ACE redirect problem

Hi,
Hopefully someone can tell me if what i'm trying to achieve is possible. I need to append details to a URL, i've attempted a rewrite but dont want to send the 10.10.10.1 address back to the client and want to send their original request with the appended URL. As the ip and port are staying the same the request loops. Hardware ACE 4710 software A3 (2.0)
I need to loadbalance.
http://ourdomain.com:9080 > http://10.10.10.1-10:9080/ThisBitAdded
ourdomain.com resolves to the same address every time, 10.10.10.1-10 are the real servers.
Any help greatly appreciated.
Thanks
Chris

Chris:
As I'm preparing a response, I'm curious about how you have it set up at this point. What is the configuration that you were testing?

Similar Messages

Ace Redirect and re-write

Can anybody point me in the right direction for changing the URL when the ACE is performing the redirection?
I have the standard ace redirection to HTTPS set up and it is working fine.
I have a wildcard certificate *.abc.com but when the application was being tested the URL abc.com kicks up a certificate error in the browser.
Not sure if I should have set the CN as *acb.com when ordering it but its done now.
I am wanting to redirect when http://abc.com is put in the client browser to https://www.abc.com
I have tried reading these forums and using header rewrite to change the location on response but it just doesn't seem to work.
I have tried deleting/renaming/replacing the host header on request and rewrite/delete on response. Tried all sorts of regex nothing works.
I can insert a header so I know the action is being hit, just can't seem to change the host on request or location on response.
Any idea's?
I am guessing the inner workings only allow for modification of these headers when the redirects are being done by the server and the headers are passing through the load balancer.
on latest 5(2.1) version
example of one I tried
action-list type modify http ABC_MODIFY
header rewrite response location header-value "https://abc(.*)" replace "https://www.abc%1"
then applied to policy redirect map

I tried another approach which seemed to work.
rserver redirect RED2A
webhost-redirection https://www.%h 302
inservice
rserver redirect RED2
webhost-redirection https://%h 302
inservice
serverfarm redirect RED2-VIP-IN
rserver RED2
inservice
serverfarm redirect RED2A-VIP-IN
rserver RED2A
inservice
class-map type http loadbalance match-any RED2A-VIP-IN
2 match http header Host header-value "abc.com"
class-map match-any RED2-VIP-IN
2 match virtual-address x.x.x.x tcp eq www
..etc
policy-map type loadbalance first-match RED2-VIP-IN-LB-POLICY
class RED2A-VIP-IN
serverfarm RED2A-VIP-IN
class class-default
serverfarm RED2-VIP-IN
this seemed to redirect the abc.com to https://www.abc.com and the other requests like other.abc.com to https://other.abc.com
I tried regex for the header value match like [^\.]abc.com and ^abc.com but these didn't seem to match.

ACE Redirect not working

We have a ACE redirect configured on 3 physically seperate ACE modules with the following config. It works on one ACE Module and not on the other 2.
Capture on the ACE and sniffer gives this error.R [bad tcp cksum 2d41!] ACE sends resets to the client. Anyone run into this issue?
The software version is   system:    Version A2(1.0a) [build 3.0(0)A2(1.0a)
rserver redirect Test
webhost-redirection http://www.test.com
inservice
serverfarm redirect Test
rserver Test
    inservice
class-map match-any Test
2 match virtual-address 192.168.10.10 tcp eq www
policy-map type loadbalance first-match Test
class class-default
    serverfarm Test
class Test
    loadbalance vip inservice
    loadbalance policy Test
    loadbalance vip icmp-reply active

Sorry maybe I didn't explain what I was getting at good enough...
I guess I'm basically asking if there's potential for asymmetry at the site that's not working.
For example.
Say I have a load balanced server. It has two interfaces a "front end" and a "back end". I manage the server on the backend from my laptop, for which the server has a route. Now if I try to hit the public VIP of the LB, traffic is routed to the VIP, then to the server, but because the server already has a route to my laptop via the backend, it bypasses the load balancer on the return and replies directly to me, thus putting the flow out of sync and never completing the connection...
Not saying that's it, but I've had so many asymmetry issues that are tough to figure out that It's usually one of the first things I rule out...
It's possible if the site that's not working is local to you and the others aren't, this may be a potential issue??

