ACE - HTTPS redirection
Hi,
How to configure the ACE to redirect a https request to different url.
For example
Clients requesting https://www.mycompany.com shall be redirected to https://www1.mycompany.com.
Please let me know.Thanks in Advance
Hi Gilles,
I am having the certificate and the key.
Please check the config and confirm whether this looks fine or not.
I am using GSS to resolve www.mycompany.com and www1.mycompany.com
probe http Server1
interval 15
passdetect interval 60
request method head url /keepAlive.html
expect status 200 202
open 10
parameter-map type ssl PARAMMAP_SSL_TERMINATION
cipher RSA_WITH_3DES_EDE_CBC_SHA
cipher RSA_WITH_AES_128_CBC_SHA priority 2
cipher RSA_WITH_AES_256_CBC_SHA priority 3
rserver redirect HTTPS-REDIRECT
conn-limit max 4000000 min 4000000
webhost-redirection https://www1.mycompany.com.au 301
inservice
serverfarm host SFARM_HTTPS
rserver Server1_http 80
inservice
serverfarm redirect https-redirect
rserver HTTPS-REDIRECT
inservice
ssl-proxy service SSL_PSERVICE
key MYKEY.PEM
cert ACE-SP2.CER
ssl advanced-options PARAMMAP_SSL_TERMINATION
class-map type http loadbalance match-any HTTPS1
2 match http header Host header-value "www[.]mycompany[.]com"
class-map type http loadbalance match-any HTTPS2
2 match http header Host header-value "www1[.]mycompany[.]com"
policy-map type loadbalance first-match HTTPS
class HTTPS1
serverfarm https-redirect
class HTTP2
serverfarm SFARM_HTTPS
class class-default
serverfarm SFARM_HTTPS
policy-map multi-match HTTPS-PM
class HTTPS-RED
loadbalance vip inservice
loadbalance policy HTTPS
loadbalance vip icmp-reply active
ssl-proxy server SSL_PSERVICE
Also let me know know if there is any another way to configure the redirection other than matching host header.
Thanks in Advance
Similar Messages
-
ACE http redirect on probe fail & others
Hi everyone,
I have multiple http based application running on 2 servers and they all be referenced behind the publised VIP from the load balancer.
The probes are already there, applications are accessed but one criteria from the business is not to fail the whole server for one application. There is some independance between the apps that if one fails, the other would need to still load balanced.
I would like, if the application fails on both server, to maybe be able to redirect to another URL any request for a particular App/URL.
Any suggestions ?Hi,
To not declare a real server down if one of its applications fail, you should configure your probes in your serverfarm, and (if not already done) create a serverfarm per application.
If you want to be able to redirect a request send to a failed serverfarm, you can configure a backup serverfarm in you L7 policy map like this:
serverfarm name1 backup name2
The second serverfarm should then be of the type:
serverfarm redirect name2
webhost-redirection relocation_string [301 | 302]
where the relocation_string is the URL that should be used, 301 is permanently moved and 302 is temporarily.
For the relocation_string, you can use following special characters:
%h Inserts the hostname from the request Host header
%p Inserts the URL path string from the request
Mor info can be found in this doc:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/slb/guide/slbgd.html
Hope this helps.
Kr,
Dario -
ACE http/https redirect or rewrite
Greetings,
We have a setup that requires ACE http/https redirection or rewrite.
A client connects to a secured Web portal which has its ssl termination on the ACE.
The web portal will request from the client a redirection to another application. As the portal is unaware that the incoming client https request was terminated on the ACE,
the client receives the redirect request for an unsecured http URL rather than for the secured https URL.
In this case what would be best to use? ACE "rewrite" or "redirect"?
Will the following example config for ACE "redirect" be sufficent to implement this?
