Cannot force HTTPS over HTTP

 
Author
Message
SysAider
13
 
We have enabled SSL on our sysaid server, as we are planning to open the server up to networks outside of our company network. This way we can use the mobile app and push notifications.

But before we open the server, we want to force the usage of HTTPS, so only secure connections are allowed.

Our http port is 9090 and our https port is 8443.

Current situation in the server.xml file is:


What should I change to this piece of code so HTTP doesn't work and automatically redirects to https?

Thanks in advance!
SysAider
9
 
Did you get any feedback, we are also struggling with the same.
SysAid Wiz
1250
 
In order to setup SSL redirection, please edit the file ...\SysAidServer\tomcat\conf\web.xml and add the following lines before the </web-app> line (break a new line above it):
<security-constraint>
<web-resource-collection>
<web-resource-name>Security page</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>


*** If you want your assets to report in http and not in https please use the following instead:

<security-constraint>
<web-resource-collection>
<web-resource-name>Security page</web-resource-name>
<url-pattern>/Login.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>



Note: This file may be overwritten on future upgrades, so keep a copy of the file once you have it setup correctly.
SysAider
9
 
I have tried this from the knowledge base (https://helpdesk.sysaid.com/KBFAQTree.jsp?menuFlag=ssp¬AddingIndexJSP=true#346) but I couldn't get it to work.