Menu

Sunday, 11 April 2021

Redirection HTTP to HTTPS on JBoss EAP 7.2

Environment: Linux 7 & JBoss 7.2

Note: Take backup of JBoss /configuration directives.

1. Locate to standalone.xml file & check for undertow subsystem.


2. Add http-to-https on host-name  tagwith corresponded to filters tag rewrite rule (e.g from port 8084/8081 to 8443) along with https.

<!-- hostname configurations -->

  <host name="default-host" alias="localhost">

                 <filter-ref name="http-to-https" predicate="equals(%p,8084) or equals(%p,8081)"/>

  </host>


<!-- reference filters configurations -->

 <filters>

             <rewrite name="http-to-https" target="https://www.test.int:8443%U" redirect="true"/>

</filters>



3. Check for below highlighted configuration.


****************************************************************

        <subsystem xmlns="urn:jboss:domain:undertow:7.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other">

            <buffer-cache name="default"/>

            <server name="default-server">

                <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>

                <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>

                <host name="default-host" alias="localhost">

                   <filter-ref name="http-to-https" predicate="equals(%p,8084) or equals(%p,8081)"/>

                   <filter-ref name="host-checker"/>

                  <http-invoker security-realm="ApplicationRealm"/>

                </host>

            </server>

            <servlet-container name="default">

                <jsp-config x-powered-by="false"/>

                <session-cookie http-only="true" secure="true"/>

                <websockets/>

            </servlet-container>

            <filters>

            <rewrite name="http-to-https" target="https://www.test.int:8443%U" redirect="true"/>

                <expression-filter name="host-checker" expression="not(equals(%{i,HOST}, www.test.int:8443)) -> response-code(403)"/>

          </filters>

        </subsystem>

****************************************************************


4. Restart the JBoss server JVM.


5. To test the host-Header injection using curl command, https:// must be thown in output.

command:

curl -I http://www.test.int:8084/calendar


Thanks :-)


No comments:

Post a Comment