how to configure SSL for specific pages of an application

Posted on 2011-04-21
Last Modified: 2012-05-11
We configured SSL and for the server it were successful with it. Due to the deterioration in response times, we are now asked to find out the possibilities to configure SSL only for the login page and the credit card pages leaving the rest as non SSL. We know that the login page can be configured using filters in the code. But we are exploring the possiblities of having SSL for specific internal pages as well. Pls advice. Thank you.
Question by:vvl_talla
    LVL 31

    Expert Comment

    So what is the question?
    Do you want a suggestion as to which pages should be kept with https and which ones on http Or you don't know how to do some on http while others on https?

    Also, is it for Apache web server or for Tomcat?

    IMHO, credit card pages make absolute sense of being kept with https but unless you have good reason within our intranet, I don't see any need.

    Author Comment

    Thank you for the response. My question is on how to do some on http while others on https? This is for Tomcat.
    LVL 31

    Expert Comment

    Here is how it works in Apache.  May be Tomcat is similar not sure.

    You create a separate <VirtualHost> entry.

    SSLEngine on


    So you have two separate virtual host entries, one with port 80 the other with port 443.
    If you enter http in the browser, it picks entry with port 80 if you enter https, it picks the one with port 443.
    LVL 26

    Expert Comment

    Yes it's possible, via mod_rewrite, something along the following lines in either your httpd.conf or a .htaccess file should suffice:

    RewriteEngine On
    RewriteCond %{HTTPS} on
    RewriteCond %{REQUEST_URI} !^/(login-page|card-page) [NC]
    RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]
    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} ^/(login-page|card-page) [NC]
    RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]

    Open in new window

    Note: This question has been asked several times before.

    Accepted Solution

    Thank you for your comment. We attained the requirement we have through SecureActionConfig parameters available in struts.

    Author Closing Comment

    We achieved the required solution and no comment matched this solution. We attained our requirement successfully.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting ( to http…
    Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now