How can I force users through SSL with GroupWise WebAccess?

  • 3317621
  • 25-Mar-2008
  • 29-Apr-2014

Environment

Novell GroupWise 5.5 EP
Novell GroupWise 6.0
Novell GroupWise 6.5
Novell GroupWise 7.0
Novell GroupWise 8
Novell GroupWise WebAccess
Novell GroupWise 2012 Support Pack 2

Situation

How can I force users to make an SSL (encrypted) connection to GroupWise WebAccess (assuming SSL certificates are setup properly)?

Resolution

When a user makes a secure connection to Groupwise WebAccess using SSL, the encryption between the user's web browser (Internet Explorer, Safari, Firefox, etc) and the web server (Apache or Microsoft IIS) is handled by the web server, and is not configured in GroupWise WebAccess.

One possibility is to disable or block port 80 at the firewall or router and educate users to connect to https:///gw/webacc

A second option is to configure Apache so that all standard, unencrypted HTTP connections (to port 80) are redirected to an SSL connection on port 443. To redirect port 80 on an Apache web server to port 443, you can do the following (when you are done, restart Apache):

NetWare 6.5; you can edit the sys:\apache2\conf\httpd.conf
NetWare 6.0; you can edit sys:\apache\conf\adminserv.conf

This can be done with Apache using a module called rewrite. You need to enable the rewrite module in your gwapache.conf file by uncommenting the following line:

LoadModule rewrite_module modules/rewrite.nlm

Then add the following lines to the end of the file.

#If you are using GroupWise 6.5 then you will want to use the following in the virtual host part.


RewriteEngine On
RewriteCond %{REQUEST_URI} ^\/servlet\/webacc
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]

#If you are using GroupWise 7 then you will want to use the following inthe virtual host part instead:

<VirtualHost _default_:80>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^\/gw\/webacc
RewriteRule ^/(.*) https://%{SERVER_NAME}/gw/webacc [L,R]

</VirtualHost>

# If you are using Groupwise 8 on OESLinux modify the following:

After the line Alias /gw "/opt/novell/groupwise/webaccess/gw/"in the In /etc/opt/novell/groupwise/webaccess/gw.conf add the following module rewrite code:


<IfModule !mod_rewrite.c>
LoadModule rewrite_module /usr/lib/apache2/mod_rewrite.so
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
Rewritecond %{SERVER_PORT} ^80$
RewriteRule ^/gw/(.*) https://%{HTTP_HOST}/gw/$1 [NC,R,L]
</IfModule>

# If you are using Groupwise 2012 on Linux modify the following:

# If using SLES11 32-bit the below line will be "/usr/lib/apache2/mod_rewrite.so"

# If using SLES11 64-bit the below line will be "/usr/lib64/apache2/mod_rewrite.so"

After the line Alias /gw "/opt/novell/groupwise/webaccess/gw/"in the In /etc/opt/novell/groupwise/webaccess/gw.conf add the following module rewrite code:


<IfModule !mod_rewrite.c>
LoadModule rewrite_module /usr/lib64/apache2/mod_rewrite.so
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
Rewritecond %{SERVER_PORT} ^80$
RewriteRule ^/(.*) https://%{HTTP_HOST}/gw/$1 [NC,R,L]
</IfModule>

NOTE:  This will allow for a user typing:  http://<webServerIPAddress> and get redirected automatically to https://<webServerIPAddress>/gw/webacc .

Additional Information

Formerly known as TID# 10074746
 
It may appear that there are two gw.conf files to edit but /etc/apache2/conf.d/gw.conf is a softlink to the real file /etc/opt/novell/groupwise/webaccess/gw.conf.
 
Note:  Make sure that your Web server is setup correctly to use an SSL certificate and can go to https:// before you implement this document.  On SLES11 with GroupWise 2012 , make sure that the module "rewrite" is configured in the "APACHE_MODULES" section of the /etc/sysconfig/apache2 file.  If there is no "rewrite" module listed in this file then the automatic forcing of SSL and rewrite to the GroupWise Webaccess url will not work.