cancel
Showing results for 
Search instead for 
Did you mean: 
bhit
Level 7
Report Inappropriate Content
Message 1 of 18

Redirect User Interface port 4711 HTTP to 4712 HTTPS

Hi all

I already posted that question as a comment somewhere on this board, but I thought nobody would see it there, so I'm asking here again (sorry):

I'd like to redirect the User Interfaces' HTTP traffic on port 4711 to HTTPS on port 4712, like I would for other web-servers, in order to restrict user access to a secured channel. How can I do that for the McAfee Webgateway-ui, do you know? It would be very cool I you did and would agree to give me a hand with that ^^

[root@[Hostname] mwg-ui]# mwg-info version
7
8
2
12
0
29703
mlos3
mwg

 

Maybe I can do it here

standard in /etc/mwg-ui/server.xml :

 

<Connector server="mwg-ui" URIEncoding="UTF-8" port="4712"
protocol="HTTP/1.1" SSLEnabled="true" maxThreads="500"
connectionTimeout="20000" scheme="https" secure="true" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" SSLCipherSuite="HIGH:!aNULL:!eNULL"
SSLHonorCipherOrder="true" SSLCertificateFile="/usr/share/mwg-ui/ssl/servercert.pem"
SSLCertificateKeyFile="/usr/share/mwg-ui/ssl/serverkey.pem"
maxPostSize="2048" maxSavePostSize="0" />

<Connector server="mwg-ui" URIEncoding="UTF-8" port="4711"
protocol="HTTP/1.1" maxThreads="500" connectionTimeout="20000"
redirectPort="4712" maxPostSize="2048" maxSavePostSize="0" />

17 Replies
McAfee Employee smasnizk
McAfee Employee
Report Inappropriate Content
Message 2 of 18

Re: Redirect User Interface port 4711 HTTP to 4712 HTTPS

Hi Bhit,

as modifying of Configuration Files is not supported, i highly NOT recommend to do so. There is more simple way exists if you want to have HTTP port running on port 4711.

 

clipboard_image_0.png

Please let me know if this, does help or which idea you have behind redirection and why?

 

Regards,

Sergej

bhit
Level 7
Report Inappropriate Content
Message 3 of 18

Re: Redirect User Interface port 4711 HTTP to 4712 HTTPS

Thanks for your help

I'd just like the GUI-web-server to redirect unsecured HTTP connections on port 4711 to secured HTTPS ones on port 4712.

...like google does when you enter "www.google.com" on standard port 80, it redirects to port 433 to https://www.google.com.

McAfee Employee smasnizk
McAfee Employee
Report Inappropriate Content
Message 4 of 18

Re: Redirect User Interface port 4711 HTTP to 4712 HTTPS

Dear Bhit,

 

here you expect URL redirect which will happens on destination server(MWG Tomcat). I know one or two customers did this in the past. Unfortunately those changes will be overwrite by any update and in addition to it wont be supported at all. This effort doesn't sounds to be beneficial to alternatively type the additional https:// in front of your URL. Just create a bookmark of it will save your time and wont make any difference in usage. 

 

-Sergej

Reliable Contributor jacek
Reliable Contributor
Report Inappropriate Content
Message 5 of 18

Re: Redirect User Interface port 4711 HTTP to 4712 HTTPS

Or if you would like to keep 4711 port in emergency cases, disable it on a MWG firewall.
If something goes wrong with 4712 and SSL connection, connect to CLI, remove firewall rule and use it.
bhit
Level 7
Report Inappropriate Content
Message 6 of 18

Re: Redirect User Interface port 4711 HTTP to 4712 HTTPS

Thanks Jacek,

we have a model where each department can manage their own filtering rules in the company. Most of the users doing that are not IT specialists, so what they can do is very limited, they can just edit some exceptions and do simple manipulations. I want them to use a TLS-secured channel to connect to the GUI, but I really need to keep it as simple as possible for them. I use dNAT on a FW-appliance to forward port 80 to 4711 and 443 to 4712. Since browsers use default port 80, I want the users to be forwarded to port 4711, there the GUI-webserver (Apache Tomcat?) is going to HTTP-redirect them to 4712. If some of them use "https://" in the browser they're going to be forwarded directly to 4712.

bhit
Level 7
Report Inappropriate Content
Message 7 of 18

Re: Redirect User Interface port 4711 HTTP to 4712 HTTPS

Thank you, in my case I'd like to do the extra work each time we do an update, because we need to keep it as simple as possible. Please check my answer to Jacek, I explained why. Do you have a manual how to do that, by chance?

McAfee Employee smasnizk
McAfee Employee
Report Inappropriate Content
Message 8 of 18

Re: Redirect User Interface port 4711 HTTP to 4712 HTTPS

Hi Bhit,

 

as it isnt supported method at all, no how to is existing. By chance those customers who use it already might post something... lets see.

 

-Sergej

bhit
Level 7
Report Inappropriate Content
Message 9 of 18

Re: Redirect User Interface port 4711 HTTP to 4712 HTTPS

Hi Sergej,

could you please add that feature to the change request list at McAfee development? 🙂 I'm a bit disappointed a Web-Pro like McAfee doesn't support that.

Thank you!

McAfee Employee smasnizk
McAfee Employee
Report Inappropriate Content
Message 10 of 18

Re: Redirect User Interface port 4711 HTTP to 4712 HTTPS

Dear Bhit,

it is not supported as you cant do this from the official UI and changes will be overwritten while updating. For Ideas you are welcome to submit some, please follow our Product Enhancement Request process: 

https://kc.mcafee.com/corporate/index?page=content&id=KB60021

-Sergej

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community