This section describes how to set up a transparent HTTP connection. To audit HTTP connections in non-transparent mode, see Enabling One Identity Safeguard for Privileged Sessions (SPS) to act as an HTTP proxy.
Figure 191: Traffic Controls > HTTP > Connections — Transparent HTTP connection
To set up a transparent HTTP connection
-
In the Name field, enter the name of the connection that identifies the connection policy.
-
In the From field, enter the IP address and prefix of the client that you can use to access the server.
You can use an IPv4 or an IPv6 address. To limit the IP range to the specified address, set the prefix to 32 (IPv4) or 128 (IPv6).
-
In the To field, enter the IP address and prefix that the clients target.
You can use an IPv4 or an IPv6 address. To limit the IP range to the specified address, set the prefix to 32 (IPv4) or 128 (IPv6).
-
In the Target section, select Use original target address of the client.
-
In the SNAT section, select Use original IP address of the client.
-
Since SPS cannot automatically decide whether the incoming sessions are encrypted or not, set up another identical connection policy for the same sessions, for HTTPS. As a result, HTTP and HTTPS sessions are saved into separate trails.
-
Setup a new connection policy with the same settings as above.
-
Set the Port to 443.
-
Enable TLS encryption. For more information, see Enabling TLS encryption in HTTP.
-