Sean's i/o Stream

Musings-as-a-Service

Forwarding all ClearQuest Web HTTP to HTTPS by default

  • February 01, 2011
  •   category: ibm
  • tags: apache, clearquest, ibm, ibm-http-server, security, ssl

This question comes up all the time in the forums and used to be in the documentation but looks like we may have pulled it for whatever reason.

If you don’t want or don’t allow users to access CQ via http only then you don’t want to shut off http as that will cause way more confusion and will not end up helping you as the admin, trust me.

The better solution is to still listen for http on 80 as normal business but blindly forward all traffic to 443 so it goes over https. Of course this requires that you have setup https which I am not going to get into here. So enable the mod_rewrite module and I have included the relevant *80 and *443 virtual hosts.

...
LoadModule rewrite_module modules/mod_rewrite.so
...
<VirtualHost *:80>
 ServerName server.ratl.swg.usma.ibm.com
 RewriteEngine on
 
 # rewrite http => https, respond with a 301 response to signify permanently
 # moved to new address.
 RewriteCond %{SERVER_PORT} !^443$ [OR,NC]
 RewriteRule ^(.*)$ https://server.ratl.swg.usma.ibm.com$1 [R=301,L]
 
 RewriteLogLevel 0
 RewriteLog "C:/Program Files/IBM/RationalSDLC/common/IHS/logs/rewrite.log"
 
</VirtualHost>

LoadModule was_ap20_module modules/mod_was_ap20_http.dll
WebSpherePluginConfig "C:/PROGRA~1/IBM/RATION~1/common/eWAS/profiles/plugin-cfg.xml"

#
# Enable SSL for IHS
#

LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 0.0.0.0:443

<VirtualHost  _default_:443>
 ServerName server.ratl.swg.usma.ibm.com
 SSLEnable
 SSLClientAuth None
</VirtualHost>

SSLDisable
KeyFile "C:/Program Files/IBM/RationalSDLC/common/IHS/key.kdb"
SSLV2Timeout 100
SSLV3Timeout 1000

So basically defer anything that you want to do until the *443 virtual host and you will be serving https only!!

Update: 7-Feb-2011

Looks like there is an example of this in the CQ Infomation Center after all, and I prefer their solution, so I have updated the suggestion above.

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://<var class="keyword varname">CMServerHost</var>$1 [R]
Reference:
Back to Top