How to have separate SiteMinder policies for protecting the HTTPS SSL request URLS Port 443) and for normal HTTP requests (Port 80) for a single web-server?

Document ID : KB000051244
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Customer has a single Apache web server instance listening on both the ports - 80(Normal port for HTTP requests) and 443(SSL Requests).

He wants to have separate SiteMinder policies to protect for HTTP requests and HTTPS requests.

For E.g.-
=======

Here are the resource URL's that are to be protected and left unprotected are as follows:

http://www.transpolar.com:80/ --------not protected
http://www.transpolar.com/protected:80/ * --------Protected
https://www.transpolar.com:443/ --------Protected

Solution:

This functionality can be achieved using the ACO parameter - AgentName.

By Enabling AgentName, a different web agent name can be associated for the SSL Request URL's HTTPS:443 traffic and the normal HTTP request URLS:80 traffic.

To achieve this in the Agent Configuration Object (ACO) we can map the http requests on port 80 to one WebAgent name and the https requests on port 443 to another WebAgent name. This enables the SiteMinder policy for the http and https traffic to be specified separately.

For example:

AgentName='apache_agent,www.transpolar.com:80'
AgentName='apache_ssl_agent,www.transpolar.com:443'

Will map http traffic to use agent name 'apache_agent' and https traffic to use agent name 'apache_ssl_agent' and policy can then be specified separately for these two ag