ssl-proxy service ssl-App-443-81
key app1.test.com.key
cert app1.test.com.cert
rserver redirect App-secure-redirect
webhost-redirection https://app1.test.com/Go/
inservice
serverfarm redirect App-secure-redirect-sf
rserver App-secure-redirect
inservice
serverfarm host App-81-sf
probe TCP81
rserver proxy1 81
inservice
rserver proxy2 81
inservice
parameter-map type http http_param_map
header modify per-request
sticky http-cookie App-cookie App-sticky
cookie insert
replicate sticky
serverfarm App-81-sf
class-map match-any App-443-81-cm
2 match virtual-address 10.10.10.112 tcp eq https
class-map match-any App-81-cm
2 match virtual-address 10.10.10.112 tcp eq 81
class-map type http loadbalance App-secure-redirect-cm
match http url http://app1.test.com:81/Go/
policy-map type loadbalance http first-match App-rewrite-pm
class App-secure-redirect-cm
serverfarm App-secure-redirect-sf
policy-map type loadbalance http first-match App-sticky-443-81-pm
class class-default
sticky-serverfarm App-sticky
policy-map multi-match policy-inbound
class App-81-cm
loadbalance vip inservice
loadbalance policy App-rewrite-pm
loadbalance vip icmp-reply active
loadbalance vip advertise active
class App-443-81-cm
loadbalance vip inservice
loadbalance policy App-sticky-443-81-pm
loadbalance vip icmp-reply active
loadbalance vip advertise active
appl-parameter http advanced-options http_param_map
ssl-proxy server ssl-App-443-81If you are offloading www.yoursite.com on ACE and on the backend
real servers are not ssl aware (sends URL with http://) then with
following sample config you can instruct ACE to rewrite such urls (http->https)
class-map match-all VIP-443
match virtual-address x.x.x.x tcp eq https
action-list type modify http HTTP2HTTPS-REWRITE
ssl url rewrite location www\.yoursite\.* sslport 443 clearport 80
policy-map type loadbalance first-match YOUR-POLICY
class class-default
serverfarm YOUR-SFARM
action HTTP2HTTPS-REWRITE
class VIP-443
loadbalance vip inservice
loadbalance policy YOUR-POLICY
loadbalance vip icmp-reply active
ssl-proxy server YOUR-SSL-SERVICE
You need Ace2.x+ on Ace module & 3.x+ on 4710 appliance for this feature.
Syed Iftekhar Ahmed -
ACE: URL redirect - not working
Hi,
I've to do url redirection from port 80 to port 443. I've following configured:
rserver redirect url.test.com-rd
webhost-redirection https://url.test.com/
inservice
serverfarm redirect url.test.com:80
description url.test.com - port 80 redirect ***
rserver url.test.com-rd
inservice
class-map match-any url.test.com:80
2 match virtual-address 192.168.1. tcp eq www
policy-map type loadbalance first-match url.test.com:80
class class-default
serverfarm url.test.com:80
policy-map multi-match LOAD_BALANCE
class url.test.com:80
loadbalance vip inservice
loadbalance policy url.test.com:80
loadbalance vip icmp-reply active
===
with above configuration, ACE is redirection port 80 to port 443 but it also rewrites the header. i.e. ACE send me to
"https://url.test.com/" if I type "http://url.test.com/abc" in the browser. It should have redirected to "https://url.test.com/abc" ( it shouldn't have removed "/abc")
could you advice how to accomplish it.
Thanks in advance...Hi,
thanks pablo. but that isn't expected response. redirected url shows the load balanced server. i.e. for the following serverfarm of port 443:
serverfarm host url.test.com:443
description url.test.com - Port 7777 ***
failaction purge
probe url.test.com:7777
rserver server1.test.com 7777
inservice
redirected url comes as "http://server1.test.com:7777/abc/" ...instead of what I expect .i.e. i expect "
https://url.test.com/abc/" -
Hi guys.
Recenty I see the following config.
rserver redirect REDIRECT-TO-HTTPS
webhost-redirection https://%h%p 301
inservice
serverfarm redirect REDIRECT-SERVERFARM
rserver REDIRECT-TO-HTTPS
inservice
I suspect this is a generic config to rewrite a redirection sent from rsever to client when it sends a http redirection and the client need to do a https conection.
My question is: this configuration will rewrite all redirect? What happens if the redirect sent from real server need to reach the client as http (not translated)
Thanks in advance.Hi David,
The above configuration is for ACE to redirect and not "Rserver". So if a user comes on http://xyz.com and you want ACE to redirect it to https"//xyz.com, you use above configuration. Now there will be a class-map condition as well as policy maps and hence ACE will redirect only those requests which will match the condition. Also, redirect and rewrite are two different functions. If you want the ACE to intercept server response and rewrite it, then you should have a look at "URL Rewrite as well as SSL rewrite" features. Again you will have proper configurations place for ACE to decide what to rewrite and what not.
Let me know if you have any questions.
