In 3.6.x Mission Portal is configured by default to listen on both secure and unsecure ports. When this policy is activated on the hub all nonsecure traffic will be redirected to https.
bundle agent cfe_internal_mission_portal_ensure_https
{
meta:
"description"
string => "Ensure that mission portal is only accessed via a secure
connection by redirecting non https traffic to https.";
vars:
"http_redirect"
string => "RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]",
comment => "To prevent accidental login over http this automatically
redirects all http requests to https";
files:
"$(sys.workdir)/share/GUI/Apache-htaccess"
edit_line => append_if_no_line($(http_redirect)),
comment => "We edit the file in share because
cfe_internal_setup_knowledge_files_doc_root_htaccess ensures
that the deployed htaccess file is copied from share so if we
dont promise the source then we will have continual repairs.";
}
Activate the policy using a methods type promise:
bundle agent example
{
methods:
enterprise_edition.policy_server::
"Redirect_Http"
usebundle => cfe_internal_mission_portal_ensure_https,
comment => "Redirect all http traffic to https for improved
security";
}
Comments