Difference between revisions of "FAQ:Self Service Redirect to HTTPS"

From support-works
Jump to navigation Jump to search
Line 14: Line 14:
 
You will need to edit the file in ..\Hornbill\Core Services\Apache\conf\cs\core\501_vhosts.conf.
 
You will need to edit the file in ..\Hornbill\Core Services\Apache\conf\cs\core\501_vhosts.conf.
  
Initially you may be tempted to use the following:
+
This is the default 501_vhosts file:
  
 
<pre>
 
<pre>
<VirtualHost _default_:80>
+
 
RewriteEngine On
+
<VirtualHost _default_:443>
RewriteRule (.*/webclient/) https://<servername>/sw/webclient
+
    SSLEngine on
RewriteRule (.*/selfservice/) https://<servername>/sw/selfservice
+
SSLProtocol all -SSLv2 -SSLv3 
Include "conf/cs/apps/*.conf"
+
SSLCipherSuite !RC4-SHA:HIGH:!ADH:!AECDH
 +
SSLHonorCipherOrder On
 +
    SSLCertificateFile "conf/cs/ssl/server.crt"
 +
    SSLCertificateKeyFile "conf/cs/ssl/server.key"
 +
    <FilesMatch "\.(cgi|shtml|phtml|php|phar)$">
 +
        SSLOptions +StdEnvVars
 +
    </FilesMatch>
 +
 
 +
    BrowserMatch ".*MSIE.*" ssl-unclean-shutdown
 +
 
 +
    CustomLog "logs/ssl_request.log" \
 +
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 +
 
 +
    #RewriteEngine on
 +
    ## Only allow access from non-routable IP addresses.
 +
    #RewriteCond %{REMOTE_ADDR} !^(127|10|192\.168|172\.(1[6-9]|2[0-9]|3[0-1]))\.
 +
    #RewriteRule .* - [F]
 +
 
 +
    Include "conf/cs/apps/*.conf"
 
</VirtualHost>
 
</VirtualHost>
 
</pre>
 
</pre>
  
In actual fact the best option is to use this as it takes out the requirement for having fixed paths:
+
Change it to the following:
  
 
<pre>
 
<pre>
<VirtualHost _default_:80>
+
 
RewriteEngine On
+
<VirtualHost _default_:443>
RewriteCond %{HTTPS} off
+
    SSLEngine on
RewriteRule (.*/webclient/) https://%{HTTP_HOST}:443%{REQUEST_URI}
+
SSLProtocol all -SSLv2 -SSLv3 
RewriteRule (.*/selfservice/) https://%{HTTP_HOST}:443%{REQUEST_URI}
+
SSLCipherSuite !RC4-SHA:HIGH:!ADH:!AECDH
Include "conf/cs/apps/*.conf"
+
SSLHonorCipherOrder On
 +
    SSLCertificateFile "conf/cs/ssl/NEWCERTIFICATE.crt"
 +
    SSLCertificateKeyFile "conf/cs/ssl/NEWKEY.key"
 +
    <FilesMatch "\.(cgi|shtml|phtml|php|phar)$">
 +
        SSLOptions +StdEnvVars
 +
    </FilesMatch>
 +
 
 +
    BrowserMatch ".*MSIE.*" ssl-unclean-shutdown
 +
 
 +
    CustomLog "logs/ssl_request.log" \
 +
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 +
 
 +
    #RewriteEngine on
 +
    ## Only allow access from non-routable IP addresses.
 +
    #RewriteCond %{REMOTE_ADDR} !^(127|10|192\.168|172\.(1[6-9]|2[0-9]|3[0-1]))\.
 +
    #RewriteRule .* - [F]
 +
 
 +
    Include "conf/cs/apps/*.conf"
 
</VirtualHost>
 
</VirtualHost>
 
</pre>
 
</pre>

Revision as of 09:53, 26 June 2018



Status: Published
Version: 1.0
Authors: Hornbill Support
Applies to: Supportworks ITSM 4.x

If you prefer you could re-direct http to https for Self service. This could also be applied to the web client. You will need to edit the file in ..\Hornbill\Core Services\Apache\conf\cs\core\501_vhosts.conf.

This is the default 501_vhosts file:

<VirtualHost _default_:443>
    SSLEngine on
	SSLProtocol all -SSLv2 -SSLv3  
	SSLCipherSuite !RC4-SHA:HIGH:!ADH:!AECDH
	SSLHonorCipherOrder On
    SSLCertificateFile "conf/cs/ssl/server.crt"
    SSLCertificateKeyFile "conf/cs/ssl/server.key"
    <FilesMatch "\.(cgi|shtml|phtml|php|phar)$">
        SSLOptions +StdEnvVars
    </FilesMatch>

    BrowserMatch ".*MSIE.*" ssl-unclean-shutdown

    CustomLog "logs/ssl_request.log" \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

    #RewriteEngine on
    ## Only allow access from non-routable IP addresses.
    #RewriteCond %{REMOTE_ADDR} !^(127|10|192\.168|172\.(1[6-9]|2[0-9]|3[0-1]))\.
    #RewriteRule .* - [F] 

    Include "conf/cs/apps/*.conf"
</VirtualHost>

Change it to the following:

<VirtualHost _default_:443>
    SSLEngine on
	SSLProtocol all -SSLv2 -SSLv3  
	SSLCipherSuite !RC4-SHA:HIGH:!ADH:!AECDH
	SSLHonorCipherOrder On
    SSLCertificateFile "conf/cs/ssl/NEWCERTIFICATE.crt"
    SSLCertificateKeyFile "conf/cs/ssl/NEWKEY.key"
    <FilesMatch "\.(cgi|shtml|phtml|php|phar)$">
        SSLOptions +StdEnvVars
    </FilesMatch>

    BrowserMatch ".*MSIE.*" ssl-unclean-shutdown

    CustomLog "logs/ssl_request.log" \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

    #RewriteEngine on
    ## Only allow access from non-routable IP addresses.
    #RewriteCond %{REMOTE_ADDR} !^(127|10|192\.168|172\.(1[6-9]|2[0-9]|3[0-1]))\.
    #RewriteRule .* - [F] 

    Include "conf/cs/apps/*.conf"
</VirtualHost>