Regards,
Kanwal -
SharePoint public facing site does not open in sharepoint designer after giving http redirect in IIS
I have a public facing sharepoint site
We gave http redirect in IIS due to which I am unable to open the site in SharePoint Designer and gives error message site not found in webserver.
If i revert back the settings (remove the http redirect link) i m able to open the site in designer.Please let me know how can I resolve the issue in opening site in SharePoint designer after http redirect setting done in IISLooks like an AAM issue. What URL of the site you are trying to open with designer and what are your AAM settings?
Ronald Bruinsma - Independent SharePoint Consultant - iDocs.info - The Netherlands
Ronald I got the same issue here is my info:
sharepoint site: http://<servername>/sites/mycompany
<ServerIP>
Default
http://servername
<Servername>
Default
http://servername
http://contoso.mycompany.com
Extranet
http://contoso.mycompany.com
In IIS webapp 80. http redirect:
redirect requests to this destination is checked: http://contoso.mycompany.com/sites/mycompany
can you help me? thanks -
I am having a problem getting into the App Store on my iPhone since the recent update, I have a 4s and it appears the feature tab is not working. When I try to go into the feature tab in the App Store I get a message "too many HTTP redirects" ?... Does anyone now hoe to fix this issue, the other tabs are working okay and everything is working on my iPad ?
Look at iOS Troubleshooting Wi-Fi networks and connections http://support.apple.com/kb/TS1398
iPad: Issues connecting to Wi-Fi networks http://support.apple.com/kb/ts3304
iOS: Recommended settings for Wi-Fi routers and access points http://support.apple.com/kb/HT4199
Additional things to try.
Try this first. Turn Off your iPad. Then turn Off (disconnect power cord for 30 seconds or longer) the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
Go to Settings>Wi-Fi and turn Off. Then while at Settings>Wi-Fi, turn back On and chose a Network.
Change the channel on your wireless router (Auto is best). Instructions at http://macintoshhowto.com/advanced/how-to-get-a-good-range-on-your-wireless-netw ork.html
Another thing to try - Go into your router security settings and change from WEP to WPA with AES.
How to Quickly Fix iPad 3 Wi-Fi Reception Problems
http://osxdaily.com/2012/03/21/fix-new-ipad-3-wi-fi-reception-problems/
If none of the above suggestions work, look at this link.
iPad Wi-Fi Problems: Comprehensive List of Fixes
http://appletoolbox.com/2010/04/ipad-wi-fi-problems-comprehensive-list-of-fixes/
Fix iPad Wifi Connection and Signal Issues http://www.youtube.com/watch?v=uwWtIG5jUxE
Fix Slow WiFi Issue https://discussions.apple.com/thread/2398063?start=60&tstart=0
Unable to Connect After iOS Update - saw this solution on another post.
https://discussions.apple.com/thread/4010130
Note - When troubleshooting wifi connection problems, don't hold your iPad by hand. There have been a few reports that holding the iPad by hand, seems to attenuate the wifi signal.
~~~~~~~~~~~~~~~
If any of the above solutions work, please post back what solved your problem. It will help others with the same problem.
Cheers, Tom -
How are you supposed to REPORT THE PROBLEM when it DOESN'T EVEN WORK!!
I clicked it as I got a receipt for something that HAS NOT EVEN BEEN BOUGHT ! (It's funny how apple try to charge me twice for something when I work nightshift and my phones switched off!)
and all that happened was it came up saying "too many HTTP redirects" .
And it won't let me report it ! XGo here:
http://www.apple.com/support/itunes/contact/
and follow the instructions to report your issue to the iTunes Store.
Regards. -
I purchased 2 packages of gems for skylanders and only received 1 package. Got email receipts and tried to report problem with link in email on my ipad2 and it keeps coming up with to many https redirects. Can anyone help? Just want my gems :).
Contact iTunes Customer Service and request assistance
Use this Link > Apple Support iTunes Store Contact -
How do I get rid of (to many HTTP redirects) from my App Store
Every time I go to categories or top 25 I cannot get in it keeps saying to many HTTP redirect how can I fix this
It did not start until I had my phone reset. And I try resetting my phone again and it won't even reset nowClearing the History and Cookies on Safari then closing safari from the background has helped me with this issue
Go to Settings then click on Safari. Once there, clear the cookies and data. Then go into safari app then clear the history. Once you do that, close safari from the background by double clicking the home button, hold the app then hit the red - to close. -
Every time I open the app store on my iPod touch, it says 'too many http redirects' whenever I click on the Categories and Top 25 tabs. I tried force quitting the app store, that didn't work. I tried closing all windows in Safari and force quitting safari, also didn't work. I reset the network settings, that didn't work either. When I reset all settings, it appeared to work. The tabs were different (it had a Genius tab), but it worked. However, immediately after force quitting the app store (I force quit a lot to keep as much RAM clear as possible), the same thing happened again. Does anyone know a permanent, Apple-supported solution to this problem? And please do not say restoring it. I don't want to start from scratch just to potentially experience the same problem.
