System Configuration

Forcing connections to use SSL/TLS

Overview

Once the SSL/TLS connector has been enabled per these instructions, users may still be able to access the application through the default port 8080. There are 2 options for preventing this from occurring:

  1. Comment out the HTTP/1.1 Connector in tomcat/conf/server.xml (leaving only the SSL/TLS Connector).
  2. Force Tomcat over SSL. To do this, edit the tomcat/conf/web.xml file and add a <security-constraint> element just before the closing </web-app> element. For example:

    <!-- Force SSL for entire site -->
     <security-constraint> 
      <web-resource-collection> 
       <web-resource-name>Cascade CMS</web-resource-name> 
       <url-pattern>/*</url-pattern> 
      </web-resource-collection> 
      <user-data-constraint> 
       <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
      </user-data-constraint> 
     </security-constraint>
Note: More information on configuring SSL can be found at the Apache Tomcat web site.
Back to Top ↑

Related Links