ACE http header response
Hi,
I have for example a site http://abc.com which response back with the port on which it's being used on the server ex: http://abc.com:9081
How would I rewrite the response remove the port on the server that is being used.
Thank you,
Hi,
You have rewrite the 30x redirect response from server or is it a normal response?
You can try below:
(config)# action-list type modify http H
(config-actlist-modify)# header rewrite response Location header-value http://abc.com:9008 replace http://abc.com
I am using header name as Location. Please use according to your need.
I haven't tried this myself but it should work. Try and let me know.
Regards,
Kanwal
Similar Messages
-
How to add HTTP Header Response X-Frame-Options:SAMEORIGIN from OWA published via Forefront TMG 2010 to stop Clickjacking. I have put the IIS setting X-Frame-Options:SAMEORIGIN on my Internal CAS Server. However as the OWA page is published through
Forefront TMG 2010, the iFrame tag is not blocked when the page is first opened. Only when you login with your credentials to the OWA page inside the frame and the page reaches IIS on the Internal CAS it gets blocked. I want to block it in the first
instance when it is opened from TMG.Hi,
Thank you for the post.
To modify the http header, please refer to this blog:
http://tmgblog.richardhicks.com/2009/03/27/using-the-isa-http-filter-to-modify-via-headers-and-prevent-information-disclosure/
Regards,
Nick Gu - MSFT -
hi
is there any chance to change my requeste on ace like this?
the request is http://www.xpto.com and i need to be rewrite to http://xpto.com
thanks in advance
AnteroHi Antero,
Yes, this is possible. Just check the link below for more details
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/classlb.html#wp1151822
Assuming "http://www.xpto.com" is the only request you want to rewrite, the syntax of the action would be "header rewrite request Host header-value www.xpto.com replace xpto.com"
If, however, you need to create this action in a more generic way so that any URL is rewritten in the same format, you would need to use a regular expression. In this case, it would be something similar to the following (I didn't test it, so I'm not 100% sure that the regex is correct) "header rewrite request Host header-value www\.(.*)\.com replace %1.com"
I hope this helps
Daniel -
What is the syntax for rewriting the destination port for a HTTP request?
For Example: Rewriting "http://www.test123.com" TO "http://www.test123.com:81"
Thanks!Hi,
The simple solution is to specify port at rserver level to the desired port. In your case it should be like this :
host1/Admin(config-sfarm-host)# rserver SERVER1 81
this is from the documentation which explain the same:
Associating a Real Server with a Server Farm
You can associate one or more real servers with a server farm and enter real-server server-farm configuration mode by using the rserver command in either server farm host or server farm redirect configuration mode. The real server must already exist. For information about configuring a real server, see the "Configuring Real Servers" section. You can configure a maximum of 16,384 real servers in a server farm. The syntax of this command is as follows:
rserver name [port]
The arguments are as follows:
•name—Unique identifier of an existing real server. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.
•port—(Optional) Port number used for the real server port address translation (PAT). Enter an integer from 1 to 65535.
If you choose not to assign a port number for the real server association with the server farm, the default behavior by the ACE is to automatically assign the same destination port that was used by the inbound connection to the outbound server connection. For example, if the incoming connection to the ACE is a secure client HTTPS connection, the connection is typically made on port 443. If you do not assign a port number to the real server, the ACE will automatically use port 443 to connect to the server, which results in the ACE making a clear-text HTTP connection over port 443. In this case, you would typically define an outbound destination port of 80, 81, or 8080 for the backend server connection.
For example, to identify real server SERVER1 and specify port 80 for the outgoing connection, enter:
host1/Admin(config-sfarm-host)# rserver SERVER1 80
host1/Admin(config-sfarm-host-rs)#
Hope that helps.
regards,
Ajay Kumar -
Ace http response code seeing 500, but server returning 200
we have an http probe configure like below,the real is failing probe, and the ace says it's returning a 500 response code,however when i browse to the server from my laptop, i get a 200, and the correct regex ( going to http://172.19.254.51/operation.aspx) . Is it possible the server could send a different response code to ace?
