Description:

Customer has a single Apache web server instance listening on both the ports - 80(Normal port for HTTP requests) and 443(SSL Requests).

He wants to have separate SiteMinder policies to protect for HTTP requests and HTTPS requests.

For E.g.-
=======

Here are the resource URL's that are to be protected and left unprotected are as follows:

http://www.transpolar.com:80/ --------not protected
http://www.transpolar.com/protected:80/ * --------Protected
https://www.transpolar.com:443/ --------Protected

Release: Applicable to all the supported releases.
Component: SMIIS

Solution:

This functionality can be achieved using the ACO parameter - AgentName.

By Enabling AgentName, a different web agent name can be associated for the SSL Request URL's HTTPS:443 traffic and the normal HTTP request URLS:80 traffic.

To achieve this in the Agent Configuration Object (ACO) we can map the http requests on port 80 to one WebAgent name and the https requests on port 443 to another WebAgent name. This enables the SiteMinder policy for the http and https traffic to be specified separately.

For example:

AgentName='apache_agent,www.transpolar.com:80'
AgentName='apache_ssl_agent,www.transpolar.com:443'

Will map http traffic to use agent name 'apache_agent' and https traffic to use agent name 'apache_ssl_agent' and policy can then be specified separately for these two agents.

- Document reference:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/list-of-agent-configuration-parameters.html

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/basic-agent-setup-and-policy-server-connections.html#concept.dita_1b70dfbe64677b5f434832290afdffd7b2cbcffc_SettheAgentNameandDefaultAgentNameValues