Use ACE to redirect or insert a WWW in a client request

Similar Messages

• ACE http redirect on probe fail & others

  Hi everyone,
  I have multiple http based application running on 2 servers and they all be referenced behind the publised VIP from the load balancer.
  The probes are already there, applications are accessed but one criteria from the business is not to fail the whole server for one application. There is some independance between the apps that if one fails, the other would need to still load balanced.
  I would like, if the application fails on both server, to maybe be able to redirect to another URL any request for a particular App/URL.
  Any suggestions ?

  Hi,
  To not declare a real server down if one of its applications fail, you should configure your probes in your serverfarm, and (if not already done) create a serverfarm per application.
  If you want to be able to redirect a request send to a failed serverfarm, you can configure a backup serverfarm in you L7 policy map like this:
  serverfarm name1 backup name2
  The second serverfarm should then be of the type:
  serverfarm redirect name2
  webhost-redirection relocation_string [301 | 302]
  where the relocation_string is the URL that should be used, 301 is permanently moved and 302 is temporarily.
  For the relocation_string, you can use following special characters:
  %h Inserts the hostname from the request Host header
  %p Inserts the URL path string from the request
  Mor info can be found in this doc:
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/slb/guide/slbgd.html
  Hope this helps.
  Kr,
  Dario

• ACE - HTTPS redirection

  Hi,
  How to configure the ACE to redirect a https request to different url.
  For example
  Clients requesting https://www.mycompany.com shall be redirected to https://www1.mycompany.com.
  Please let me know.Thanks in Advance

  Hi Gilles,
  I am having the certificate and the key.
  Please check the config and confirm whether this looks fine or not.
  I am using GSS to resolve www.mycompany.com and www1.mycompany.com
  probe http Server1
  interval 15
  passdetect interval 60
  request method head url /keepAlive.html
  expect status 200 202
  open 10
  parameter-map type ssl PARAMMAP_SSL_TERMINATION
  cipher RSA_WITH_3DES_EDE_CBC_SHA
  cipher RSA_WITH_AES_128_CBC_SHA priority 2
  cipher RSA_WITH_AES_256_CBC_SHA priority 3
  rserver redirect HTTPS-REDIRECT
  conn-limit max 4000000 min 4000000
  webhost-redirection https://www1.mycompany.com.au 301
  inservice
  serverfarm host SFARM_HTTPS
  rserver Server1_http 80
  inservice
  serverfarm redirect https-redirect
  rserver HTTPS-REDIRECT
  inservice
  ssl-proxy service SSL_PSERVICE
  key MYKEY.PEM
  cert ACE-SP2.CER
  ssl advanced-options PARAMMAP_SSL_TERMINATION
  class-map type http loadbalance match-any HTTPS1
  2 match http header Host header-value "www[.]mycompany[.]com"
  class-map type http loadbalance match-any HTTPS2
  2 match http header Host header-value "www1[.]mycompany[.]com"
  policy-map type loadbalance first-match HTTPS
  class HTTPS1
  serverfarm https-redirect
  class HTTP2
  serverfarm SFARM_HTTPS
  class class-default
  serverfarm SFARM_HTTPS
  policy-map multi-match HTTPS-PM
  class HTTPS-RED
  loadbalance vip inservice
  loadbalance policy HTTPS
  loadbalance vip icmp-reply active
  ssl-proxy server SSL_PSERVICE
  Also let me know know if there is any another way to configure the redirection other than matching host header.
  Thanks in Advance

• ACE: URL redirect - not working

  Hi,
  I've to do url redirection from port 80 to port 443. I've following configured:
  rserver redirect url.test.com-rd
    webhost-redirection https://url.test.com/
    inservice
  serverfarm redirect url.test.com:80
    description url.test.com - port 80 redirect ***
    rserver url.test.com-rd
      inservice
  class-map match-any url.test.com:80
    2 match virtual-address 192.168.1. tcp eq www
  policy-map type loadbalance first-match url.test.com:80
    class class-default
      serverfarm url.test.com:80
    policy-map multi-match LOAD_BALANCE
     class url.test.com:80
      loadbalance vip inservice
      loadbalance policy url.test.com:80
      loadbalance vip icmp-reply active
  ===
  with above configuration, ACE is redirection port 80 to port 443 but it also rewrites the header.  i.e. ACE send me to
  "https://url.test.com/" if I type "http://url.test.com/abc" in the browser. It should have redirected to  "https://url.test.com/abc" ( it shouldn't have removed "/abc")
  could you advice how to accomplish it.
  Thanks in advance...

