000021058 - IBM WebSphere resources not protected when accessed via Apache or IBM HTTP Server (IHS) web server

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021058
Applies ToRSA ClearTrust Agent 3.0.2 for Apache
RSA ClearTrust Agent 3.5 for Apache
RSA ClearTrust Agent for IBM HTTP
IBM WebSphere 5.0.1
IBM WebSphere 5.0.2
IBM WebSphere 5.1
Tomcat 4.1.30
Apache 2.0.47
Apache 1.3.19.2
IBM HTTP Server (IHS) 1.3.19.2
IssueIBM WebSphere resources not protected when accessed via Apache or IBM HTTP Server (IHS) web server
Apache Tomcat JSP and Java servlet resources not protected when accessed via Apache web server
Error: "WARNING: mod_app_server_http: cb_read_body: Failed to read the full body from the browser. just_read = 0 of the expected 107"
CauseA default installation will modify the Apache HTTPD.CONF with the following entries. In this example, the Apache web server is installed in c:\ihs-1-3-19-2:

<Directory "C:/ihs-1-3-19-2/htdocs">
   <IfModule ct_apache_mod.c>
       AuthType Basic
       Require valid-user
       AuthName CT
   </IfModule>
...
...

This by definition will not protect any of the virtual data supplied from WebSphere (e.g. sample pages found at /WSsamples/en/index.html and /TechnologySamples/SimpleJSP) or any data supplied by a Tomcat server.
ResolutionTo correct this issue, modify the HTTPD.CONF file to include the virtual locations of the IBM WebSphere data so the Apache signals RSA ClearTrust Agent to act. For example:

<Location /TechnologySamples>
   <IfModule ct_apache_mod.c>
       AuthType Basic
       Require valid-user
       AuthName CT
   </IfModule>
</Location>
<Location /WSsamples>
   <IfModule ct_apache_mod.c>
       AuthType Basic
       Require valid-user
       AuthName CT
   </IfModule>
</Location>

The same logic applies if a Tomcat server is being used to deliver Java services to Apache. So given the following entries in HTTPD.CONF:

JkMount /CSearch ajp13
jkMount /CSearch/* ajp13

, the following entries should be added to activate the RSA ClearTrust Agent:

<Location /CSearch>
   <IfModule ct_apache_mod.c>
       AuthType Basic
       Require valid-user
       AuthName CT
   </IfModule>
</Location>
Legacy Article IDa20928

Attachments

    Outcomes