Force SSL Web Server Hack

I've finally gotten around to upgrading my personal website from Sun Java System Web Server 6.1 to 7.0 - as well as a refresh of JSPWiki

As I have been doing the migration, one of the things I ran across was a method I have for forcing a URLs to the SSL/HTTPS port of the web server. For example, I have a WebMail application installed that I occasionally use. The web server is configured to serve both Plain HTTP and SSL HTTP requests. But in this case I don't want to be able to access the WebMail application over plain HTTP. How do I force SJSWS to redirect any plain HTTP requests to the SSL? Its really pretty easy.

This works for both 6.1 and 7.0. All you really do is edit the obj.conf (or with 7.0, it might be node-obj.conf) and add a Client tag to the beginning of the "default" Object of the form: 

<Client match="all" security="false">
NameTrans fn="redirect" from="/webmail" url-prefix="https://server.org/webmail"
NameTrans fn="redirect" from="/webmail/*" url-prefix="https://server.org/webmail/"
</Client>

What this is saying is, for any request that is over plain HTTP (security="false") evaluate, the included NameTrans parameters. In this case, any request starting with webmail will be redirected to the SSL port.

The Client tag can perform much more complex evaluations. For example, one thing that can be handy is to limit the evaluation of the inner directives to a specific virtual host. To do that, Simply add a urlhost attribute: 

<Client match="all" security="false" urlhost="server.org">
NameTrans fn="redirect" from="/webmail" url-prefix="https://server.org/webmail"
NameTrans fn="redirect" from="/webmail/*" url-prefix="https://server.org/webmail/"
</Client>

Posted on: Nov 23, 2006

Posted by: mock

Category: Sun

Tags: none

Permanent link to this entry

Comments:

When I try this, and reload config files, I am using iplanet 6.1, it errors reloading the obj.conf file saying: [https-XXXX]: failure (22792): CORE3185: Invalid configuration: File /opt/SUNWwbsvr/https-XXXX/config/server.xml, line 22, column 92: HTTP3258: Error processing obj.conf line 5: HTTP2215: directive outside object [https-XXXX]: failure (22792): CORE3279: New configuration not installed

Posted by kneeL on December 18, 2006 at 11:52 AM PST #

Whoops, nevermind! I hadn't realized it needed to be added WITHIN the <Object name="default"> </Object> tags themselves :P Works great! Nice tip. I looked all over and couldn't find anything on doing this, this came up a few pages in on google :) Thanks again -Neil

Posted by kneeL on December 18, 2006 at 01:39 PM PST #

The redirect you present here has been very helpful. Thank You I have been struggling with how to get certain redirects to work in Iplanet 6.1. For example I have a need to: Redirect http://domain1.com to http://www.domain1.com Redirect http://domain1.com/some/path to http://www.domain1.com/some/path Your example helped with this. But now I am trying to figure out how I can do Redirect http://domain2.com to http://www.domian2.com/fixed/path Redirect http://domain2.com/some/path to http://www.domain2.com/some/path I am having trouble trying to find out how you used “match” in the client tag. What else can I use in the client tag and is there any way to use regular expressions in the obj.conf/client tag? Thanks In Advance – Robert

Posted by Robert on December 26, 2006 at 03:42 PM PST #

tyty

Posted by ttyty on June 24, 2007 at 09:54 AM PDT #

are you my uncle in n.y. ?

Posted by Robert E. Mocker on March 30, 2008 at 02:46 PM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed

This blog copyright 2009 by mock