  Hi,
  thanks pablo. but that isn't expected response. redirected url shows the load balanced server. i.e. for the following serverfarm of port 443:
  serverfarm host url.test.com:443
    description url.test.com - Port 7777 ***
    failaction purge
    probe url.test.com:7777
    rserver server1.test.com 7777
      inservice
  redirected url comes as "http://server1.test.com:7777/abc/" ...instead of what I expect .i.e. i expect "
  https://url.test.com/abc/"

• WAAS with ACE - Use Ace or use WCCP or use PBR?

  Wich is better to use, i need use two aces in HA (active x active). But the model of Switch Router is Enterasys and Enterasys dont have WCCP, but have TWCB(Transparent Web Cache Balancing (https://extranet.enterasys.com/sites/dms/DMSAssetLib/Documents/Feature%20Guides/twcbFeatGde041609.pdf), but my questions are:
  1) I have two Aces too, the better is use Ace to do this or not? (In reality i think that is not the best way).
  2) Somebody can say me if TWCB is the same of WCCP?
  3) With PBR can i use two WAAS in active x active mode?
  Thanks

  Hi Luciano,
  I tried to open the link you provided, but it's asking me for an Enterasys username and password so I couldn't find out what exactly this feature is. My guess is that it allows some transparent redirection similar to WCCP, but I have no clue how this is achieved. Therefore, I'm just going to speak about the other options.
  The first thing I would like to say is that, if you have to choose between PBR and ACE, I would recommend you to use the ACE. The main problem of PBR is that the redirection needs to be statically configured based on ACLs maching on the source or destination addresses, so, you don't have any kind of redundancy if a WAE goes down, and you may have to rewrite the ACLs if something changes in your environment. With the ACE, the load-balancing is dynamically done, so, if one of the WAE fails or the traffic patterns change, the load distribution will be dynamically adjusted
  Regards
  Daniel

• ACE WEBHOST-REDIRECT logic

  Hi guys.
  Recenty I see the following config.
  rserver redirect REDIRECT-TO-HTTPS
   webhost-redirection https://%h%p 301
   inservice
  serverfarm redirect REDIRECT-SERVERFARM
   rserver REDIRECT-TO-HTTPS
   inservice
  I suspect this is a generic config to rewrite a redirection sent from rsever to client when it sends a http redirection and the client need to do a https conection.
  My question is: this configuration will rewrite all redirect? What happens if the redirect sent from real server need to reach the client as http (not translated)
  Thanks in advance.

  Hi David,
  The above configuration is for ACE to redirect and not "Rserver". So if a user comes on http://xyz.com and you want ACE to redirect it to https"//xyz.com, you use above configuration. Now there will be a class-map condition as well as policy maps and hence ACE will redirect only those requests which will match the condition. Also, redirect and rewrite are two different functions. If you want the ACE to intercept server response and rewrite it, then you should have a look at "URL Rewrite as well as SSL rewrite" features. Again you will have proper configurations place for ACE to decide what to rewrite and what not.
  Let me know if you have any questions.
  Regards,
  Kanwal

• Issues with using the output redirection character with newer NXOS versions?

  Has anyone seen any issues with using the output redirection character with newer NXOS versions?
  Am receiving "Error 0x40870004 while copying."
  Simply copying a file from bootflash to tftp is ok.
  This occurs for both 3CDaemon and Tftpd32 softwares.
  Have tried it on multiple switches - same issue.
  Any known bugs?
  thanks!
  The following is an example of bad (NXOS4.1.1b) and good (SANOS3.2.1a)
  MDS2# sho ver | inc system
    system:    version 4.1(1b)
    system image file is:    bootflash:///m9200-s2ek9-mz.4.1.1b.bin
    system compile time:     10/7/2008 13:00:00 [10/11/2008 09:52:55]
  MDS2# sh int br > tftp://10.73.54.194
  Trying to connect to tftp server......
  Connection to server Established. Copying Started.....
  TFTP put operation failed:Access violation
  Error 0x40870004 while copying tftp://10.73.54.194/
  MDS2# copy bootflash:cpu_logfile tftp://10.73.54.194
  Trying to connect to tftp server......
  Connection to server Established. Copying Started.....
  |
  TFTP put operation was successful
  MDS2#
  ck-ci9216-001# sho ver | inc system
    system:    version 3.2(1a)
    system image file is:    bootflash:/m9200-ek9-mz.3.2.1a.bin
    system compile time:     9/25/2007 18:00:00 [10/06/2007 06:46:51]
  ck-ci9216-001# sh int br > tftp://10.73.54.194
  Trying to connect to tftp server......
  |
  TFTP put operation was successful

  Please check with new version of TFTPD 32 server. The error may be due to older version of TFPT server, the new version available solved this error. Files are getting uploaded with no issues.
  1. Download tftpd32b.zip from:
  http://tftpd32.jounin.net/tftpd32_download.html
  2. Copy the tftpd32b.zip file into an empty directory and extract it.
  3. Copy the file you want to transver into the directory containing tftpd32.exe.
  4. Run tftpd32.exe from that directory. The "Base Directory" field should show the path to the directory containing the file you want to transfer.
  At this point, the tftpserver is ready to begin serving files. As devices request files, the main tftpd32 window will log the requests.
  Best Regards...

