|
Problem(Abstract) |
Steps for automatically forcing HTTP requests served by
WebSphere® Application Server to be redirect all non-secure requests
through a secure connection. This includes configuring IBM® HTTP Server or
Apache as part of a complete solution. |
|
|
|
Cause |
After enabling a WebSphere Application Server-hosted site
to support HTTPS (SSL-encrypted sites), you may wish to "turn off" non-SSL
requests, then redirect those requests through SSL. In other words, change
HTTP://xxx to
HTTPS://xxx. This allows user's old bookmarks to
stay valid, and prevents the need for links in existing web pages to
change. |
|
|
Resolving the
problem |
Using a Microsoft® Windows® example, redirection can be
configured with the following steps Unix® would be the same except for the
appropriate path and file name for the rewrite log):
- Add the following statements to your httpd.conf file:
RewriteEngine On
# handy for seeing what's going on when the web server tries to redirect
RewriteLog "C:/rwlog.txt"
RewriteLogLevel 1
# if the port's not 443 (ssl)...
RewriteCond %{SERVER_PORT} !^443$
#...redirect it to the same page but make it SSL
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
Note: This example redirects everything. It also possible to only redirect
certain requests by use of the <Directory> block or constructing a
more elaborate rewrite condition. See the Apache.org web site for details.
- In the WebSphere Application Server V3.5, V4.0 and V5.0 administrative
console:
- Remove all virtual hosts except those ending in ":443". Otherwise, the
Web server will forward the requests to WebSphere Application Server
before redirecting, allowing unencrypted requests.
- Regenerate the plug-in configuration file for the hosting
node(s).
- Stop and start the hosting application servers.
- Stop and start the Web server (Apache or IBM HTTP Server).
- Use a browser to access a resource and verify that an
"http://xxx" request resolves to
"https://xxx".
- If it does not work, view the rewrite log.
- If the rewrite log is empty, there may be a problem with your rewrite
condition.
- If the rewrite "to" destination is not a valid web address, there may
be a problem with your rewrite rule.
|
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
WebSphere Application Server |
Security |
|
|
|
|
|
|