Confluence Docs 3.0 : How do I use HTTPS for login only?
This page last changed on May 16, 2008 by jfleming.
Instructions for enforcing the use of HTTPS for the login page, but falling back to HTTP for all other pages: Once you have SSL working on tomcat, you need to make use of the urlrewrite plugin that's included by default with Confluence. <filter-mapping> <filter-name>UrlRewriteFilter</filter-name> <url-pattern>/s/*</url-pattern> </filter-mapping> to this: <filter-mapping> <filter-name>UrlRewriteFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> The next step is to edit urlrewrite.xml to read like this, changing the hostname and port number to suit your own installation: <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 2.6//EN" "http://tuckey.org/res/dtds/urlrewrite2.6.dtd"> <urlrewrite> <rule> <from>^/s/(.*)/_/([^\?]*).*</from> <run class="com.atlassian.plugin.servlet.ResourceDownloadUtils" method="addCachingHeaders" /> <to type="forward">/$2</to> </rule> <rule> <from>^/login.action</from> <condition type="scheme" operator="notequal">https</condition> <to type="redirect">https://localhost:8443/login.action</to> </rule> <rule> <from>^/(.*)</from> <condition type="scheme" operator="equal">https</condition> <condition type="request-uri" operator="notequal">/login.action.*</condition> <condition type="request-uri" operator="notequal">/s/.*</condition> <to type="redirect">http://localhost:8080/$1</to> </rule> </urlrewrite> |
![]() |
Document generated by Confluence on Nov 05, 2009 23:34 |