Dynamic form "Cancel" redirect problem in frames - bugfix?

My question: Is there a "long run" down side to my implementing this modification to style.js?
The below post by Ionut:MX Division Support Specialist worked for me as a solution to a current form "click cancel" redirect navigation problem:
When a DWtoolbox dynamic form wizard form is placed on a page within frames, clinking on cancel does not return a user to the list that sent them to the form. The user is sent somewhere else.
Begin Ionut post-------------
If you don't need to add extra parameters to the "Edit" button, you can solve the redirect problem by editing the "/includes/skins/style.js" file and replace:
nxt_list_edit_link_form(this, myinput.previousSibling.href);
with:
nxt_list_edit_link_form(this, a.href);
End----------------------
Thanks Ionut for the tip and anyone in support for letting me know if this is a safe mod for the long run,
Steve M

Hi Marny,
Hello Steve. I am new to Adobe & very confused. You seem to grasp the program very nicely, please help Me?
I´m not not Steve, however -- what problem do you have exactly, and is this problem related to the "Adobe Dreamweaver Developer Toolbox" extension or related to Dreamweaver ?
If it´s related to ADDT, please describe your problem by starting a new thread -- if it´s related to Dreamweaver, please post your questions in the general Dreamweaver forums.
Cheers,
Günter Schenk
Adobe Community Expert, Dreamweaver

Proxy redirect problem

I'm having a redirect problem going through a weblogic proxy. An app I was using appears to be redirecting the browser always to localhost:7121 which won't work with access via the my domain.
To explain fully I set up a test JSP page which outputs request.getRequestURL().toString() so I could trace what was happening. The weblogic configuration is explained below:
I'm using Weblogic 8.1 sp5. I've setup a 4 instances: a proxy (port 7120), redirector (port 7121) and cluster (two instances running on 7131, 7132)
If I navigate to:
http://localhost:7120/myapp/test.jsp my test page outputs: request.getRequestURL().toString() : http://localhost:7121/myapp/test.jsp
and again to:
http://localhost:7131/myapp/test.jsp my test page outputs: request.getRequestURL().toString() : http://localhost:7121/myapp/test.jsp
or
http://localhost:7132/myapp/test.jsp my test page outputs: request.getRequestURL().toString() : http://localhost:7121/myapp/test.jsp
The output is always the same ... it always says the requestURL is from localhost:7121 the redirector?
Can anyone help explain why I always get the same output? It is completely baffling me.
Thanks,
Matt
Edited by: user5673380 on Oct 15, 2008 3:52 PM

The problem was caused by incorrect configuration of FrontEndHttpPort and FrontEndListener and FrontEndHost in the cluster configuration. These values were incorrectly during config wizard install.

I want to downgrade from ios7 on my ipad mini-it seems to have affected certain websites which I now can't access due to 'redirect' problem

I want to downgrade from ios7 on my ipad mini-it seems to have affected certain websites which I now can't access due to 'redirect' problem....

Google is your friend. You have to move very quickly on this. It can't be discussed how to do it on this site and is not supported.

ACE Redirect. Configuration Problem?

