search cancel

Configure Tomcat to redirect all HTTP requests to HTTPS for Enforce UI

book

Article ID: 162130

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

When a user enters the URL for the Enforce UI as a non-secure HTTP request (i.e.  http://localhost), an error page is displayed.

Unable to connect / This page can't be displayed.

Cause

The Enforce Console's tomcat webserver is configured to only accept HTTPS requests.  Any non-secure HTTP request will not be redirected.  By default the tomcat webserver is not configured to redirect HTTP requests to HTTPS.

Resolution

  1. Go to SymantecDLP\Protect\tomcat\conf directory
  2. Edit the file server.xml
  3. Add the following above the first <connector> entry:

    <!-- Define a non-SSL HTTP/1.1 Connector on port 80 -->  
    <Connector URIEncoding="UTF-8" port="80" acceptCount="100" enableLookups="false" maxThreads="150" redirectPort="443" />

  4. Save the server.xml file.
  5. Edit the web.xml file in the same directory
  6. Scroll to the bottom of the file and add the following just above the </web-app> entry:

    <!-- Force HTTPS, required for HTTP redirect! -->
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Protected Context</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
     
    <!-- auth-constraint goes here if you require authentication -->
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>

  7. Save the web.xml file
  8. Restart Vontu Manager service for these changes to take effect

If you receive the "unsupported browser" message after restarting the service and logging into Enforce, please be sure to edit SymantecDLP\Protect\config\Manager.properties.  Change the line to reflect as shown below and restart Vontu Manager again:
 
# Used for toggling the ability to enter Unsupported Browsers (i.e Chrome / Safari)
com.vontu.manager.unsupported_browser_authentication = true
 
(NOTE: If these steps are performed on a Linux system, please be sure to review the IP Tables configuration to confirm proper port redirects.  Additional reference is available under TECH219669.)

Permissions ​should also be verified per TECH220983