CA Service Management

  • Private Community

  • 1.  disabling http and leaving only https

    Posted Jul 12, 2015 11:39 PM

    I have installed an IIS certificate and exported it as a pfx file for tomcat and can freely browse using either http or https and add attaschments using https.  I know want to only allow users to use the https address.  What have others done to create re direction from a http address to https or simple not allow users to use the http address other than on the physical server.



  • 2.  Re: disabling http and leaving only https

    Posted Jul 13, 2015 04:14 AM

    How about trying the IIS redirect? This should redirect all HTTP connections to the HTTPS.



  • 3.  Re: disabling http and leaving only https

    Posted Jul 14, 2015 09:57 PM

    I found that re directing it to a URL on the same box didn't work. Worked great if the URL was on another box.



  • 4.  Re: disabling http and leaving only https

    Broadcom Employee
    Posted Jul 13, 2015 09:57 AM

    Gizmo1969,

     

    For Tomcat – you can modify the HTTP Connector to use an address binding to restriction access to specific IPs.

     

    Example -       put appropriate IP Address restrictions there too.

     

    That should close out HTTP for un-needed hosts.

     

    _R



  • 5.  Re: disabling http and leaving only https

    Posted Jul 14, 2015 10:02 PM

    Won't that just disable it altogether. I was hoping that I could get any http requests re directed to the https address.



  • 6.  Re: disabling http and leaving only https

    Posted Jul 14, 2015 11:32 PM

    I suspect you may need to set up a DNS alias and an IIS redirect and also stop Tomcat listening on 8080 to get the complete solution.  The end result being as follows:

     

    - analyst enters a URL such as 'http://myservicedesk'

    - DNS sends to IIS on 'the real host'

    - IIS redirects to 'https://therealhost.myorg.com:8443'

    - if anyone tries 'http://therealhost.myorg.com:8080', they get a 'not found' error.



  • 7.  Re: disabling http and leaving only https

    Broadcom Employee
    Posted Jul 17, 2015 03:31 PM

    For Tomcat you should be able to leverage the "redirectPort" line in the tomcat server.xml file, and then make a change to the web.xml to complete the change.

     

    Browse to:

     

    Service Desk Manager\bopcfg\www\CATALINA_BASE\conf

     

    Edit the server.xml and find the section:

     

        <Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>

     

    Verify that the "redirectPort" is pointing to your Tomcat SSL port

    Save and close the file

     

    In Service Desk Manager\bopcfg\www\CATALINA_BASE\conf open the web.xml file, at the bottom, right before the final </web-app> at the bottom, paste above it:


    <security-constraint>

        <web-resource-collection>

            <web-resource-name>App_nmae</web-resource-name>

            <url-pattern>/*</url-pattern>

            <http-method>GET</http-method>

            <http-method>POST</http-method>

        </web-resource-collection>

     

     

        <user-data-constraint>

            <transport-guarantee>CONFIDENTIAL</transport-guarantee>

        </user-data-constraint>

    </security-constraint>

     

     

    Restart Tomcat, and then try to access ServiceDesk over the Tomcat port at 8080, it should auto route you to the Tomcat SSL port specified.