<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Calibri;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:Calibri;
mso-fareast-language:EN-US;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Calibri;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:Calibri;
mso-fareast-language:EN-US;}
@page WordSection1
{size:595.0pt 842.0pt;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body bgcolor="white" lang="EN-GB" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoPlainText">Thanks Michael,<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">On 13/10/2016, 21:01, "Blueonyx on behalf of Michael Stauber" <blueonyx-bounces@mail.blueonyx.it on behalf of mstauber@blueonyx.it> wrote:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> Hi Colin,<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> >> My recommendation is to only allow GUI access via HTTPS, which can be<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> >> configured via the GUI itself.<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> > <o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> > How would I do this? Can't find a setting (but then I may not be
<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> > looking in the right place!).<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> "Server Management" / "Maintenance" / "Server Desktop".<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> The field "GUI access protocols" usually shows "HTTP and HTTPS". Change<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> it to "HTTPS only" and tick the checkbox for "Redirect to Server-Name".<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> What it does is this:<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> Say the server is named server.company.com and you have a Vsite named<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> vsite.com.<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> Someone goes to http://vsite.com/login, which will (as usual) redirect<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> to the AdmServ at http://server.company.com:444/login<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> However: If the GUI is set to "HTTPS only", it will redirect once more<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> to https://server.company.com:81/login<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> This serves two purposes: You can only see any GUI page when you access<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> it via HTTPS. Any call to a GUI page via HTTP will be redirected to the<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> respective HTTPS page of the same URL.<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> The checkbox "Redirect to Server-Name" (if ticked) will make sure that<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> you don't get the "The certificate is only valid for server.company.com"<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> error if someone uses http://vsite.com/login. You would get that if we<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> did a straight redirect from there to HTTPS without replacing the domain<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> name.<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> Unavoidably you still see it if someone uses https://vsite.com/login,<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in"> though.<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> I knew it had to be there somewhere! <span style="font-family:Wingdings">
J</span></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Kind regards</p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Colin</p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
</div>
</body>
</html>