3.1 Is leaving the action properties as http when setting up a blank rule for URL Rewrite in IIS a security issue?
Default Subject
Question
Is it a security issue leaving HTTP:// as the Action Property for Tomcat on my IIS server for RecTrac?
- Open Microsoft Internet Information Services Manager on your RecTrac server.
- Highlight the topmost node, which is your server name.
- Double-click URL Rewrite in the center panel.
- Highlight VSI AIA TRAFFIC in the center panel.
- Click Edit... in the right-side Actions panel.
- Scroll down to the Action area and Action Properties option.
Answer
No, this is not a security issue. We don't change this setting to https because we do not communicate to tomcat on port 443. We communicate to tomcat on port 8085 the traffic comes into IIS encrypted. It is then decrypted on the server, passed to tomcat decrypted (again only on this server) and then is re-encrypted and sent back out.