Web Development

Hi all, I have a web app with the following pages, browse.jsp and shopping.jsp. I want to protect shopping.jsp with https. (https is only between browser and apache httpd server.)The https for the shopping.jsp page will terminate at the web server.

From web server to tomcat application server will be http connection, for both shopping.jsp and browse.jsp. I do not require mod_jk to pass on the https for the shopping.jsp page tomcat.

shopping.jsp will be accessed via https://myapp1.com/shoppingcart/shopping.jsp. Upon login, it will go to http://myapp1.com/shoppingcart/browse.jsp.

myapp1.com will be created in the dns to point to my webserver. Backend is apache tomcat.

My webserver and tomcat are on the same server.

This is what i have done.

1.In my httpd.conf

Code:

Listen 80

Listen 443
SSL Engine on
SSLCertificateFile C:..
SSLCertificateKeyFile C:..

2. in my mod_jk.conf

Code:

LoadModule jk_module modules/mod_jk.so
jkMount /* loadbalancer
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule ^/?(shopping.jsp$ https://localhost/shoppingcart/$1) [R,L,PT]
</IfModule>
JkMount /status/* status

With the above, i can access https://myapp1.com/shoppingcart/browse.jsp and https://myapp1.com/shoppingcart/shopping.jsp

When I change to http://myapp1.com/shoppingcart/browse.jsp or shopping.jsp l get HTTP 400 bad request.