Cannot force HTTPS over HTTP

  • 16 May 2019
  • 3 replies
  • 284 views
M
Rank
We have enabled SSL on our sysaid server, as we are planning to open the server up to networks outside of our company network. This way we can use the mobile app and push notifications.

But before we open the server, we want to force the usage of HTTPS, so only secure connections are allowed.

Our http port is 9090 and our https port is 8443.

Current situation in the server.xml file is:

<Connector port="9090" URIEncoding="UTF-8" redirectPort="8443" connectionTimeout="20000" protocol="HTTP/1.1"/>

<!-- A "Connector" using the shared thread pool-->


<!--<Connector executor="tomcatThreadPool"port="9090" protocol="HTTP/1.1"connectionTimeout="20000"redirectPort="8443" /> -->


<!-- Define a SSL HTTP/1.1 Connector on port 8443This connector uses the BIO implementation that requires the JSSEstyle configuration. When using the APR/native implementation, theOpenSSL style configuration is required as described in the APR/nativedocumentation -->


<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" keystorePass="A0zPmlksfd1234879*(" keystoreType="PKCS12" keystoreFile="C:\Program Files\SysAidServer\martens-wildcard.pfx" sslProtocol="TLS" clientAuth="false" secure="true" scheme="https" SSLEnabled="true" maxThreads="150"/>

<!-- Define an AJP 1.3 Connector on port 8009 -->


<Connector port="8009" redirectPort="8443" protocol="AJP/1.3"/>

What should I change to this piece of code so HTTP doesn't work and automatically redirects to https?

Thanks in advance!

3 replies

UniLim
Rank
Badge
Did you get any feedback, we are also struggling with the same.
Karlson
Rank
Userlevel 4
Badge +3
In order to setup SSL redirection, please edit the file ...\SysAidServer\tomcat\conf\web.xml and add the following lines before the </web-app> line (break a new line above it):
<security-constraint>
<web-resource-collection>
<web-resource-name>Security page</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>


*** If you want your assets to report in http and not in https please use the following instead:

<security-constraint>
<web-resource-collection>
<web-resource-name>Security page</web-resource-name>
<url-pattern>/Login.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>



Note: This file may be overwritten on future upgrades, so keep a copy of the file once you have it setup correctly.
UniLim
Rank
Badge
I have tried this from the knowledge base (https://helpdesk.sysaid.com/KBFAQTree.jsp?menuFlag=ssp¬AddingIndexJSP=true#346) but I couldn't get it to work.

Reply


Terms & ConditionsCookie settings