Following is a detailed description of this problem and
how this configuration works:
- The request is made from client over SSL (HTTPS) on port 443.
- The hardware SSL accelerator intercepts the request made over port
443, and rewrites the request to the Web server using port 80 instead.
This request is not made over SSL.
- The WebSphere Application Server plugin on the Web server receives the
request. The plugin never knows that this request was originally made over
SSL (port 443) by the client.
- The plugin routes the request to an application server. Again, the
application server knows only that the request came over port 80.
- Any relative links or relative sendRedirect() calls build a URL using
port 80 (HTTP) and not 443 (HTTPS).
The solution with this configuration is to use:
- Absolute links, such as:
https: //myhost/myapp
- Absolute sendRedirects, such as:
response.sendRedirect ("https: //myhost/myapp))
Note: Line Item request #155 has been opened to request that
WebSphere Application Server be redesigned to support hardware SSL
accelerators with the use of relative links or relative sendRedirects.
This request might or might not be incorporated into a future release.
|