See:
to many HTTP redirects: Apple Support Communities
However, it seems to be an Apple/network problem beyond your control -
I need to know how to force a https redirect in Adobe Muse if this can't be done please tell me so I don't waste any more time... please
Protocol usage and redirects are a server-side thing. This has nothing to do with designing the web page and thus nothing with Muse, either.
Mylenium -
Setting HTTPS redirect in NetWeaver CE 7.1 EhP1
I would like to redirect all HTTP requests such that users will always use HTTPS access. I found an OSS note 973644 that explains the steps for non CE environments. Does anyone know how to setup HTTPS redirect on NetWeaver CE 7.1 Ehp1?
Regards,
AsifHi Lee,
I think I know how to solve this. I have just solved a similar problem with my PI 7.1 EHP1. Deployment in JSPM of various software components all failed like this example:
JSPM log:
Deploy status is 'Aborted'
Client path '
pi71\sapmnt\trans\EPS\in\SAPXIAF04_7-20002649.SCA'
Description:'1. ERROR CODE DPL.DS.5089 Exception during generating components of sap.com/com.sap.aii.af.app application in webservices_container container.
-> com.sap.engine.services.webservices.espbase.configuration.BindingData.getConfigurationType()I'.
Default Trace:
Caused by: java.lang.NoSuchMethodError: com.sap.engine.services.webservices.espbase.configuration.BindingData.getConfigurationType()I
at com.sap.engine.services.webservices.server.deploy.WSBaseAbstractDProcess.getBindingDataId
After that most of the browser based admin apps, such as NetWeaver Administrator ( /nwa ), would refuse to start.
But finally after several tests, searching on SDN+SMP and restore to backup version I found the solution in [SAP Note 1328776|http://service.sap.com/sap/support/notes/1328776] which describes a similar problem: Update to the newest version of ENGINEAPI 7.11. Today this is ENGINEAPI04P_4-20002603.SCA.
You may also want to make sure that you are running the newest version of the Configuration Wizard, so you should check/update LMTOOLS, LMCTC and LMCFG*, currently LMTOOLS04P_3-20002705.SCA, LMCTC04P_1-20002694.SCA and LMCFG04P_4-20002729.SCA.
I hope this proves to be useful.
regards
Mauri -
Http redirects not changing url in address bar
I'm going crazy trying to fix a major bug in our application. Http
redirects are not changing the url in the address bar of the latest versions of internet explorer. But this only happens if the redirected page is an xml page with an xslt reference for the browser to do the transformation. Mozilla seems to work fine, but I seem to have encountered a major bug in Internet Explorer. If anybody can help or at least point me in a direction I'd be SO grateful. This doesn't seem to be a java servlet specific issue, but that's what we're using so I thought I'd ask the question here too.
We have an MVC type framework we developed. For example, if you were to add something to a shopping cart, the url might be:
http://ecommerce.com/cart/add?sku=54321. In the add servlet, we would add the sku to your shopping cart and then redirect to, let's say,
http://ecommerce.com/displaycart. I think this is how most MVC frameworks work. And it works great for us.
The problem began when we started sending XML to the browser with an XSLT stylesheet. So now the browser does the transformations (if the browser is capable of doing them, which we check) instead of the server. This is a major part of our project. One of the reasons we started this.
The problem is that Internet Explorer no longer updates the url in the
address bar after a redirect. Mozilla works great though. We haven't
tested on other xslt capable browsers yet. In the example above, what would happen is after adding something to your shopping cart, the "displaycart" page would be shown but the http://ecommerce.com/cart/add?sku=54321 url would be shown in the address bar. It wouldn't seem to be too big of a deal since everything works. But now all the relative links are messed up. They start from the "cart" directory. So we need absolute links. But that introduces many other problems. We then need to know the host and the parent directories (not as easy as it seems).