Hi,
I´m configuring Redirect in ACE 4710 and it doesn´t work fine. The client has two real servers and he wants redirect the traffic when both real servers are down.
They have other server with static content (http) for redirect the trafic.
The configuration is (complete configuration is attached):
rserver host Backup_Rserver
ip address 192.168.0.212
inservice
rserver host achs-tamw01
ip address 192.168.0.217
inservice
rserver host achs-tamw02
ip address 192.168.0.205
inservice
rserver host achs-tamw03
ip address 192.168.0.203
inservice
serverfarm host SF_Backup
rserver Backup_Rserver 80
    inservice
serverfarm host TAMW_80
predictor leastconns
probe PROBE_TAMW:80
rserver achs-tamw01 80
    inservice
rserver achs-tamw02 80
    inservice
rserver achs-tamw03 80
    inservice
sticky ip-netmask 255.255.255.255 address source TAMW_80_STICKY
replicate sticky
serverfarm TAMW_80 backup SF_Backup
policy-map type loadbalance first-match VIP-POLICY-TAMW_80
class class-default
   sticky-serverfarm TAMW_80_STICKY
policy-map multi-match LB-VIP
class VIP_TAMW_80
    loadbalance vip inservice
    loadbalance policy VIP-POLICY-TAMW_80
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 10
interface vlan 10
nat-pool 1 172.16.10.39 172.16.10.39 netmask 255.255.255.255 pat
service-policy input LB-VIP
When both real servers are down, the VIP remains operational and the backup real servers is operational and I can see statistics increase in this server:
ACE-CC/Contexto_B# sh rserver
rserver              : Backup_Rserver, type: HOST
state                : OPERATIONAL (by default, unverified)
                                                ----------connections-----------
       real                  weight state        current    total
   ---+---------------------+------+------------+----------+--------------------
   serverfarm: SF_Backup
      192.168.0.212:0       8      OPERATIONAL 4          66
In these moment both real servers were down and I could see connections, but when user from Internet o LAN try to connect it can´t see static content.
ACE-CC/Contexto_B# sh service summ
service-policy: LB-VIP
Class                            VIP             Prot Port        VLAN          State    Curr Conns   Hit Count Conns Drop
VIP_TAMW_80                      172.16.10.150   tcp   eq 80       1,10           IN-SRVC          21         903          0
VIP remains operational.
Regards,
Jaime

Hi Peter,
I did test only in HTTP mode. In the configurations you can see that I applied a backup server only the port 80:
serverfarm host SF_Backup
   rserver Backup_Rserver 80
    inservice
I didn´t create a SF_Backup_443 because we were testing only with services in HTTP.
I still can´t do labs test, although it seems that configuration is well.
Regards.
Jaime.

ACE: SSL termination, Probe and Redirect problem

Hello,
I have problem with three things: -1) SSL offload, -2) probe, and -3) server redirect.
1) I made SSL offload like shows attached file with "show run". But during going to the VIP address by the browser: https://192.168.254.143 I get window with Java error: java.lang.NullPointerException - I have to click OK on this window and then can work fine. Without SSL offload I don't have this error message in window.
When I have SSL offload I have following configuration:
ssl-proxy service SSL
key klucz.pem
cert certyfikat.pem
serverfarm host SFARM
rserver S1 8080
rserver S2 8080
policy-map multi-match SLB-POLICY
class SLB
ssl-proxy server SSL
Without SSL offloading I have only this:
serverfarm host SFARM
rserver S1 (without 8080!)
rserver S2
2) Right now I have two real servers and I send traffic to them by port TCP 8080. So I made probe to check TCP 8080 port availability.:
probe tcp TCP_8080
port 8080
interval 15
passdetect interval 60
serverfarm host SFARM
rserver S1 8080
probe TCP_8080
inservice
rserver S2 8080
probe TCP_8080
inservice
I want also check port TCP 6400 availability, and I only one from port 8080 or 6400 don't work - make real server unavailable. So must work TCP port 8080 ang 6400 togethet to treat real server as operational.
So I want to make something like this:
probe tcp TEST
port 8080 and 6400 !?! - ofcourse It is impossible but I want to make config with this functionality.
How to do this?
3) I hant to make that when I write in browser https://bo.kw.coig.biz/ = https://192.168.254.143 I want to be redirected to one of real server on address: https://bo.kw.coig.biz/businessobjects/enterprise115/desktoplaunch/InfoView/logon/logon.do
I made something like this:
rserver redirect S3
webhost-redirection https://%h/businessobjects/enterprise115/desktoplaunch/InfoView/logon/logon.do 302
inservice
serverfarm redirect REDIRECT
rserver S3
inservice
policy-map type loadbalance first-match POLICY-TYPE
class class-default
serverfarm REDIRECT
But this configuration dosn't work. I have in browser window with error messeging.
How to do this?

