使用ProxyPass将HTTP页面重定向到HTTPS到Tomcat服务器

时间:2016-02-10 09:16:15

标签: apache http tomcat redirect https

所以我在端口8080上运行了一个tomcat服务器,在端口80和443上运行了一个apache服务器。我可以使用这些虚拟主机让整个网站重定向到https:

<VirtualHost *:80>
    Redirect permanent / https://localhost
</VirtualHost>

<VirtualHost _default_:443>
    SSLEngine on
    SSLCertificateFile /etc/httpd/crt/localhost.crt
    SSLCertificateKeyFile /etc/httpd/crt/localhost.key
    ProxyRequests off
    ProxyPreserveHost on
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
    ProxyPass /catdapp http://localhost:8080/
    ProxyPassReverse /catdapp http://localhost:8080/
</VirtualHost>

但是,我尝试将其设为只有当网址为localhost/#/loginlocalhost/catdapp/#/login时才会重定向到https

我尝试了以下内容:

<VirtualHost *:80>
    Redirect permanent /#/login https://localhost/#/login
    Redirect permanent /catdapp/#/login https://localhost/#/login
    ProxyRequests off
    ProxyPreserveHost on
    ProxyPass /#/login !
    ProxyPass /catdapp/#/login !
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
    ProxyPass /catdapp http://localhost:8080/
    ProxyPassReverse /catdapp http://localhost:8080/
</VirtualHost>

哪个没用,控制台显示它正在检索http://localhost/catdapp/partials/login.html,所以我尝试将其更改为:

<VirtualHost *:80>
    Redirect permanent /catdapp/partials/login.html https://localhost/catdapp/partials/login.html
    ProxyRequests off
    ProxyPreserveHost on
    ProxyPass /catdapp/partials/login.html !
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
    ProxyPass /catdapp http://localhost:8080/
    ProxyPassReverse /catdapp http://localhost:8080/
</VirtualHost>

然后导致firefox控制台输出两个错误:

GET http://localhost/catdapp/partials/login.html 301 Moved Permanently
GET https://localhost/catdapp/partials/login.html 200 OK

apache访问日志显示:

"GET /catdapp/partials/login.html HTTP/1.1" 301 328 "http://localhost" "Mozilla/5.0 (X11; Linux x84_64; rv:38.0) Gecko/20100101 Firefox/38.0"
"GET /catdapp/partials/login.html HTTP/1.1" 200 2054 "http://localhost" "Mozilla/5.0 (X11; Linux x84_64; rv:38.0) Gecko/20100101 Firefox/38.0"

有什么想法吗?

1 个答案:

答案 0 :(得分:0)

#在客户端处理,在浏览器中处理 - 我没有看到它传输到服务器。

我不再担心混合模式操作,只是无条件地将所有内容重定向到https并继续:使用http / https混合模式,您只需打开许多意外的安全漏洞,会话泄漏或其他(现在)它只是不值得麻烦。将HSTS header添加到https-virtual-host,在您意外使用错误协议的情况下甚至是安全的(一旦客户端看到HSTS标头,这应该是常态)

这会占用更多服务器端资源吗?可能有点。这有关系吗?测量!如果您拥有值得保护的资源,那么值得排除一类错误,如会话信息泄露,网络钓鱼,MITM攻击等。

相关问题
最新问题