How to enforce only HTTPS Virtual Services
Article ID: 134636
Updated On:
Products
Issue/Introduction
How to enforce only HTTPS Virtual Services that use SSL and prevent any HTTP Virtual Services from being deployed.
This is a requirement when moving to a cloud infrastructure.
Environment
All supported DevTest releases.
Cause
N/A
Resolution
There is not a direct way to enforce only HTTPS Virtual Services.
But it is possible to identify HTTP Virtual Services and remove these either manually or by way of a script.
The HTTP/S listen step of a Virtual Service can be configured either with 'Use SSL to client' ticked or not.
If SSL is not enabled, then the resulting .vsm file will have the following tag in the listen step:
<useSSL>false</useSSL>
In the Portal an HTTP VS will show in the 'Resource/Type' column as:
8080:http:...
An HTTPS VS will show as:
8080:https:...
Some different ways to enforce HTTPS might be:
1) Check the Portal for entries with http in the 'Resource/Type column. Either do this manually or use the API or the VSEManager command.
For example see the output of the VSEManager status command in the documentation:
Refer to section "VSE Manager Command - Manage Virtual Service Environments" in the documentation of the DevTest release you are running.
2) Check the folder vseDeploy. Each VS will create a .mar file when deployed. Unzip the .mar and scan the .vsm for the following string:
<useSSL>false</useSSL>
3) Check the folder lisatmp_xx.x.x/lads folder. Each VS will have a subfolder with the .vsm that was deployed.
Scan the .vsm files for the following string:
<useSSL>false</useSSL>
Additional Information
NOTE: When you configure a VS as HTTPS make sure no other VS's are running on same port with HTTP.
Feedback
