you only have access to a .htaccess file?

How is your Apache HTTPD server relaying traffic to the Tomcat e.g.

HTTP  - via a: ProxytPass  /mywebapp/   http://11.22.33.44:8080/mywebapp/ 
HTTP - via  a: RewriteRule  /mywebapp/  xxxxxxxxxx  [P,L]
AJP - via a: Jkmount /mywebapp/

Also note that unless you've made the effort the Apache HTTPD server will terminate the HTTPS traffic and Proxy the requests onto the Tomcat in plain old HTTP / AJP.

If you only have access to a .htaccess the following should work:

RewriteEngine On
RewriteBase  /
RewriteCond %{HTTPS} !on
RewriteRule mywebapp.* https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
RewriteRule (mywebapp.*) http://11.22.33.44:8080/$1 [P]

Author

Commented:
Yes, I have access to httpd.conf. The <Location> examples I gave are in there.

Relaying to tomcat via Jkmount in httpd:

JkMount  /mywebapp/* worker1
JkMount  /mywebapp worker1

> Also note that unless you've made the effort the Apache HTTPD server will terminate the HTTPS traffic and Proxy the requests onto the Tomcat in plain old HTTP / AJP.

Not sure what you mean by this. I can do: https://www.mydomain.com/mywebapp and it seems to work fine. I am I wrong?

I put your example .htaccess in DOCUMENT_ROOT. It didn't work. How does your example differ fundamentally from my example:

RewriteCond %{HTTPS} !on
RewriteRule ^/?(.*) https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

except that you are explicitly giving it the search-for URI prefix and I am (attempting) to use a total wildcard?

Was your rule:
RewriteRule (mywebapp.*) http://11.22.33.44:8080/$1 [P]
in there in case I am using a proxy? Not sure what this does (I'm pretty confused by rewrite rules generally)
Top Expert 2010
Commented:
Apache TERMINATES HTTPS traffic, so the conversation between the Apache HTTPD and Tomcat servers will generally be un-encrypted, unless your Tomcat server has a secure connecto configuredr, in which case Apache will need first re-encrypt it using a local and a SSL key from the Tomcat, anyway that's of subject.

As you DID NOT mention in your original question, the use of AJP (mod_jk), and indicated you first attempted to implement a solution via an inefficient .htaccess  file (they're parsed for every request, rather than the httpd.conf's just once, at server startup). So assumed you either had NO or limited access to the httpd.conf, else you wouldn't choose that route, and you were using a straight forward HTTP Reverse proxy to Terminate the HTTPS conversation and relay the requests in plain HTTP on to your Tomcat.

Anyway the .htaccess example above will work, outside of any block, if you ALSO comment out your jkmount's and plug in the IP and HTTP port of your Tomcat server.

A slight variation of the logic above, in your httpd.conf will achieve the same e.g.

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule ^/mywebapp.*   https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
RewriteRule ^/(mywebapp.*) http://11.22.33.44:8080/$1 [P]

Note the HTTPS rule is before the Proxy rule, and there is a 301 PERMANENT redirection.

If your using Jkmount then make sure the JkMount 's are in the SECURE (port 443) virtual host definition, not the port 80 or just in the base file, or if you want the app accessible via both ports ensure the mounts are in the base files and the virtual host have a "JkMountCopy on" e.g.


JkMount  /mywebapp/* worker1
JkMount  /mywebapp worker1


<Virtualhost 11.22.33.44:80>
...
  RewriteEngine On
  RewriteCond %{HTTPS} !on
  RewriteRule ^/mywebapp.*   https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
  JkMountCopy off
</Virtualhost>

<Virtualhost 11.22.33.44:443>
...
  JkMountCopy on
</Virtualhost>

Author

Commented:
arober11: thanks, that did it. One thing I was missing in my <Location> directive was the RewriteEngine On command. When I added that, it started working.

I think I'm OK on the SSL definition. I experimented by turning port 443 off on my firewall and then I couldn't use https. So, I think https requests must be using 443.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial