How to enforce RTC only by HTTPS, and disable HTTP access?
2 answers
It seems although jazz redirect all access to HTTPs, but the HTTP access is still valid to image, js and service invocation. Is there any approach to disable HTTP? I understand there might be different app server (tomcat, was), is there any centralized approach that jazz can provide?
any feedback?
I don't know if it's correct but: RTC is based on Tomcat and with this application server you can bind/disable the HTTP port from configuration.
If you want to use the HTTP port only from localhost/127.0.0.1 you can add "address" property in the server.xml as reported here: http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
In the HTTP section of connector add address="127.0.0.1" and the HTTP port respond only to local connections.
Hope this help