Redirect HTTP to HTTPS requests for Operator Console
search cancel

Redirect HTTP to HTTPS requests for Operator Console

book

Article ID: 375091

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

I need to disable HTTP on the Operator Console and only allow HTTPS.  I have configured the certificates for HTTPS and it works fine but HTTP is still accessible. How can I disable HTTP or redirect to HTTPS?

Environment

Operator Console / wasp probe - any version

Resolution

The steps are as follows:

  1. Navigate to the folder <UIM_HOME>/Nimsoft/probes/service/wasp/webapps/ on the Operator Console server
  2. In here you will see several subfolders representing the webapps, like operatorconsole_portlet, accountadmin, dashboard, etc.
  3. for EACH of these webapps you will need to go into that subfolder and locate the file: /<webapp name>/WEB-INF/web.xml
  4. Locate the following content:
    <security-constraint>     
        <web-resource-collection>                   
            <web-resource-name>un restricted methods</web-resource-name>                        
            <url-pattern>/*</url-pattern>          
        </web-resource-collection>          
        <user-data-constraint>                 
            <transport-guarantee>NONE</transport-guarantee>          
        </user-data-constraint> 
    </security-constraint>
  5. Replace "NONE" in the above with "CONFIDENTIAL" so that it looks like:

    <transport-guarantee>CONFIDENTIAL</transport-guarantee>        

  6. Save all the web.xml files with these changes.
  7. Next you must access the wasp.cfg (for example using Raw Configure or edit the file itself)
  8. locate the <http_connector> section which is inside the <setup> section
  9. add the following key/value pair:
    redirectPort = <desired port>
  10. Save the configuration and restart the wasp probe.

Note: in most cases the redirectPort value will be 443 but this may be set to a nonstandard port. It must match the actual HTTPS port you are using, defined by the setting for https_port which is set in wasp.cfg.

 

Important Notes

Once you have made the changes to the web.xml files HTTP will be disabled even if you remove the redirectPort and you will have to undo the changes.  You cannot have both HTTP and HTTPS enabled with the redirect in place.  HTTP will be totally disabled.

If you need HTTP and HTTPS to be available then you must leave the web.xml files alone and do not enable this redirect, and end users will have the option to choose either one.

More information about this and enabling HTTPS in general for Admin Console and Operator Console can be found here.

Admin Console does not support this functionality.

For Admin Console, the only option is to remove the "http_port" key from wasp.cfg so that only the HTTPS port will be available.  Users navigating to the HTTP URL will receive a "Page Not Found" error.

Additional Information

Tips

In Windows, you can do a search for "web.xml" from the webapps folder to display all of them at once (go to View->Details in the File Explorer to see the paths as shown below):

If you have the Notepad++ text editor, you can highlight all of these and select "Edit in Notepad++" to open them at once.

Then search-and-replace <transport-guarantee>NONE</transport-guarantee>       and replace with <transport-guarantee>CONFIDENTIAL</transport-guarantee>       across all of them at once.

 

 

 

In Linux, you can do the following:

  1. Enter the webapps folder, e.g.  cd /opt/nimsoft/probes/service/wasp/webapps/
  2. Run the following command which will make a backup copy of every web.xml file called web.xml.bak:
    find . -type f -path '*/WEB-INF/web.xml' -exec cp {} {}.bak \;

  3. Now run the following command which will automatically make the above change to every web.xml file:
    find . -type f -path '*/WEB-INF/web.xml' -exec sed -i 's/<transport-guarantee>NONE<\/transport-guarantee>/<transport-guarantee>CONFIDENTIAL<\/transport-guarantee>/' {} \;

 

 

Powered by Wolken Software