Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

how to configure SSL for specific pages of an application

Posted on 2011-04-21
6
Medium Priority
?
208 Views
Last Modified: 2012-05-11
We configured SSL and for the server it were successful with it. Due to the deterioration in response times, we are now asked to find out the possibilities to configure SSL only for the login page and the credit card pages leaving the rest as non SSL. We know that the login page can be configured using filters in the code. But we are exploring the possiblities of having SSL for specific internal pages as well. Pls advice. Thank you.
0
Comment
Question by:vvl_talla
  • 3
  • 2
6 Comments
 
LVL 31

Expert Comment

by:farzanj
ID: 35440421
So what is the question?
Do you want a suggestion as to which pages should be kept with https and which ones on http Or you don't know how to do some on http while others on https?

Also, is it for Apache web server or for Tomcat?

IMHO, credit card pages make absolute sense of being kept with https but unless you have good reason within our intranet, I don't see any need.
0
 

Author Comment

by:vvl_talla
ID: 35440559
Thank you for the response. My question is on how to do some on http while others on https? This is for Tomcat.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35440861
Here is how it works in Apache.  May be Tomcat is similar not sure.

You create a separate <VirtualHost> entry.

<VirtualHost 192.168.0.254:443>
ServerName
DocumentRoot
SSLEngine on
SSLCertificateFile
SSLCertificateKeyFile

</VirtualHost>

So you have two separate virtual host entries, one with port 80 the other with port 443.
If you enter http in the browser, it picks entry with port 80 if you enter https, it picks the one with port 443.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 26

Expert Comment

by:arober11
ID: 35479759
Yes it's possible, via mod_rewrite, something along the following lines in either your httpd.conf or a .htaccess file should suffice:

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/(login-page|card-page) [NC]
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/(login-page|card-page) [NC]
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]

Open in new window


Note: This question has been asked several times before.
0
 

Accepted Solution

by:
vvl_talla earned 0 total points
ID: 35483656
Thank you for your comment. We attained the requirement we have through SecureActionConfig parameters available in struts.
0
 

Author Closing Comment

by:vvl_talla
ID: 35510775
We achieved the required solution and no comment matched this solution. We attained our requirement successfully.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Loops Section Overview
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Suggested Courses
Course of the Month11 days, left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question