If not, how do I do a redirect for these HTTP sites? I've managed to config the web.xml file to get http://link1.domain redirected https://link1.domain but it also tries to redirect the landing page as well, which we don't want. I think it's just a matter of getting the syntax correct for the <url-pattern> section but I can't seem to get it right.
You cannot selectively disable a tcp/ip port. You can firewall it and you can suppress data coming in to the port, but as long as the port is open and listening, it will receive network traffic. A port is simply a place to send data to and has no inherent interest in what the format or content of that data is. Any URL filtering would have to be done by the receiving software.
It sounds like you're using Yet Another DIY security system and once again demonstrating why most people shouldn't attempt to do so. One of the most common ways to defeat DIY security systems is to simply ignore the expected URL sequences and directly request URLs that are past the security checkpoints.
As far as "authorized" URLs go, from the Tomcat server's point of view, there is no difference between a URL requested from a page link and a URL entered directly in a browser navigation bar. Only the client knows which it did, and generally speaking, the client software doesn't much care, either.
So you can block URLs using Tomcat valves, but if you do so, it will block them in all cases, not just in cases where users entered the URLs manually.
When it comes to destroying a civilization, gas chambers cannot hold a candle to echo chambers.
posted 7 years ago
Thanks for the information Tim. I'm pretty new to Tomcat and this has been thrown my way. I'm more familiar with IIS (don't hate me for it )
I'll look into using Valves to block the http:// requests. That will most likely take care of what we want to accomplish.
posted 7 years ago
Can you offer up and advise on what Valves to use? I've done some testing with different Valves and looked at the Tomcat documentation but I cannot find anything that is working for me.
Any information would be appreciated.