Here's how to do it with just using Apache configuration files. The application is J2EE struts running on JBoss 4.0.4GA.
in httpd.conf
make sure the mod_rewrite is activated like this
LoadModule rewrite_module modules/mod_rewrite.so
then add to the httpd.conf
RewriteEngine on
# checks if request is in HTTP and then only rewrites the login pages via a regex
RewriteCond %{HTTPS} =off
RewriteCond %{THE_REQUEST} login\.do.*action=init [OR]
RewriteCond %{THE_REQUEST} login\.do.*action=submit
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
# checks if request is in HTTPS and then rewrites all other pages to http via inverse regex.
# however do not rewrite static content such as images, css, javascripts or else returned page
# will not be 100% HTTPS. All static content under /staticcontent/
RewriteCond %{HTTPS} =on
RewriteCond %{THE_REQUEST} !login\.do.*action=init
RewriteCond %{THE_REQUEST} !login\.do.*action=submit
RewriteCond %{REQUEST_URI} !/staticcontent/
RewriteRule .* http://%{SERVER_NAME}%{REQUEST_URI} [R,L]
make sure that J2EE application is sending client-side rewrites and not just server-side forwards for the login pages or else this will not work because Apache will not get the chance to rewrite the URL's.
That's it!!
No comments:
Post a Comment