1/ this is a java problem.
Java is telling you that it attempted to use a null pointer. You need to check with the people who created the java program
2/ you can configure multiple tcp probe, one for each port you need to monitor and assign all the probes to the serverfarm.
BTW, you can assign the problem to the entire serverfarm so you don't need to specify it for each rserver.
3/ the problem with your redirect is that you applied to class-default.
So even a request to ...../logon will be redirected to ...../logon.
Therefore you just created a nice loop.
You need to create a class-map to only match the url "/" so the redirect is only applied then.
Gilles.

ACE port redirection problem

I am using standard http port 80 in front end (between the end user and ACE module ) and I am using port 9080 for backend (between the ACE and servers).
I don't want the port number 9080 to show up in the url
http://www.Trading.com:9080/ANTOnline
how can i hide the port 9080 from the end user

Try this config:
rserver host Server001
ip address 10.1.1.1
inservice
rserver host Server002
ip address 10.1.1.2
inservice
serverfarm host SF001
probe CHECK.HTML
rserver Server001 9080
inservice
rserver Server002 9080
inservice
class-map match-all R001
2 match virtual-address 1.1.1.1 tcp eq www
policy-map type loadbalance first-match P001
class class-default
serverfarm SV001
policy-map multi-match L4-LB
class R001
loadbalance vip inservice
loadbalance policy P001
loadbalance vip icmp-reply
It should solve your problems

ACE redirect to different URI on rserver

         We use JDE and up to now part of the tools was Apache which would redirect as follows
http://alias.server to http://real.server:13333/main.maf
the latest version no longer uses Apache so I was wondering how I can do it on the ACE
of course there is no problem going from alias.server port 80 to real.server:13333 but how can I add the URI main.maf?

Hi
The configuration would look like the following:
rserver host CHIJTW55
description CHIJTW55
ip address 172.16.98.106
inservice
rserver redirect JDEDV_RED
webhost-redirection http://172.16.73.10:13333/main.maf 301
serverfarm host JDEDV
description JDEDV servers
failaction purge
probe tcp13333
rserver CHIJTW55 13333
    inservice
serverfarm redirect REDIRECT_FARM
     rserver JDEDV_RED
       inservice
class-map match-any JDEDV_vip_80
2 match virtual-address 172.16.73.10 tcp eq www
class-map match-any JDEDV_vip_13333
2 match virtual-address 172.16.73.10 tcp eq 13333
policy-map type loadbalance first-match JDEDV_80
class class-default
    serverfarm REDIRECT_FARM
policy-map type loadbalance first-match JDEDV_13333
class class-default
    serverfarm JDEDV
policy-map multi-match MULTI_POLICY
class JDEDV_vip_80
    loadbalance vip inservice
    loadbalance policy JDEDV_80
class JDEDV_vip_13333
    loadbalance vip inservice
    loadbalance policy JDEDV_13333
interface vlan X
     service-policy input MULTI_POLICY
I hope this helps
Daniel