• How can i  print reports to different printer by use Trigger on table after insert

  Hello,
  Please can any one tell me how can i print (any message) to different printer (network & local printer) by use Trigger on table after insert.
  regards,
  Linda.

  What you want to do cannot be done with PL/SQL, which does have any print utilities. However you could write something using Java Stored Procedures.
  Of course the "different printer" bit will have to be data driven as triggers are not interactive.
  rgds, APC

• My iphon 5 said "only compatible sim cards from a supported carrier may be used to activate iphone. please insert the sim card that came with ur phone or visit a supported carrier's store to receive a replacement sim card" what do i do???

  my iphon 5 said "only compatible sim cards from a supported carrier may be used to activate iphone. please insert the sim card that came with ur phone or visit a supported carrier's store to receive a replacement sim card" what do i do??? i leave in diferent country now!!!???(((

  in many countries to make phones seem less expensive
  carriers pay most of the phones price for the customer
  but this come at the cost of the phone only being able to work
  with the carrier this is called a sim lock
  the only people who can remove a sim lock is the carrier which
  the phone is sim locked to they been doing it like that for at least 20 years

• Can you refer to the original host name when using a challenge redirect?

  I have an authentication scheme that uses a challenge redirect to cause authentication to happen using https instead of http. However, this seems to break some of our monitoring scripts because now the credential challenge is coming from a different host name. Is it possible to refer to the original host name with some type of variable in the challenge redirect parameter? Below is an example:
  1. User accesses secured URL at http://appstenv2.company.com/testurl
  2. This webserver is hosting several aliases (appstenv2.company.com, appstenv4.company.com, appstenv6.company.com) and has a main name of appsdev.company.com - but is a single apache webserver where there is an application server plugin installed which will route to the desired application server environment based on the original hostname. So if a user accesses it with a name of appstenv2.company.com/testurl they will be routed to the "test 2" environment application server. If they access it as appstenv6.company.com, they would be routed to the "test 6" environment application server.
  3. This webserver listens on both http and https.
  4. The current challenge redirect can only redirect to a specific URL so it is set to "https://appsdev.company.com" which works fine interactively but the recorded monitoring scripts suddenly see a new hostname doing the prompting for credentials even though it is the same webserver - just a different alias.
  5. If possible, I would want to do the redirect in a relative fashion rather than absolute by using the original hostname from the URL being accessed. So, if the user was accessing http://appstenv2.company.com/testurl, I would like to redirect to https://appstenv2.company.com for the basic authentication. but with the same authentication scheme, if the user accesses http://appstenv6.company.com/testurl, I would want the challenge redirect to go to https://appstenv6.company.com. I'm hoping it's possible to use some system variable like SERVER_NAME to do this.
  Challenge Redirect: https://$SERVER_NAME
  Does anyone know if that is available in OAM 10.1.4.3 or some other way to accomplish the same thing with a single authentication scheme?

  No, there are not multiple policies - the host names for all aliases on that single webserver are together in a single host identifier. And I realize I can only have a single challenge redirect, I just want to use a variable to redirect to the host name that was accessed as opposed to a static name.

• Using 'dbms_obfuscation_toolkit.md5' in my insert statment itself

  Hi all,
  I am trying to use 'dbms_obfuscation_toolkit.md5' in my insert statment itself as : insert into TEST_USERS values('username', dbms_obfuscation_toolkit.md5('password'));
  But i get this : ORA-06553: PLS-307: too many declarations of 'MD5' match
  Can you please help me on how can i insert a string (not raw) as MD5 hash to a table???
  The password column i have is 'varchar(20)'. I dont mind changing it to something else. I am also struggling to find this package definition/help, to check what db type this function returns :-)
  Thanks for the help.

  Hello,
  Try posting this to the General Database Discussions forum.
  This forum is for SQLJ & JDBC.

• Use subflow or redirect step when calling another script

  I have a main AA script and it calls another script when caller press option 6.  When a caller presss 6 it is only transferring the call to the sub script.  it does not return any values to the main script.
  In this situation, is it better to use subflow or redirect step.  i am think redirect step but just want to check with the user community.
  thanks in advance.

