By default, Tufin TOS runs with Apache configured to listen on port 443/tcp to accept HTTPS only. In some installations users are used to type http:// only - so a redirect might be useful. Since on machines running Tufin TOS (mostly) only this applilcation is active, the change of the apache configuration can be done globally and doesn't require things like VirtualHosts etc.
To make Tufin listen on Port 80/tcp for HTTP in cleartext and to redirect this request to Port 443/tcp to use HTTPS these steps are necessary:
- Backup your original configuration file /etc/httpd/conf/httpd.conf and keep in a safe place
- Edit the file /etc/httpd/conf/httpd.conf :
- After the line
Listen 127.0.0.1:80
add a new line with
Listen <IP Address of the Tufin Server>:80
to make the system listening on the network IP address and not on the internal IP address only - Add the line
RewriteEngine On
to enable rewriting (somewhere at the end of the file) - Add the line
RewriteCond %{HTTPS} off
to check if HTTPS is turned on (it should be). If so, the next line will be executed (Add this line below the rewrite line) - Add the line
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
to redirect to HTTPS on Port 443/tcp, and give a 301 Message to the browser (permanent redirect)
(Add this line below the other two) - Save the file
- Now it's time to restart the web server running on the system. You can do it by executing
service httpd restart
or by executing the command
/etc/init.d/httpd restart
- You will need to check if there are any error messages, for sure. And - please test the configuration to be sure it works as you want
