000022989 - How to protect only HTTPS request with RSA Authentication Agent 5.3 for Web (Apache)

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022989
Applies ToRSA Authentication Agent 5.3 for Web (Apache)
IssueHow to protect only HTTPS request with RSA Authentication Agent 5.3 for Web (Apache)
How to unprotect HTTP request made on port 80 when using RSA Authentication Agent 5.3 for Web (Apache)
HTTP request (port 80) automatically redirected to port 443 (HTTPS)
Unable to create two different web sites (one protected, the other not) when accessing the same URL over HTTP and HTTPS
CauseAll requests to port 80 are automatically redirected to port 443, forcing RSA SecurID authentication. This is due to the fact that there is only one virtual server configured, and by default, the root (/) of the server is protected.
ResolutionFollow the steps below for all HTTP requests to be made to the standard port 80 and handled without RSA SecurID authentication. This will also cause all HTTPS requests (port 443) to be secured with SecurID authentication.

A. Make sure that you have a proper SSL setup in place:

  1. Open the file rsawebagent/httpd.conf and go to the last line. Comment the line include /etc/httpd/rsawebagent/rsawebagent.conf

  2. Make sure that the DocumentRoot directive of the virtual host listening on port 443 points to a different folder than the default DocumentRoot

  3. Restart Apache

  4. Log on your server, using http (port 80), and try using https (defaults to port 443). You should see two different pages, with the https test being on an SSL connection (you will see the lock icon in Internet Explorer's status bar.

  5. If all this is correct, uncomment the "include" line above and restart Apache

B. Verify your document root locations (given as an example):

  DocumentRoot of your default web server : /var/www/htmldocs

  DocumentRoot of your SSL virtual host : /var/www/ssldocs

C. Create a folder called 'secure' in /var/www/ssldocs

D. Create a file index.html in /var/www/ssldocs/secure with the following content:

<html>
<head>
<title>Index SSL docs</title>
</head>
<body>
<script>
<!--
location.replace("secure");
-->
</script>
</body>
</html>

E. Configure a virtual server using the config tool provided with RSA Authentication Agent 5.3 for Web:

  1. Run rsawebagent/config

  - Select the Default web site [0]

  - Choose "Enable" for the option "Agent protection for this web server"

  2. Run rsawebagent/config <your server domain name>

  3. Configure it the same way as above and exit

  4. Run rsawebagent/protectURL

  - Select your server

  - Choose Unprotect a URL

  - Type "/", without the quotes

  - Type Enter again to exit this sub menu

  - Choose Protect a URL

  - Type "/secure/", still without the quotes

  - Type Enter again to exit this sub menu

  - Exit

Then restart Apache and test. You should not be prompted for authentication when accessing your site using HTTP, and you should be prompted when accessing the same site using HTTPS.
Legacy Article IDa29060

Attachments

    Outcomes