Reputation: 143
Redirect Http to HTTPS only for certain endpoints
I have successfully configured my Tomcat to redirect from port 80 to 443. However, is Tomcat smart enough to only redirect certain endpoints to 443 while allowing others to access port 80?
For example, I only want endpoints that are reached from http://myWebsite/myBankAccount/* to be redirected to https. But if you were to just access http://myWebsite.com, Tomcat will allow port 80 access.
If Tomcat is not smart enough to implement this, what application can do this?
Upvotes: 1
Views: 294
Answers (2)
Reputation: 752
If you happen to be using Spring-Security, then you can also adjust it's configuration to require (or allow) a different protocol based on the URL pattern.
For example, see Spring HTTP/HTTPS Channel Security.
Upvotes: 0
Reputation: 13686
You can use the url-pattern element. Here's an example:
<!-- Require HTTPS for everything that matches the url pattern: /myBankAccount/* -->
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly</web-resource-name>
<url-pattern>/myBankAccount/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Upvotes: 2
Related Questions
- HTTP redirect: 301 (permanent) vs. 302 (temporary)
- Redirect http to https for Apache Tomcat 9 for a specific domain only
- How to redirect all HTTP requests to HTTPS using .htaccess rules?
- Redirect traffic from http to https on node.js instance on elastic beanstalk
- How to disable auto redirect from HTTP to HTTPS on Tomcat
- An HTTP POST redirect to HTTPS leads to a data lose?
- HTTP to HTTPS Redirects for AWS ELB and Tomcat7 server
- http to https redirect (tomcat/jboss)