ACE redirection issue

Hi,we have our main website https://abc.com and it provides links to users for various applications.If i go to https://abc.com and click the link xyz on it, i get back to main page again and current connections drops to 0. here my browser should be redirected to https://abc.com/xyz which is not happening. Traffic is getting tunnnled to https://abc.com as seen in logs in http catcher.
But if i type in https://abc.com/xyz in browser, i go to correct page.
below is my configuration. please let me know if any other configuration is needed, Below config is with 2 links but actual production has many links.
I have similar issue for another application where links on main page can not be accessed. that application works on http instead of https.
rserver redirect xyz
inservice
webhost-redirection "https://abc.com/xyz"
rserver redirect uvw
inservice
webhost-redirection "https://abc.com/uvw"
rserver host abc
ip address 1.1.1.1
inservice
serverfarm redirect xyz
rserver xyz
inservice
parameter-map type http case_param
case-insensitive
no persistence-rebalance (i also tried enabling it)
set header-maxparse-length 65535
set content-maxparse-length 65535
length-exceed continue
parameter-map type ssl abc
cipher RSA_WITH_3DES_EDE_CBC_SHA
ssl-proxy service abc
key abc
cert abc
ssl advanced-options abc
serverfarm redirect uvw
rserver uvw
inservice
serverfarm host abc
rserver abc
inservice
class-map type http loadbalance match-any map1
   match http url /xyz.*
class-map type http loadbalance match-any map1
   match http url /uvw.*
policy-map type loadbalance first-match ssl-abc
class map1
    serverfarm xyz
class map2
    serverfarm uvw
class class-default
    serverfarm abc
class ssl-intranet
    loadbalance vip inservice
    loadbalance policy ssl-abc
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 368
    appl-parameter http advanced-options case_param
    ssl-proxy server abc
the IP address mentioned for abc.com (1.1.1.1) is on cisco CSS (VIP for www.abc.com for internal users) which is serving my internal clients. The CSS then points to actual server hosting abc.com. The ACE is serving clients coming from Internet and CSS is serving my internal clients which connect with http. Is this problem because of communication issue between ACE and CSS?
Can anybody suggest?

class-map match-all intranet
2 match virtual-address 198.184.231.7 tcp eq www
class-map match-all ssl-intranet
2 match virtual-address 198.184.231.7 tcp eq https
I have 2 different policy maps .........intranet map redirects to ssl-intranet map which then makes redirection to individual applications.
policy-map multi-match external-lb
class extranet
    loadbalance vip inservice
    loadbalance policy extranet
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 368
    appl-parameter http advanced-options case_param
class ssl-extranet
    loadbalance vip inservice
    loadbalance policy ssl-extranet
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 368
    appl-parameter http advanced-options case_param

ACE : Stickyness problem with http cookies

Hi,
I am facing a serious problem with stickyness in a e-commerce configuration.
Here is the setup :
An ACE load balance user requests on two Apache servers
cookie-insert is used to stick a user on one Apache server
The home page is accessed via http on port 80
On the Home page, there is a link to allowing the user to login
The login process uses SSL
During the login, backend SSL is required between the ACE and the selected Apache server
The login is a POST request to the Apache server
After a successful login, the home page is reloaded on port 80 and the name of the user should appear on the top of the page
The ACE configuration :
Two sticky groups are configured : one for HTTP acess and another for HTTPS access
Two server farms are defined, both using the same real servers, but with different ports (80 and 441)
     sticky http-cookie STICKED-TO ECOM_STICKY_TEST_HTTP
       cookie insert browser-expire
       timeout 240
       replicate sticky
       serverfarm ECOM_FARM_TEST_HTTP
          sticky http-cookie STICKED-TO ECOM_STICKY_TEST_HTTPS
       cookie insert browser-expire
       timeout 240
       replicate sticky
       serverfarm ECOM_FARM_TEST_HTTPS
     serverfarm host ECOM_FARM_TEST_HTTP
       description *** e-Commerce Test Server Farm ***
       probe ECOM_PROBE_TEST
       rserver HQCHECOM01 80
        inservice
       rserver HQCHECOM02 80
        inservice
         serverfarm host ECOM_FARM_TEST_HTTPS
      description *** e-Commerce Test Server Farm ***
      probe ECOM_PROBE_TEST
      rserver HQCHECOM01 443
       inservice
      rserver HQCHECOM02 443
       inservice
The problem :
Let analyse the sequence of events and the value of the http cookie for each of them :
When the the home page is originally loaded, the ACE selects SERVER-1
The ACE inserts the cookie "A" in the server responses
The user is sticked to SERVER-1
Then, the user tries to login and an SSL session is established with the ACE
The user sends a POST request containing the cookie "A"
A backend SSL session is established with SERVER-1
The POST request is forwarded to SERVER-1
SERVER-1 responds with a 200 OK and the ACE generates another cookie "B" as it belongs to the sticky group ECOM_STICKY_TEST_HTTPS
The client browser reloads the page on port 80 and provides the cookie "B" (the last received) !!
The ACE sees the cookie "B" but does not find it in its database for the sticky group ECOM_STICKY_TEST_HTTP
The ACE perform another load balancing decision and selects SERVER-2 ! (instead of SERVER-1)
The page is reloaded, but the name of the user does not appear on it
The question :
As it is not possible to have only one sticky group in this configuration what would be the solution to make sure that the same server is selected for http and https ?
Thank you for any hints,
Yves

