• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Enabled SSL, but how to prevent "HTTP:`\\xxxx"

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello.
We have implemented SSL on IBM Http-server and Websphere applicaton server.
When we use "HTTPS:\\xxxxx" everything looks fine and we can se that the
certificate is used, the lock-icon on the browser and so on.
The problem is that we can still link to the application with "HTTP:\\xxxx" (unsecured).
How can we prevent this access ?
actions on the web-server ?
actions on the application server ?
actions on the deployment description ?)
[ September 30, 2003: Message edited by: Eskil Lind ]
 
Author
Posts: 367
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Try looking at the transport-guarantee option on security-constraint in your web.xml...
 
Eskil Lind
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Seems like I can solve this by editing the "Virtual host"-setting in WebSphere Application Server. I tried to set the only valid Virtual host to be "*:443". 443 is the SSL-port.
==> This worked fine. All "HTTP:\\xxx" was rejected.
Another challenge is that my application will call some static HTML-sites on the internet (new pop-up windows) with an ordinary "HTTP:\\xxxx"-kommand.
==> this was still possible
I have now accomplished to only allow HTTPS (SSL) to enter my application, and still my application can reach the outside world with "HTTP".
 
Those are the largest trousers in the world! Especially when next to this ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic