IBM Support

QRadar SOAR: Redirect HTTP to HTTPS for Redhat

How To


Summary

How to redirect HTTP to HTTPS for Redhat?

Steps

This is a note related to redirecting http to go to Https.

WARNING: This has not been tested with all components of SOAR or SOAR apps. 

  1. Backup web configuration files that will be altered: 
    cp -p /usr/share/co3/conf/server.xml /usr/share/co3/conf/server.xml.org
cp -p /usr/share/co3/conf/web.xml /usr/share/co3/conf/web.xml.org
cp -p /etc/firewalld/zones/public.xml /etc/firewalld/zones/public.xml.org
  2. Edit files that were backed-up:
    Add in the lines that are in purple: 
    vi /usr/share/co3/conf/server.xml

    ...
    ...

    <Service name="Co3">
    <Connector port="80" protocol="HTTP/1.1"
    server="Co3"
    redirectPort="443"/>
    <Connector port="443"
    protocol="org.apache.coyote.http11.Http11Protocol"
    maxThreads="${maxThreads}"
    connectionTimeout="15000"
    ...
    ...
    		 
    vi /usr/share/co3/conf/web.xml
    version="3.0">
    <!--require HTTPS for all urls -->
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>HTTPSOnly</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <!-- ================ Introduction ================== -->
    <!-- This document defines default values for *all* web applications -->
  3. Restart Resilient for the changes to take effect. 
    systemctl restart resilient
  4. Modify Firewall rule to allow port 80 
    firewall-cmd --zone=public --add-port=80/tcp --permanent

    This adds a line to /etc/firewalld/zones/public.xml:

    more /etc/firewalld/zones/public.xml

    <?xml version="1.0" encoding="utf-8"?>
    <zone>
    <short>Public</short>
    <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted
    .</description>
    <service name="ssh"/>
    <service name="dhcpv6-client"/>
    <port protocol="tcp" port="22"/>
    <port protocol="tcp" port="443"/>
    <port protocol="tcp" port="65000"/>
    <port protocol="tcp" port="65001"/>
    <port protocol="tcp" port="80"/>
  5. Restart the firewall Daemon for the changes to take effect. 
    systemctl reload firewalld

Additional Information

To Back Out the work:

  1. Replace the files to their originals: 
    cp -p /usr/share/co3/conf/server.xml.org /usr/share/co3/conf/server.xml
cp -p /usr/share/co3/conf/web.xml.org /usr/share/co3/conf/web.xml
cp -p /etc/firewalld/zones/public.xml.org /etc/firewalld/zones/public.xml
  2. Restart the Services: 
    systemctl restart resilient
systemctl reload firewalld

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSA230","label":"IBM Security QRadar SOAR"},"ARM Category":[{"code":"a8m0z000000cvfWAAQ","label":"Authentication"},{"code":"a8m0z000000cvqZAAQ","label":"Resilient Core-\u003EUser Interface"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"44.0.0;51.0.0"}]

Document Information

Modified date:
16 June 2025

UID

ibm17236908

Page Feedback