File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes How do I disable port 80 for certain URLs Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "How do I disable port 80 for certain URLs" Watch "How do I disable port 80 for certain URLs" New topic
Author

How do I disable port 80 for certain URLs

Ed James
Greenhorn

Joined: Feb 10, 2010
Posts: 7
Hi all,

I'm Running Apachec Tomcat 5.5 and I'm wondering if it's possible to disable port 80 for certain URLs only - that is, not just commenting out the <Connector .... > for port 80 and thus disable it globally. My apache tomcat server hosts up a landing page (http://youarehere.domain). On this landing page there are two links - one to https://link1.domain/login.do, the other to https://link1.domain/loginhere.do. However, we see that we can still manually type in http://link1.domain/login.do and http://link1.domain/loginhere.do and they work as well. We want to disable HTTP for these links that we have the SSL certs applied to while at the same type, leaving the landing page as an http site. Is this possible?

If not, how do I do a redirect for these HTTP sites? I've managed to config the web.xml file to get http://link1.domain redirected https://link1.domain but it also tries to redirect the landing page as well, which we don't want. I think it's just a matter of getting the syntax correct for the <url-pattern> section but I can't seem to get it right.

Any info on this would be greatly appreciated.

Thanks everyone.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15641
    
  15

You cannot selectively disable a tcp/ip port. You can firewall it and you can suppress data coming in to the port, but as long as the port is open and listening, it will receive network traffic. A port is simply a place to send data to and has no inherent interest in what the format or content of that data is. Any URL filtering would have to be done by the receiving software.

It sounds like you're using Yet Another DIY security system and once again demonstrating why most people shouldn't attempt to do so. One of the most common ways to defeat DIY security systems is to simply ignore the expected URL sequences and directly request URLs that are past the security checkpoints.

As far as "authorized" URLs go, from the Tomcat server's point of view, there is no difference between a URL requested from a page link and a URL entered directly in a browser navigation bar. Only the client knows which it did, and generally speaking, the client software doesn't much care, either.

So you can block URLs using Tomcat valves, but if you do so, it will block them in all cases, not just in cases where users entered the URLs manually.


Customer surveys are for companies who didn't pay proper attention to begin with.
Ed James
Greenhorn

Joined: Feb 10, 2010
Posts: 7
Thanks for the information Tim. I'm pretty new to Tomcat and this has been thrown my way. I'm more familiar with IIS (don't hate me for it :mrgreen

I'll look into using Valves to block the http:// requests. That will most likely take care of what we want to accomplish.

Cheers!
Ed James
Greenhorn

Joined: Feb 10, 2010
Posts: 7
Hi Tim,

Can you offer up and advise on what Valves to use? I've done some testing with different Valves and looked at the Tomcat documentation but I cannot find anything that is working for me.
Any information would be appreciated.

Thanks
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15641
    
  15

Sorry. I front Tomcat with Apache and let Apache do that kind of stuff. I think you'd probably have to write a custom Valve otherwise.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How do I disable port 80 for certain URLs
 
Similar Threads
Redirecting Port 80 to 443 for External Traffic Only
Switching between http and https in struts-config
Redirect or DNS alias?
how to map www.test.com to http://localhost:8080/test/index.jsp on Tomcat server
Tomcat filters