http://wiki4.caucho.com/index.php?title=Web_Server:_URL_Rewrite_to_Forbid_Non-SSL_Requests&feed=atom&action=historyWeb Server: URL Rewrite to Forbid Non-SSL Requests - Revision history2024-03-29T14:50:25ZRevision history for this page on the wikiMediaWiki 1.18.0http://wiki4.caucho.com/index.php?title=Web_Server:_URL_Rewrite_to_Forbid_Non-SSL_Requests&diff=301&oldid=prevFerg: moved Resin: Web Server: URL Rewrite Forbidding Non-SSL Requests to Web Server: URL Rewrite to Forbid Non-SSL Requests2012-01-28T00:00:00Z<p>moved <a href="/Resin:_Web_Server:_URL_Rewrite_Forbidding_Non-SSL_Requests" class="mw-redirect" title="Resin: Web Server: URL Rewrite Forbidding Non-SSL Requests">Resin: Web Server: URL Rewrite Forbidding Non-SSL Requests</a> to <a href="/Web_Server:_URL_Rewrite_to_Forbid_Non-SSL_Requests" title="Web Server: URL Rewrite to Forbid Non-SSL Requests">Web Server: URL Rewrite to Forbid Non-SSL Requests</a></p>
<table class='diff diff-contentalign-left'>
<tr valign='top'>
<td colspan='1' style="background-color: white; color:black;">← Older revision</td>
<td colspan='1' style="background-color: white; color:black;">Revision as of 00:00, 28 January 2012</td>
</tr></table>Ferghttp://wiki4.caucho.com/index.php?title=Web_Server:_URL_Rewrite_to_Forbid_Non-SSL_Requests&diff=148&oldid=prevFerg at 00:00, 12 January 20122012-01-12T00:00:00Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 00:00, 12 January 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 25:</td>
<td colspan="2" class="diff-lineno">Line 25:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>You can instead use a redirect to force the use of SSL by replacing the <resin:Forbidden> with a <resin:Redirect> as follows:</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>You can instead use a redirect to force the use of SSL by replacing the <resin:Forbidden> with a <resin:Redirect> as follows:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">=== WEB-INF/resin-web.xml redirecting to https: for insecure requests ===</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>  <web-app xmlns="<nowiki>http://caucho.com/ns/resin</nowiki>"</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>  <web-app xmlns="<nowiki>http://caucho.com/ns/resin</nowiki>"</div></td></tr>
</table>Ferghttp://wiki4.caucho.com/index.php?title=Web_Server:_URL_Rewrite_to_Forbid_Non-SSL_Requests&diff=147&oldid=prevFerg at 00:00, 12 January 20122012-01-12T00:00:00Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 00:00, 12 January 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 21:</td>
<td colspan="2" class="diff-lineno">Line 21:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>== URL redirect <del class="diffchange diffchange-inline">for </del>insecure ==</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>== URL redirect insecure <ins class="diffchange diffchange-inline">to a SSL host </ins>==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>You can instead use a redirect to force the use of SSL by replacing the <resin:Forbidden> with a <resin:Redirect> as follows:</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>You can instead use a redirect to force the use of SSL by replacing the <resin:Forbidden> with a <resin:Redirect> as follows:</div></td></tr>
</table>Ferghttp://wiki4.caucho.com/index.php?title=Web_Server:_URL_Rewrite_to_Forbid_Non-SSL_Requests&diff=146&oldid=prevFerg at 00:00, 12 January 20122012-01-12T00:00:00Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 00:00, 12 January 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>{{WebServer}} {{Cookbook}}</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>{{WebServer}} {{Cookbook}}</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">If you have a website section that needs an SSL connection for security, you can use Resin's URL-rewriting tag for the HTTP Forbidden (403) in combination with a predicate testing for SSL connections, IfSecure. The code snippet to return a forbidden looks like the following:</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== WEB-INF/resin-web.xml to require SSL for /secure ===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== WEB-INF/resin-web.xml to require SSL for /secure ===</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>  <web-app xmlns="http://caucho.com/ns/resin"</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>  <web-app xmlns="<ins class="diffchange diffchange-inline"><nowiki></ins>http://caucho.com/ns/resin<ins class="diffchange diffchange-inline"></nowiki></ins>"</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>           xmlns:resin="urn:java:com.caucho.resin"></div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>           xmlns:resin="urn:java:com.caucho.resin"></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   </div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 11:</td>
<td colspan="2" class="diff-lineno">Line 13:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>  </web-app></div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>  </web-app></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">If you want a custom error page, you can use <error-page error-code="403" location="..."/> to make the returned error page look nicer.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">The Resin Web Server URL rewrite works on a rule-based system. The URL is matched first with a regular expression, and then any internal predicates are tested. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">In this example, the Forbidden matches only for URLs starting with /secure, and then tests to see if the request's isSecure() is false. If the request is insecure and matches the /secure, then the Forbidden rule will match and Resin will return a 403 error page.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">== URL redirect for insecure ==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">You can instead use a redirect to force the use of SSL by replacing the <resin:Forbidden> with a <resin:Redirect> as follows:</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> <web-app xmlns="<nowiki>http://caucho.com/ns/resin</nowiki>"</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">          xmlns:resin="urn:java:com.caucho.resin"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">  <resin:Redirect regexp="^/secure" target="https://${host.name}/secure"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">    <resin:IfSecure value="false"/></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">  </resin:Redirect></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"> </web-app></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">The <resin:Redirect> rule sends a redirect to the "target" location. You can either put in the explicit URL for the target, or use a Resin EL expression for the current host name, like ${host.name}.</ins></div></td></tr>
</table>Ferghttp://wiki4.caucho.com/index.php?title=Web_Server:_URL_Rewrite_to_Forbid_Non-SSL_Requests&diff=145&oldid=prevFerg: Created page with "{{WebServer}} {{Cookbook}} === WEB-INF/resin-web.xml to require SSL for /secure === <web-app xmlns="http://caucho.com/ns/resin" xmlns:resin="urn:java:com.caucho.r..."2012-01-12T00:00:00Z<p>Created page with "{{WebServer}} {{Cookbook}} === WEB-INF/resin-web.xml to require SSL for /secure === <web-app xmlns="http://caucho.com/ns/resin" xmlns:resin="urn:java:com.caucho.r..."</p>
<p><b>New page</b></p><div>{{WebServer}} {{Cookbook}}<br />
<br />
=== WEB-INF/resin-web.xml to require SSL for /secure ===<br />
<br />
<web-app xmlns="http://caucho.com/ns/resin"<br />
xmlns:resin="urn:java:com.caucho.resin"><br />
<br />
<resin:Forbidden regexp="^/secure"><br />
<resin:IfSecure value="false"/><br />
</resin:Forbidden><br />
<br />
</web-app></div>Ferg