probe http HTTP
interval 5
passdetect interval 5
receive 3
request method get url /operation.aspx
expect status 200 200
open 2
expect regex "operation"
serverfarm host AMS_AI
probe HTTP
rserver server1
inservice
rserver server2
inservice
rserver server3
inservice
show probe HTTP detail
real : server3I[0]
172.19.254.51 1925172 24779 1900393 FAILED
Socket state : CLOSED
No. Passed states : 5646 No. Failed states : 5646
No. Probes skipped : 0 Last status code : 500
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : Received invalid status code
Last probe time : Wed Feb 23 10:53:21 2011
Last fail time : Wed Feb 23 09:21:29 2011
Last active time : Wed Feb 23 03:51:41 2011you will probably have to configure the HTTP header of the probe you send. Maybe the web server
is expecting specific fields (virtual hosts ?) -
ACE: wrong IP in HTTP header HEALTHCHECK packet
Hi,
I encounter a strange problem with ACE when the blade performs a HTTP healthcheck towards a RSERVER.
Sometimes, ACE insert in the HTTP header a strange IP address, others then the IP address of the rserver, for which it performs a healthcheck.
Anyone encountered the same problem?
Thx, WimHi Gillis,
I reported this issue to our integrator. I think they will open a cisco case right now.
We are able to reproduce this problem. So, that might not be the problem to troubleshoot at this moment.
For your information, we had version A1.6 running until last week. Now, we upgraded to A2, but the healthcheck issue is still present.
I assume you 'll informed via the support case? -
Load Balancing with ACE using HTTP Header information
Hello,
I am trying to setup a class-map using http loadbalance match-all.
What I want to do is check for the HTTP Host and if it doesnot match the http referer than go to server farm A. if it does match then go to server farm B.
My problem is the host can be serveral different values as well as the referer. Can you setup varibales in the ACE so I can store the value from http host and compare it against http referer?
Thanks
Mike C.It should be like this (If you want to use separate class maps for referrer & Host).
class-map type http loadbalance match-any site1-HostHDR
2 match http header Host header-value ".*site1.com"
class-map type http loadbalance match-any site1-Referer
2 match http header Referer header-value "http://site1.*"
class-map type http loadbalance match-any site2-HostHDR
2 match http header Host header-value ".*site2.com"
class-map type http loadbalance match-any site2-Referer
2 match http header Referer header-value "http://site2.*"
class-map type http loadbalance match-all Site1-policy
2 match class-map site1-HostHDR
3 match class-map site1-Referer
class-map type http loadbalance match-all Site2-policy
2 match class-map site2-HostHDR
3 match class-map site2-Referer
policy-map type loadbalance http first-match Site1
class Site1-policy
serverfarm SFarm-A
class Site2-policy
serverfarm SFarm-A
class class-default
serverfarm SFARm-B
Syed Iftekhar Ahmed -
REG : HTTP header fields (Synchronous response)
Hi All,
Can anyone please explain the advantage of using this function in the receiver HTTP adapter( ie
"Set adapter specific message attribute -> HTTP header fields (Synchronous response)")
and how this can be implemented?
Thanks in Adavnce,
Siva>
sivarama krishna wrote:
> Hi All,
>
> Can anyone please explain the advantage of using this function in the receiver HTTP adapter( ie
> "Set adapter specific message attribute -> HTTP header fields (Synchronous response)")
> and how this can be implemented?
>
>
>
> Thanks in Adavnce,
> Siva
from help:
If you want to save HTTP header fields from the synchronous response in the XI message header, choose HTTP Header Fields (Synchronous Response) and enter the fields in the fields Field 1 to Field 6.
The fields must have the same names as the fields that are also to be sent in the HTTP response.
The technical names of the fields are HeaderFieldOne,...,HeaderFieldSix.
this means that in case you look to access the header of the response message of a sync http you can use this ASMA.
the implementation will be in your response mapping, using dynamic configuration - /people/shabarish.vijayakumar/blog/2009/03/26/dynamic-configuration-vs-variable-substitution--the-ultimate-battle-for-the-file-name -
ACE Module - HTTP 503 Response
Hello,
Is it possible for Cisco ACE Module to return HTTP 503 to the user making a web (HTTP) request.
Does ACE have any built-in HTTP error response feature.
Thanks.The ACE module can't generate web page.
You should have a server ready to send this page and you can configure ACE to redirect users to that server when required.
Gilles -
ACE One-Arm Source-NAT HTTP Header Insert
Hellow ACE Gurus,
This is probably a dumb question but I'm looking for info on HTTP Header Insert for SSL sessions. Does the HTTP header re-write action list work for SSL traffic? I guess I'm not clear on whether or not the header is encrypted and if the ACE can modify on an HTTPS session. Any input would be greatly appreciated.
/r
RobHi Rob,
When using HTTPS, all the data is encrypted, including the HTTP headers.
In such a situation, if you want to insert headers (or do any other kind of L7 processing), you will have to configure the ACE to do SSL termination. Once the connection is decrypted, the ACE can do any processing it needs before sending the connection towards the server either in clear text or again using HTTPS.
I would recommend you to have a look at the link below. This is an example of how to configure an ACE for end-to-end SSL (so, HTTPS on both sides of the ACE). In the example, the only L7 processing that is being done is matching on the URL, but it would be enough to replace that part with whatever header insertion commands you need
http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml
If you still need more help to understand any of the points involved in the process, please, do not hesitate to contact me again.
Regards
Daniel -
Load Balance Reverse Poxy using ACE and HTTP Header Sticky
Dear all,
I have a reverse proxy that makes HTTP and HTTPS requests to an ACE.
For implement persistence I want to configure HTTP HEADER Stickyness using the X-Forwarder-For information but I don't know:
How to implement it ( I'l apreciate a little example about it).
Which values I need for OFFSET and LENGHT fields.
Can you help me please?
Thanks a lot!!Hi Cesar.
Thanks a lot for your answer but I think you misunderstand the question or I'm not explaninig very well
I don't need to insert anything.
The serverfarm X will be accesed by a reverse proxy. This reverse proxy already inserts the X-Forearder-From header, so the request from the reverse proxy comes with this header to the serverfarm X.
The problem is that now, the serverfarm X sticky the client based on source IP. This is a wrong behavior becasue all the request comes form the same source (Reverse proxy) and all the load forwards to the same real IP address.
This is because I want to change the sticky from source IP to HTTP header and looks for the X-Forwarder-For filed.
Hop it will clarify the question! -
HTTP header insertion problem with ACE
Hi
I try to configure the HTTP header insertion feature based on the action-list type modify http. Unfortunately it does not works.
The config looks like that
action-list type modify http TEST
header insert both Host header-value test:test.
I added this action-list to the correct policy-map.
When I checked the snifer output on the server side, there is no test value in the HTTP header.
I test the same feature based on the "insert-http" command in the policy-map and this one works.
Could anybody help me with this problem?
Thank you in advance
Regards
LucasHi Lukas,
Add a new parameter-map named PRMAP_PERST_REBLNC and add this to the policy map using command appl-parameter http advanced-options PRMAP_PERST_REBLNC as shown below:
action-list type modify http test-insert
header insert both My-Header header-value test
header insert both SSL header-value TRUE
policy-map type loadbalance http first-match HtppInsert
class class-default
serverfarm linux1-80
action test-insert
policy-map multi-match SLB1
class VIP-122-80
loadbalance vip inservice
loadbalance policy HtppInsert
loadbalance vip icmp-reply active
loadbalance vip advertise active
loadbalance vip advertise metric 1
connection advanced-options SetTos
appl-parameter http advanced-options PRMAP_PERST_REBLNC
parameter-map type http PRMAP_PERST_REBLNC
persistence-rebalance
Hope this will make all the packets are inserted with the http header not the first one only.
If it works then plz inform.
Kind Regards.
Sachin Garg -
ACE HTTP Probe with regex
Hi,
I'm trying to setup a HTTP probe with expected string rather then a code (config below). I do a GET for the page then a search for a string in the response however it's not working, as probe appears as failed.
I've tested the connection to the server by using telneting and then looking at the page displayed to make sure the string I want to match is in the response.
probe http HTTP-PROBE
port 43050
interval 30
passdetect interval 30
passdetect count 1
request method get url /action=help
open 43050
expect regex action=help
Q. Is there anything wrong with this configuration and what I'm trying to achive?
Thanks,
PriteshUse "expect status" under probe config. expect regex doesnt work if expect status is not configured.
expect regex work flawlessly with static pages. It doesnt work all the time with dynamic pages.
