ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Convert HTTP to HTTPS requests using Secure Proxy Server


Article ID: 41280


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



Secure Proxy Server configurations that converts all HTTP to HTTPS requests.

Note:  This kb article describes how to add a general rule so that if a client sends in any HTTP:// request then the SPS/Ag will redirect them via a 302 response to the HTTPS:// version of the page. 

eg., : 

#client sends request, and gets 302 redirect
client ->         ->  Secure Proxy Server /Access Gateway  
client <- 302 redirect to 

# client then makes request on https:// 
client  ->       ->  Secure Proxy Server /Access Gateway  

The HTTP request does not get to be processed, only the HTTPS requests are processed.   

I've mentioned this since from one case, there was some confusion that mod_header/mod_rewrite were rewriting the headers and passing them onto the backend. 


How to convert all HTTP requests intercepted by SPS, to HTTPS requests?



Policy Server: R12.52 SP1 CR1

Secure Proxy Server: R12.52 SP1 CR1



== OPTION 1 ==

Using Apache mod_rewrite module to detect any HTTP request and send a redirect to the client to come back via the HTTPS interface. 

Update httpd.conf with the following:

LoadModule rewrite_module modules/

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}

== OPTION 2 ==

Using SPS proxy rules via cond to test against the HTTP host name and port and send a redirect to the client to come back via the HTTPS interface. 

Update the proxyrules.xml with the following:


 <nete:cond type="host" criteria="equals"> 

<nete:case value=""> 


<nete:case value=""> 








== OPTION 3 ==

If you have a large number of hosts where an entry per hostname is not feasible then we can use the pattern match facility to do a wildcard match via cond against the any host ending in :80 and then send a redirect to the client to come back via HTTPS URL. to give the same result for any hostname.

Update the proxyrules.xml with the following:


<nete:cond type="host" criteria="endswith"> 

<nete:case value=":80"> 


<nete:case value=":443"> 








To avoid getting into a loop, setup the default proxy rule case to forward request directly to backend server, instead of redirect back to SPS.


Component: SMSPS


Please Update This Required Field