Web Server: URL Rewrite to Forbid Non-SSL Requests

From Resin 4.0 Wiki

(Difference between revisions)
Jump to: navigation, search
(Created page with "{{WebServer}} {{Cookbook}} === WEB-INF/resin-web.xml to require SSL for /secure === <web-app xmlns="http://caucho.com/ns/resin" xmlns:resin="urn:java:com.caucho.r...")
 
 
Line 1: Line 1:
 
{{WebServer}} {{Cookbook}}
 
{{WebServer}} {{Cookbook}}
 +
 +
If you have a website section that needs an SSL connection for security, you can use Resin's URL-rewriting tag for the HTTP Forbidden (403) in combination with a predicate testing for SSL connections, IfSecure. The code snippet to return a forbidden looks like the following:
  
 
=== WEB-INF/resin-web.xml to require SSL for /secure ===
 
=== WEB-INF/resin-web.xml to require SSL for /secure ===
  
  <web-app xmlns="http://caucho.com/ns/resin"
+
  <web-app xmlns="<nowiki>http://caucho.com/ns/resin</nowiki>"
 
           xmlns:resin="urn:java:com.caucho.resin">
 
           xmlns:resin="urn:java:com.caucho.resin">
 
   
 
   
Line 11: Line 13:
 
   
 
   
 
  </web-app>
 
  </web-app>
 +
 +
If you want a custom error page, you can use <error-page error-code="403" location="..."/> to make the returned error page look nicer.
 +
 +
The Resin Web Server URL rewrite works on a rule-based system. The URL is matched first with a regular expression, and then any internal predicates are tested.
 +
 +
In this example, the Forbidden matches only for URLs starting with /secure, and then tests to see if the request's isSecure() is false. If the request is insecure and matches the /secure, then the Forbidden rule will match and Resin will return a 403 error page.
 +
 +
 +
== URL redirect insecure to a SSL host ==
 +
 +
You can instead use a redirect to force the use of SSL by replacing the <resin:Forbidden> with a <resin:Redirect> as follows:
 +
 +
=== WEB-INF/resin-web.xml redirecting to https: for insecure requests ===
 +
 +
<web-app xmlns="<nowiki>http://caucho.com/ns/resin</nowiki>"
 +
          xmlns:resin="urn:java:com.caucho.resin">
 +
 +
  <resin:Redirect regexp="^/secure" target="https://${host.name}/secure">
 +
    <resin:IfSecure value="false"/>
 +
  </resin:Redirect>
 +
 +
</web-app>
 +
 +
The <resin:Redirect> rule sends a redirect to the "target" location. You can either put in the explicit URL for the target, or use a Resin EL expression for the current host name, like ${host.name}.

Latest revision as of 00:00, 28 January 2012

Web-48.pngCookbook-48.png

If you have a website section that needs an SSL connection for security, you can use Resin's URL-rewriting tag for the HTTP Forbidden (403) in combination with a predicate testing for SSL connections, IfSecure. The code snippet to return a forbidden looks like the following:

WEB-INF/resin-web.xml to require SSL for /secure

<web-app xmlns="http://caucho.com/ns/resin"
         xmlns:resin="urn:java:com.caucho.resin">

  <resin:Forbidden regexp="^/secure">
    <resin:IfSecure value="false"/>
  </resin:Forbidden>

</web-app>

If you want a custom error page, you can use <error-page error-code="403" location="..."/> to make the returned error page look nicer.

The Resin Web Server URL rewrite works on a rule-based system. The URL is matched first with a regular expression, and then any internal predicates are tested.

In this example, the Forbidden matches only for URLs starting with /secure, and then tests to see if the request's isSecure() is false. If the request is insecure and matches the /secure, then the Forbidden rule will match and Resin will return a 403 error page.


URL redirect insecure to a SSL host

You can instead use a redirect to force the use of SSL by replacing the <resin:Forbidden> with a <resin:Redirect> as follows:

WEB-INF/resin-web.xml redirecting to https: for insecure requests

<web-app xmlns="http://caucho.com/ns/resin"
         xmlns:resin="urn:java:com.caucho.resin">

  <resin:Redirect regexp="^/secure" target="https://${host.name}/secure">
    <resin:IfSecure value="false"/>
  </resin:Redirect>

</web-app>

The <resin:Redirect> rule sends a redirect to the "target" location. You can either put in the explicit URL for the target, or use a Resin EL expression for the current host name, like ${host.name}.

Personal tools
TOOLBOX
LANGUAGES