Link to home
Start Free TrialLog in
Avatar of vvl_talla
vvl_talla

asked on

how to configure SSL for specific pages of an application

We configured SSL and for the server it were successful with it. Due to the deterioration in response times, we are now asked to find out the possibilities to configure SSL only for the login page and the credit card pages leaving the rest as non SSL. We know that the login page can be configured using filters in the code. But we are exploring the possiblities of having SSL for specific internal pages as well. Pls advice. Thank you.
Avatar of farzanj
farzanj
Flag of Canada image
So what is the question?
Do you want a suggestion as to which pages should be kept with https and which ones on http Or you don't know how to do some on http while others on https?

Also, is it for Apache web server or for Tomcat?

IMHO, credit card pages make absolute sense of being kept with https but unless you have good reason within our intranet, I don't see any need.
Avatar of vvl_talla
vvl_talla

ASKER

Thank you for the response. My question is on how to do some on http while others on https? This is for Tomcat.
Avatar of farzanj
farzanj
Flag of Canada image
Here is how it works in Apache.  May be Tomcat is similar not sure.

You create a separate <VirtualHost> entry.

<VirtualHost 192.168.0.254:443>
ServerName
DocumentRoot
SSLEngine on
SSLCertificateFile
SSLCertificateKeyFile
</VirtualHost>

So you have two separate virtual host entries, one with port 80 the other with port 443.
If you enter http in the browser, it picks entry with port 80 if you enter https, it picks the one with port 443.
Avatar of arober11
arober11
Flag of United Kingdom of Great Britain and Northern Ireland image
Yes it's possible, via mod_rewrite, something along the following lines in either your httpd.conf or a .htaccess file should suffice:

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/(login-page|card-page) [NC]
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/(login-page|card-page) [NC]
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]

Open in new window


Note: This question has been asked several times before.
ASKER CERTIFIED SOLUTION
Avatar of vvl_talla
vvl_talla
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of vvl_talla
vvl_talla

ASKER

We achieved the required solution and no comment matched this solution. We attained our requirement successfully.