2 Replies Latest reply: Dec 27, 2012 7:53 AM by Kalyan Pasupuleti-Oracle RSS

    Securing Admin console http to https

    981517
      Hi All

      Is there any other way (Not LADP) to secure the admin console. Like if we type the admin console http it will force to use https ...
        • 1. Re: Securing Admin console http to https
          896779
          I don't remember if we tried any redirection from http to https for admin console.

          If you would like to secure it, disable the admin server http server port and leave https port enabled. It helps the users to connect with https only.

          Thanks

          Lawrence Manickam
          http://toyork.blogspot.ca
          • 2. Re: Securing Admin console http to https
            Kalyan Pasupuleti-Oracle
            Hi,

            I dont think it is possible with single Weblogic server.

            We need to include any one of the Proxy server in between.


            Redirecting Http request to Https request eg with OHS.

            In httpd.conf, add the following lines replacing 7778 with the http listen port:

            RewriteEngine On
            RewriteCond %{SERVER_PORT} 7778
            RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [R,L]

            Things to keep in mind when implementing this solution:

            1. The the ServerName directive is what %{SERVER_NAME} is replaced with so these directives need to be put within a VirtualHost block or the server name needs to be hard coded if the default ServerName is not desired

            2. If WebCache or any other front end director is used, the rewrite condition will want to match the incoming port. For example, if the OHS is listening on 7778 but WebCache is answering the request on port 80, then the rewrite condition should be:

            RewriteCond %{SERVER_PORT} 7778

            3. The RewriteCond directive is set to a specific port, in this case 7778, so that an infinite loop is avoided if the rules are inherited in the ssl virtual host

            4. The rewrite rule should be added last as the L tells OHS to process no further rules

            5. When using this with Portal, Portal must be configured to use SSL prior to the change

            *** Most important to keep in mind, not every situation will fit for this note. For specific situations, the perl.com website (http://perldoc.perl.org/perlre.html) provides information about Regular Expressions that can be used with Apache.



            regards,
            Kal