Block access to HTTP on port 80 in SPECTRUM OneClick

Document ID : KB000050709
Last Modified Date : 06/07/2018
Show Technical Document Details
Introduction:

This article describes how access to the non-secure, HTTP portal (http://<ONECLICK_SERVER>:80) of the Spectrum OneClick Server can be disabled.

Background:
Having enabled SSL in Spectrum OneClick, access to the non-secure http:// webpage needs to be blocked in order to maximise security of the server and client connections.
Environment:
Spectrum 9.x, 10.x and later
Instructions:

1. Backup then edit the following file on the Spectrum OneClick server located at

$SPECROOT/tomcat/conf/server.xml

2. Find the sections that define HTTP on port 80 and comment them out using HTML comment tags <!-- ... -->

For example:

<!-- Define a non-SSL HTTP/1.1 Connector on port 80 -->
  <Connector port="80" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" 
  enableLookups="true" redirectPort="443"  acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true">
 
Then comment the whole section out:

<!--
<!-- Define a non-SSL HTTP/1.1 Connector on port 80 -->
  <Connector port="80" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" 
enableLookups="true" redirectPort="443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" />
  <!-- Define a SSL Coyote HTTP/1.1 Connector on port 443 -->   
-->   

3. Recycle the Spectrum Tomcat service

a. In Windows use Windows Service control Panel

b. In Linux/Solaris, run

$SPECROOT/tomcat/bin/stopTomcat.sh

Then restart:

$SPECROOT/tomcat/bin/startTomcat.sh

Additional Information:
https://docops.ca.com/ca-spectrum/10-2-3/en/administrating/oneclick-administration/oneclick-server-communications-and-network-configuration/configure-oneclick-for-secure-sockets-layer