I am working a Java project which is deployed in Bluemix. I want to block all http calls (which are coming from a iOS mobile application in my usecase) and only allow https calls.
How can this be configured and enforced in Bluemix?
Asked
Active
Viewed 476 times
0
-
Close the HTTP port, or don't start the connector on it. – user207421 Jun 17 '16 at 10:24
2 Answers
2
It is not possible to block http calls. You may want to consider handle it in your application code to route all HTTP traffic switch to HTTPS.
vmovva
- 681
- 3
- 19
1
There are a variety of ways to address this problem described on IBM's developer works page.
Quoting from the accepted answer there:
The Bluemix proxy server terminates the SSL and so all traffic will look like HTTP to your app. However, the proxy also adds a special HTTP header named $WSSC with a value of either http or https. Simply check this header and, if the value is set to http, then redirect to the https version of your page.
UPDATE: The X-Forwarded-Proto header is now set as well.
There is also another answer there that describes how to do it via server.xml rather than application logic if you're pushing a full package that includes a custom server.xml (or are willing to).
Moldova
- 1,641
- 10
- 13