IBM Support

PI12201: APPLICATION IS REDIRECTED TO HTTPS PORT OF THE APPLICATON SERVER INSTEAD OF IHS SERVER PORT WHEN CONFIDENTIAL IS SET

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Application is redirected to https port of the applicaton
    server instead of IBM HTTP Server port when Confidential
    is set up.
    
    The application is configured with CONFIDENTIAL. The HTTP
    request is redirected to https port of the application server
    instead of redirected to the https port of the webserver.
    
    WebSphere Application Server Libery profile.
    Distributed operating systems.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server Liberty    *
    *                  Core users that also use an HTTP proxy.     *
    ****************************************************************
    * PROBLEM DESCRIPTION: It is not possible to redirect to a     *
    *                      secured port on a proxy server.         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Currently, there is no way to redirect a non-secure port to a
    secure port in Liberty profile when the target secure port is
    listening on a proxy server.  Here is an example of the
    failing use case:
    A user configures a proxy server inside IBM HTTP Server on a
    publically accessible host, called www.ibm.com. It listens on
    port 80 (http) and 443 (https).
    The user configures the proxy on www.ibm.com to forward
    requests to a Liberty application server on an internal host
    (i.e. behind a firewall) called myhost1.ibm.com that listens
    on ports 9080 (http) and 9443 (https).
    When an incoming HTTP request reaches the Liberty server, the
    server attempts to redirect it to the secured port.  It is
    unaware of the proxy server and its secure port (443) and
    instead sends an HTTP response back to client to try the
    request again, but on the Liberty profile secured port (9443) -
    but the client cannot reach the host listening on 9443 as it
    is behind the firewall.  Instead, the Liberty server ought to
    have responded back to the client to retry on port 443 on the
    www.ibm.com host, that the client can reach.
    

Problem conclusion

  • This fix introduces new configuration elements which allow
    the Liberty server to properly handle the redirection of ports
    when proxy servers are in use. By default any HTTP request
    that originates on port 80 will be redirected to port 443, as
    this is a very common scenario. Additional redirects can be
    configured as such:
    <httpProxyRedirect enabled="true" host="www.ibm.com"
                       httpPort="1234" httpsPort="2345"/>
    
    The previous line will enable port redirection from non-secure
    port 1234 to secure port 2345 when the proxy's host name is
    www.ibm.com.  Note that it is possible to use any proxy server
    by specifying host="*".
    
    The following configuration snipped would disable the default
    80->443 redirect:
    <httpProxyRedirect enabled="false" httpPort="80"
                       httpsPort="443"/>
    
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 8.5.5.3. Please refer to the Recommended Updates page
    for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI12201

  • Reported component name

    WAS LIBERTY COR

  • Reported component ID

    5725L2900

  • Reported release

    855

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2014-02-20

  • Closed date

    2014-06-20

  • Last modified date

    2014-06-20

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WAS LIBERTY COR

  • Fixed component ID

    5725L2900

Applicable component levels

  • R855 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"855","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
27 April 2022