Specially if "content-length" header is missing from Server response.
Hope it helps
Syed Iftekhar Ahmed -
Hi,
We would like to see the hash value calculated by the ACE when the HTTP probe hash command configured.
This is possible on CSS via the "sh service" command. We have tried to get it from sh rserver , sh probe XXX detail sh serverfarm XXX det but we do not get it.
Is this possible to get it on the ACE as we do on the CSS?
We need this to manually configure it via the hash <value> command because if the ACE probe is reseted for any reason, the probe http hash will be re-calculated based on the first http response of the server and we can not predict that the server will give the expected web page at this time.
A // question is: on what the md5 value is calculated? HTTP header + payload or only http object payload? We have calculated the md5 hash value by ourselves but the probe is still failing whatever the http portion used for the calculation is.
Many thanks for your help.
Regards/ludovic.probe http MD5-HTTP
interval 15
passdetect interval 15
request method get url /index.html
expect status 200 200
hash 2441DA7F68A265F8CFB4426B6897CE33
And here is how I computed the hash on the server itself [linux machine]
md5sum /var/www/HTML/index.html
2441da7f68a265f8cfb4426b6897ce33 /var/www/HTML/index.html
[root@linux-1 tftpboot]#
The probe is UP
switch/Admin# sho probe MD5-HTTP detail
probe : MD5-HTTP
type : HTTP
state : ACTIVE
description :
port : 80 address : 0.0.0.0 addr type : -
interval : 15 pass intvl : 15 pass count : 3
fail count: 3 recv timeout: 10
http method : GET
http url : /index.html
Hash-value : 2441da7f68a265f8cfb4426b6897ce33
conn termination : GRACEFUL
expect offset : 0 , open timeout : 10
expect regex : -
send data : -
--------------------- probe results --------------------
probe association probed-address probes failed passed health
------------------- ---------------+----------+----------+----------+-------
serverfarm : linux1
real : linux1[0]
192.168.30.27 13 4 9 SUCCESS
md5sum is a standard tool.
Nothing fancy about it.
Gilles. -
OIF11g - Help on sending user attributes in HTTP header
Hello, I have a OIF11g setup configured for both IdP and SP. Upon successfull authentication against LDAP, I need to end some user attributes on the HTTP header to the SP application. I do no have OAM in my setup, so there is no option of Webgate or Policy Manager to do that. As far as I read the config doc, I'm in the impression that we need to write a custom authentication engine to accept user credentials and code to authenticate against LDAP and also add attributes to the response header.
Before I go down that path, just wanted to confirm if anybody has done this with OIF?
Thanks,
Sunil.Bernhard:
Actually the headers are not set to null. I have an intermediate index.jsp page which is the first page that is redirected to by the AM - it is this page which calls my LoginServlet.
The value appears consistently on this index.jsp page but after it is forwarded to the LoginServlet it starts behaving inconsistently. I check the system.out log in my websphere /logs folder and that tells me that LoginServlet does not consistenly get these values from the header.
The wierd part is that if I use cookies or attributes, it works perfectly - each time every time. However, only in the case of headers (which is the method i am required to do) it behaves inconsistently.
ANY feedback/help on this would be really appreciated bern.. thanks..
~saahil
Maybe you are looking for
-
Material Ageing Report Through ABAP( MC46 Tcode Wise)
Hi, I want to develop report for Material Ageing Report which is similar to the Tcode MC46 but the problem is functional consultant told me about this tcode only and there is no such information regarding the specified tables which are to be used. I
-
How to transfer files from a window PC to iPad3?
How to transfer files (mainly PDF files) from a window PC to iPad3? I am a new user of iPad, please tell me the basic method.
-
What's the maximum size of a pdf you can upload to the adobe cloud service?
I'm trying to upload a book of 545 MB of size, with no success at all. Any information about restrictions? Thanks for the reply.
-
I have an iPod nano and I purchased a video album from the iTunes store. I understand that I cannot play the video on my nano, and that is fine. However, I was wondering if there is some way that I can play the audio from the video album on the nano?
-
Hi, I'm trying to get the OHW-RC running on my Glassfish 3.1.2.2 server. After fixing the invalid web.xml, I managed to deploy and open it, but pressing any of the navigation items refreshes the application to its starting state - the welcome page. T