Fixes are available
8.5.5.3: WebSphere Application Server V8.5.5 Fix Pack 3
8.5.5.4: WebSphere Application Server V8.5.5 Fix Pack 4
8.5.5.5: WebSphere Application Server V8.5.5 Fix Pack 5
8.5.5.6: WebSphere Application Server V8.5.5 Fix Pack 6
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
APAR status
Closed as program error.
Error description
Application is redirected to https port of the applicaton server instead of IBM HTTP Server port when Confidential is set up. The application is configured with CONFIDENTIAL. The HTTP request is redirected to https port of the application server instead of redirected to the https port of the webserver. WebSphere Application Server Libery profile. Distributed operating systems.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server Liberty * * Core users that also use an HTTP proxy. * **************************************************************** * PROBLEM DESCRIPTION: It is not possible to redirect to a * * secured port on a proxy server. * **************************************************************** * RECOMMENDATION: * **************************************************************** Currently, there is no way to redirect a non-secure port to a secure port in Liberty profile when the target secure port is listening on a proxy server. Here is an example of the failing use case: A user configures a proxy server inside IBM HTTP Server on a publically accessible host, called www.ibm.com. It listens on port 80 (http) and 443 (https). The user configures the proxy on www.ibm.com to forward requests to a Liberty application server on an internal host (i.e. behind a firewall) called myhost1.ibm.com that listens on ports 9080 (http) and 9443 (https). When an incoming HTTP request reaches the Liberty server, the server attempts to redirect it to the secured port. It is unaware of the proxy server and its secure port (443) and instead sends an HTTP response back to client to try the request again, but on the Liberty profile secured port (9443) - but the client cannot reach the host listening on 9443 as it is behind the firewall. Instead, the Liberty server ought to have responded back to the client to retry on port 443 on the www.ibm.com host, that the client can reach.
Problem conclusion
This fix introduces new configuration elements which allow the Liberty server to properly handle the redirection of ports when proxy servers are in use. By default any HTTP request that originates on port 80 will be redirected to port 443, as this is a very common scenario. Additional redirects can be configured as such: <httpProxyRedirect enabled="true" host="www.ibm.com" httpPort="1234" httpsPort="2345"/> The previous line will enable port redirection from non-secure port 1234 to secure port 2345 when the proxy's host name is www.ibm.com. Note that it is possible to use any proxy server by specifying host="*". The following configuration snipped would disable the default 80->443 redirect: <httpProxyRedirect enabled="false" httpPort="80" httpsPort="443"/> The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.3. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PI12201
Reported component name
WAS LIBERTY COR
Reported component ID
5725L2900
Reported release
855
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2014-02-20
Closed date
2014-06-20
Last modified date
2014-06-20
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WAS LIBERTY COR
Fixed component ID
5725L2900
Applicable component levels
R855 PSY
UP
Document Information
Modified date:
27 April 2022