Separate policies for protecting the HTTPS from HTTP requests in 1 Web Agent
search cancel

Separate policies for protecting the HTTPS from HTTP requests in 1 Web Agent

book

Article ID: 51244

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign-On CA Single Sign On Agents (SiteMinder) SITEMINDER

Issue/Introduction


Running a single Apache Web Server instance with a Web Agent listening on both the ports:

  • 80 (Normal port for HTTP requests);
  • 443 (SSL Requests).

How to have separate SiteMinder policies to protect for HTTP requests and HTTPS requests?

To illustrate

Here are the resource URL's that are to be protected and left unprotected are as follows:

http://www.example.com:80/           not protected
http://www.example.com/protected:80/ Protected
https://www.example.com:443/         Protected

 

Resolution


This functionality can be achieved using the AgentName ACO parameter (1).

By Enabling the AgentName ACO parameter, a different Web Agent Name can be associated for the SSL Request URL's HTTPS:443 traffic and the normal HTTP request URLS:80 traffic.

To achieve this in the Agent Configuration Object (ACO), map the HTTP requests on port 80 to one Web Agent Name and the HTTPS requests on port 443 to another Web Agent Name.

This enables the SiteMinder policy for the HTTP and HTTPS traffic to be specified separately.

As sample of this ACO configuration:

AgentName='<apache_agent>,www.example.com:80'
AgentName='<apache_ssl_agent>,www.example.com:443'

That configuration will map the HTTP traffic to use the AgentName '<apache_agent>' and HTTPS traffic to use the AgentName '<apache_ssl_agent>' and policy can then be specified separately for these two Web Agents.

 

Additional Information

Powered by Wolken Software