堆栈内存溢出
  简体   繁体   English

仅在本地主机上禁用 https

[英]disable https on localhost only

 原文  2017-08-23 05:00:27       java/ tomcat/ jboss/ tomcat7

问题描述

I'm using tomcat 7 and I would like to disable SSL traffic origination from localhost only!我正在使用 tomcat 7,我只想禁用来自本地主机的 SSL 流量! and enable it for inbound traffic.并为入站流量启用它。

I have added the following config to web.xml and it's currently redirects traffic from http to https.我已将以下配置添加到web.xml ,它目前将流量从 http 重定向到 https。

<security-constraint>
    <web-resource-collection>
        <web-resource-name>app</web-resource-name>
        <url-pattern>/info</url-pattern>
    </web-resource-collection>
    <!-- OMIT auth-constraint -->
</security-constraint>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>app</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>Role</role-name>
    </auth-constraint>
</security-constraint>

I have a custom backup tool on my server that doesn't work with HTTPs therefore I'm looking to disable HTPPs on localhost.我的服务器上有一个自定义备份工具,它不适用于 HTTP,因此我希望在 localhost 上禁用 HTPP。

2 个解决方案

解决方案1
 2  2017-08-23 05:05:54

you can comment below line in your server.xml file.你可以在你的 server.xml 文件中评论下面的行。

<Connector port="8443" ... SSLEnabled="true" scheme="https" secure="true" sslProtocol="TLS" ... />

hope this will help !!希望这会有所帮助!

解决方案2
 0  2021-03-16 17:05:25

You can disable specific url just putting NONE on transport-guarantee tag, check Is security-constraint configuration for Tomcat mandatory?您可以禁用特定的 url,只需将 NONE 放在传输保证标签上,检查Tomcat 的安全约束配置是否是强制性的?

<security-constraint>
    <web-resource-collection>
        <web-resource-name>securedapp</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>securedapp</web-resource-name>
        <url-pattern>/info/*</url-pattern>
        <url-pattern>/info2/*</url-pattern>
        <url-pattern>/info3/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我的简单java HTTPS服务器仅适用于localhost - My simple java HTTPS server only works for localhost Spring Boot - 本地主机上的 HTTPS - Spring Boot - HTTPS on localhost 配置localhost https glassfish - configure localhost https glassfish 是否可以为https禁用ssl? - Is it possible to disable ssl for https? 如何为Tomcat禁用HTTPS - How to disable https for tomcat 使用servlet的localhost https java应用程序 - a localhost https java application with servlets 禁用Spring Security https重定向 - Disable spring security https redirecting 仅限本地主机的RMI? - Localhost-only RMI? 在JBoss 5(或Tomcat 5.5)中禁用&#39;localhost&#39;主机 - Disable 'localhost' host in JBoss 5 (or Tomcat 5.5) 在 FIPS 模式下禁用 HTTPS 证书验证 - Disable HTTPS Certificate Validation in FIPS mode
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM