Redirect all HTTP Requests To HTTPS Requests in OHS

 

                     

Redirect all HTTP Requests To HTTPS Requests in OHS

Requirement :-   VA Report has reported following vulnerability.

HTTP Strict Transport Security (HSTS) Policy Not Enabled. The target website is being served from not only HTTP but also HTTPS and it lacks of HSTS policy implementation.

Remedy 

Configure your webserver to redirect HTTP requests to HTTPS

Solution:-

OHS http port : 7777   http://localhost:7777

OHS https port : 4443 https://localhost:4443

Step 1 :-     Backup httpd.conf file 

C:\Oracle\Middleware\Oracle_Home\user_projects\domains\base_domain\config\fmwconfig\components\OHS\instances\ohs1\httpd.conf

C:\Oracle\Middleware\Oracle_Home\user_projects\domains\base_domain\config\fmwconfig\components\OHS\ohs1\httpd.conf

Step 2 :- Add the following Rewrite rule - 3 lines to the file 

RewriteEngine On

RewriteCond %{SERVER_PORT} ^7777$

RewriteRule ^/(.*)$ https://%{SERVER_NAME}:4443/$1 [R,L]

**With above rule , all request on http port 7777 will be redirected to https 4443

Step 3 : - restart OHS

Step4 :- TEST the url  http://lcoalhost:7777 should redirect you to https://localhost:4443

      Here we are using the default SSL Certificate. click on continue..

        

        http request is routed on https port.

                Thank You !!