  Either will work. Here are a few thoughts to consider in no particular order:
  Subflows count toward the originally triggered scripts' maximum step count. If you have a lot of steps, this may result in an exception. Redirecting the call restarts this counter since the newly triggered script will have its own counter.
  NOTE: You might think that this is exactly why the Trigger Application step in Synchronous mode was created for. Alas, there is a bug which renders this useless in 7.0(1): CSCtd72562
  Redirecting the call will result in the user hearing ringback. This would occur because of the recommended two-second delay step following the Accept step of a step to prevent a race condition. I find this to be irritating enough to shy away from it mid-way through an IVR if possible.
  Subflows are more difficult to debug. You need to have sufficient code embedded in them such that you can trigger and reactively debug them.
  Be sure that the redirect destination of an actual CCX Trigger (CTI Route Point). Do not set it to a value in UCM that is translated or forwarded back to CCX. This results in a race condition which CCX does not handle well.
  If you were asking me as an individual my answer would be this: Is the code small enough and not reused elsewhere? If yes, then put it in the first script and avoid this topic all together. If it's reused in a bunch of places from multiple scripts and does not represent a large quantity of steps: use a subflow. Otherwise use Trigger Application if you're on a new enough version or Call Redirect if you're not.

• Use of READ REPORT and INSERT REPORT

  Hi Guys,
  i need a small help from u guys.......
  i want to know the use of READ REPORT and INSERT REPORT  with Example
  the requirement is...
  i want to declare an internal table with fields from custom table.
  if any field is aded in the custum table then that field also should get populated in the program.
  Ex: custom table fields are
  MANDT
  BUKRS
  MATNR
  LIFNR
  field1
  field2
  field3
  now suppose if a new field field4 is added in the Table
  then the Program should automatically pick-up the fields from FIELD1...FIELD4.
  i heard by using READ and INSERT report we can do it
  plz help me ...
  Thanks
  Sunil.:-)

  If you're on 46C or above, you can use the following to generate tables dynamically.
  CALL METHOD CL_ALV_TABLE_CREATE=>CREATE_DYNAMIC_TABLE
  EXPORTING
  IT_FIELDCATALOG = GT_FIELDCAT
  IMPORTING
  EP_TABLE = GS_DATA_HEAD
  EXCEPTIONS
  GENERATE_SUBPOOL_DIR_FULL = 1
  OTHERS = 2.
  But you are restricted to 32 calls, if I remember correctly.  If you are in a later release, you can use the RTTS classes to create internal tables dynamically, without the restriction on subroutine pools.
  These classes are CL_ABAP_TYPEDESCR and subclasses.
  There are a few blogs on SDN that give examples of their use.
  Matt

• Using ACE RHI to inject a default route

  I think I posted this onto the wrong Forum. Anyone able to advise here?
  SteveK.
  Posted by: stevek1 - Network Administrator, Dept Natural Resources and Mines
  Apr 18, 2008, 12:04am PST
  Hi Folks,
  I need to provide internal devices with active-active access to our clustered firewall which sits across 2 data centres.
  I need to allow internal hosts to reach external/unknown networks via a default route.
  We have ACE modules in our internal network aggregation 6513s at each site.
  I aim to achieve this using RHI...ie...device at site 1 reaches the internet via firewall at site 1, device at site 2 reaches internet via firewall at site 2 (due to better route). If the firewall is inaccessible from site 2, ACE at site 2 removes the route from the MSFC using RHI and site 2 device traffic is re-routed to the site 1 exit point.
  Has anyone out there done this before?
  Regards, Steve.
  | Outline | Subscribe | E-Mail this Message
  Replied by: stevek1 - Network Administrator, Dept Natural Resources and Mines - Apr 20, 2008, 6:48pm PST
  Hi Folks,
  It's Steve here again. I haven't had a response to my query as yet, but basically I need to know the validity of using ACE RHI to inject a default route as opposed to a host route.
  Can anyone please advise?
  Best Wishes, Steve.

  Thanks so much for your response Zahoor.
  The solution you have provided is more complicated than I had in mind. For example we had not intended using FWSM (we don't have these modules). I just want to use our existing ACEs at each Data Centre to provide the injection of a default route to our internal EIGRP process based on the result of a probe to our Checkpoint FW. What do you think?
  Steve.

• No destination URL is defined. Use the followind redirect URL in Transactio

  Hi,
  I am new BSP, I have to display logon screen in my BSP application, i was copied SYSTEM bsp application and tried to run it, but it is throwing error "No destination URL is defined. Use the followind redirect URL in Transaction SICF:  /sap(====)/public/bsp/sap/login/default.htm?sap-url= " . Please let us know what has to be done for the same
  Message was edited by:
          Rams BSP

  Hi Rams,
  see http://help.sap.com/saphelp_47x200/helpdata/en/33/8351f1f3351c41853ea3508cbef0cf/frameset.htm
  and
  http://help.sap.com/saphelp_47x200/helpdata/en/1d/13c73cee4fb55be10000000a114084/frameset.htm
  It sounds like you have not configured the redirect correctly in the ICF.
  Cheers
  Graham