Disabling Non-SSL/HTTP port in IBM Websphere

Every Client who is using an IAM tool would always want to go for SSL except for a few rare cases and it is generally Preferred to go for HTTPS as it is more secure.

Most of the IAM SME's generally struggle and fear when they hear the word HTTPS and certificates.

We provide all the Identity and Access management products on HTTPS protocol to clients but tend to forget that the Non-SSL or HTTP port might still be open which can lead to breach in security when the client comes across this loophole..

In IBM the most prominent tool for deploying any custom application or an IAM application is IBM Websphere and the best way to block the http port or non-ssl port of websphere is as below.

1. Log on to the WebSphere Application Server administrative console.
2. Click Environment > Virtual Hosts.
3. Click default_host.
4. Click Host Aliases in the Additional Properties section.
5. Select the row of default HTTP port (9080) on which Security Identity Manager is deployed.
6. Click Delete to remove the port from the virtual host.
7. Click Save to apply the changes to the master configuration.
8. Update the global web server plug-in configuration.
a. Click Environment > Update global Web server plug-in configuration.
b. Click OK to update the plug-in configuration file.
9. Restart the WebSphere Application Server.

This will remove the entry of the port in Websphere and there by allowing access only via the HTTPS Port.

We can add this entry back as a default_host in websphere and all the applications that were deployed on the http port will start working again.

We are only removing the refrence to this port in Websphere and not the port configuration.

There are different ways of doing this but i generally use the above one as i find it more easier.....