Fixes are available
9.0.0.4: WebSphere Application Server traditional V9.0 Fix Pack 4
9.0.0.5: WebSphere Application Server traditional V9.0 Fix Pack 5
9.0.0.6: WebSphere Application Server traditional V9.0 Fix Pack 6
9.0.0.7: WebSphere Application Server traditional V9.0 Fix Pack 7
9.0.0.8: WebSphere Application Server traditional V9.0 Fix Pack 8
9.0.0.9: WebSphere Application Server traditional V9.0 Fix Pack 9
9.0.0.10: WebSphere Application Server traditional V9.0 Fix Pack 10
9.0.0.11: WebSphere Application Server traditional V9.0 Fix Pack 11
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3
9.0.5.4: WebSphere Application Server traditional Version 9.0.5 Fix Pack 4
9.0.5.5: WebSphere Application Server traditional Version 9.0.5 Fix Pack 5
WebSphere Application Server traditional 9.0.5.6
9.0.5.7: WebSphere Application Server traditional Version 9.0.5 Fix Pack 7
9.0.5.8: WebSphere Application Server traditional Version 9.0.5.8
9.0.5.9: WebSphere Application Server traditional Version 9.0.5.9
9.0.5.10: WebSphere Application Server traditional Version 9.0.5.10
9.0.5.11: WebSphere Application Server traditional Version 9.0.5.11
APAR status
Closed as program error.
Error description
Plugin can now be configured to ignore client to IBM HTTP Server protocol.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server web * * server plugin users * **************************************************************** * PROBLEM DESCRIPTION: The WebSphere web server plugin can * * not be configured to change * * communication protocols used between * * the client and WebSphere. * **************************************************************** * RECOMMENDATION: * **************************************************************** The web server plugin tries to match communication protocols so if a client makes a http request to the web server, the client will try to make a http connection to WebSphere. If the client uses https, the plugin will attempt to use https.
Problem conclusion
There is a custom property (UseInsecure) which can be configured to allow incoming https client requests to use http connections to WebSphere when plugin detects error with the security configuration and https connections are not possible but there may be times when a user would like for the plugin component to change protocols regardless of the security configuration. The plugin component now accepts a new Config tag called SSLMapMode. This can be set thru WebSphere custom properties or if using IHS or apache, it can be set as a web server environment variable. The properties allows for values: "onload" which will use a https connection to WebSphere when the client uses a http connection to the web server "offload" which will use a http connection to WebSphere when the client uses a https connection to the web server or "default" which will retain the same behavior as if the property was not set. To set using a WebSphere custom property, navigate to the webserver-><servername>->Plug-in properties->Custom Properties window and add the property SSLMapMode with a value of "onload", "offload" or "default". You can use Apache environment variables to limit the scope of ssl-map-mode to a particular subset of requests. To configure using an Apache or IBM HTTP Server environment variable, set the environment variable "ssl-map-mode" to onload, offload or default. Default will use the same connection type to WebSphere that the client used. As an example, use add the following directive to transform https requests for /myapp to http requests when the requests are sent to the WebSphere Application Server: 1. Make sure the LoadModule directive for mod_setenvif is uncommented. 2. Append the following directive to httpd.conf, choosing a mode: SetEnvIf Request_URI /myapp.* ssl-map-mode=offload Note: The SetEnv directive can also be used to configure this mode if the plugin component is NOT using Intelligent Management. The fix for this APAR is currently targeted for inclusion in fix pack 9.0.0.4. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PI77874
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-03-09
Closed date
2017-03-10
Last modified date
2021-07-21
APAR is sysrouted FROM one or more of the following:
PI76001
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
R900 PSY
UP
Document Information
Modified date:
04 May 2022