0 Replies Latest reply: Sep 26, 2013 11:32 AM by martin_smith RSS

    OHS VirtualHost only SSL - redirect to equivalent of IIS HTTP Error 403.4 - Forbidden: SSL is required to view this resource

    martin_smith

      Hi,

       

      I'm completely new to OHS and have been asked to ensure that a URL that goes to OHS should only be accessible on HTTPS, if accessed by HTTP it should go to the equivalent of IISs

      HTTP Error 403.4 - Forbidden: SSL is required to view this resource.

       

      As OHS is the frontend to our SOA installation we have specific files under /moduleconf/ for the virtualhosts, an example of one is below. 

       

      Can anyone give me any clues/best practice to only allow this VirtualHost to be allowed on HTTPS/SSL and to not redirect non SSL to SSL but to an error page like the equivalent mentioned above.

       

      Any guidance would be greatly appreciated.  Many thanks

       

       

      <VirtualHost *:443>

        ServerName testhub.example.com:443

        RewriteEngine On

        RewriteOptions inherit

        RewriteRule ^$ /osb/hub.asmx [NC,P]

        RewriteRule ^/$ /osb/hub.asmx [NC,P]

        RewriteRule ^/hub\.asmx$ /osb/hub.asmx [NC,P]

       

       

      <Location /sbinspection.wsil >

        SetHandler weblogic-handler

        WebLogicCluster OSB1:8011,OSB2:8011

      </Location>

      <Location /sbresource >

        SetHandler weblogic-handler

        WebLogicCluster OSB1:8011,OSB2:8011

      </Location>

      <Location /osb >

        SetHandler weblogic-handler

        WebLogicCluster OSB1:8011,OSB2:8011

      </Location>

      <Location /alsb >

        SetHandler weblogic-handler

        WebLogicCluster OSB1:8011,OSB2:8011

      </Location>

       

       

      <IfModule ossl_module>

        SSLEngine on

        SSLProtocol nzos_Version_1_0 nzos_Version_3_0_With_2_0_Hello nzos_Version_3_0

        SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AE

      S_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA

        SSLVerifyClient none

        SSLWallet  "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/host"

        SSLProxyEngine On

        SSLProxyWallet  "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/host"

        SSLCRLCheck Off

      </IfModule>

      </VirtualHost>