So is there a solution? Is this a big bug that nobody has realized yet (or maybe they have, but my searches don't see it) in internet explorer? Is there a way for the redirected url to appear in the address bar from a browser-based xslt transformation in internet explorer? By the way, I'm testing with the latest version of IE6.0 as of July 7, 2003.
When testing, redirects work perfect if I do the xslt transformation on the server side and just send plain html to internet explorer. And it works perfect with either serverside or browserside xslt transformations in mozilla.
Scott Mueller
AccelerateBiz IncorporatedAs I've been reading in the specs, microsoft, etc, it seems that it's not what's supposed to happen. But the specs are not very specific about this. However, internet explorer DOES always replace the url in the address bar with the redirected url if HTML is being returned from the redirected servlet. As is the case with all other browsers. So, at least, this behavior is the de-facto standard.
BUT when the redirected to page is an xml page which references an xslt stylesheet.. then, ONLY in internet explorer, the original url is what's shown in the address bar (and, more importantly, what's used as the base url). Regardless of what the links look like or how they're manipulated in the transformed HTML that ends up being shown, I can't seem to make the url in the address bar the redirected url.. -
Http redirection limit in safari
Hi,
I'll try to be as clear as possible about my question:
Situation
I took 10 Macbook Air's out of their boxes, installed Mountain Lion and installed the latest updates.
When visiting a (Citrix) portal, i have no issues with Safari after logging in and clicking on the presented ICA file.
Next, i took 10 Macbook Pro's out of their boxes, repeated the same steps to install and update them. When visiting that same portal, logging in with the same credentials, i get errors in Safari about too many HTTP redirects.
Research on this topic
I've researched this error, many people blame the website your visiting. this is wrong in my case, since the first 10 laptops didn't show that error.
It is advised to reset Safari; i tried. didn't solve my problem. Besides, why would it make a difference since the first 10 laptops didn't get that error ?
It turned out, after Googling some more about this, that each browser (Safari, Chrome, Firefox, Opera) has a limit set for HTTP redirections (the default amount of max. redirections is 20).
On lots of websites people fixed this issue bij installing FireFox, which i is my preferred solution; i want my customers to just use Safari. But, for being sure if this would indeed solve the issue i tried this solution: in about:config changing the properties for HTTP redirection settings from 20 to some higher value (i used 999 in my test) fixed the issue. This seems to be the proof getting the "too many HTTP redirections" isn't neccesarily caused by the website. It is caused by the restriction of having a max ammount of http redirections in Safari.
The Question
In Safari 6, how do i change the max ammount of HTTP redirections ?
Is there some sort of hidden preference pane ?Then, your only action is to follow its steps:
If the issue persists, sending feedback to the affected website may help. You can also send feedback to Apple by choosing Safari > Report Bugs to Apple.
Also, a google search for redirects site:developer.apple.com
yields
http://developer.apple.com/library/mac/#documentation/cocoa/conceptual/urlloadin gsystem/Articles/RequestChanges.html and
http://developer.apple.com/library/ios/documentation/Foundation/Reference/NSURLC onnectionDataDelegate_protocol/NSURLConnectionDataDelegate_protocol.pdf
Maybe you are looking for
-
Error #2048: Security sandbox violation
I've been developing Flex apps for a couple of years now and feel comfortable with my development environment. I'm testing out Gumbo in my same environment (new workspace): WAMP based My test app works fine on my localhost set up... but when I upload
-
Deleted an app store purchase while reinstalling purchases...
In the process of reinstalling apps after a MacAir snafu...went to app store to reinstall purchases...hit the "X" (immediate delete) for iPhoto... Question: do I have an option other than REpurchasing iPhoto!?
-
sorry if this is duplicate question but I could not find the answer anywhere..! I have ARD 3.2 on my macbook pro and I am connected to my mac mini and but every-time I tried to copy a file either way it wont work I keep getting this error: "Copy fail
-
Equium M50 - The battery will not charge
Hi, I need some advice regarding a charging problem on my PC. The battery will not charge and the level indicator shows a constant 5%. The machine is about 15months old and does not get hard usage, probably an average of 5-10 hours per week.Usually i
-
IPad can't recognize wifi networks
Recently purchased an iPad 2. On 3 occasions it has been able to see my home network, has connected and worked fine for a few minutes, then disconnects and can't see the network. All gaming devices, multimedia devices and android devices in my home h