Hi Gilles,
I followed your recommendation to configure static cookie entries in each sticky group, but I still experience the problem of sessions getting re-load balanced to the second server when returning from HTTPS to HTTP :
It seems that the ACE ignores the static entries !
To make my question clear, I repeat hereafter the setup and the encountered problem :
Here is the setup :
An ACE load balance user requests on two Apache servers
cookie-insert is used to stick a user on one Apache server
The home page is accessed via http on port 80
On the Home page, there is a link to allowing the user to login
The login process uses SSL
During the login, backend SSL is required between the ACE and the selected Apache server
The login is a POST request to the Apache server
After a successful login, the home page is reloaded on port 80 and the name of the user should appear on the top of the page
The ACE configuration :
Two sticky groups are configured : one for HTTP acess and another for HTTPS access
Two server farms are defined, both using the same real servers, but with different ports (80 and 443)
In the ECOM_STICKY_TEST_HTTP stick group the two following cookies are automatically generated :
R105816849   for the server HQCHECOM01
R105852786   for the server HQCHECOM02
In the ECOM_STICKY_TEST_HTTPS stick group the two following cookies are automatically generated :
R355972695   for the server HQCHECOM01
R357158616   for the server HQCHECOM02
I statically configured in the each sticky group the cookies used by the other sticky group, to allow stickiness when the browser switches from HTTP to HTTPS and vice versa :
sticky http-cookie STICKED-TO ECOM_STICKY_TEST_HTTP
cookie insert browser-expire
timeout 240
replicate sticky
serverfarm ECOM_FARM_TEST_HTTP backup WEB_REDIRECT_001
56 static cookie-value "R355972695" rserver HQCHECOM01
64 static cookie-value "R357158616" rserver HQCHECOM02
sticky http-cookie STICKED-TO ECOM_STICKY_TEST_HTTPS
cookie insert browser-expire
timeout 240
replicate sticky
serverfarm ECOM_FARM_TEST_HTTPS backup WEB_REDIRECT_001
72 static cookie-value "R105816849" rserver HQCHECOM01
80 static cookie-value "R105852786" rserver HQCHECOM02
serverfarm host ECOM_FARM_TEST_HTTP
description *** e-Commerce Test Server Farm ***
probe ECOM_PROBE_TEST
rserver HQCHECOM01 80
   inservice
rserver HQCHECOM02 80
   inservice
serverfarm host ECOM_FARM_TEST_HTTPS
description *** e-Commerce Test Server Farm ***
probe ECOM_PROBE_TEST
rserver HQCHECOM01 443
   inservice
rserver HQCHECOM02 443
   inservice
The problem :
Let analyse the sequence of events and the value of the http cookie for each of them :
When the the home page is originally loaded, the ACE selects SERVER-1
The ACE inserts the cookie "A" in the server responses
The user is sticked to SERVER-1
Then, the user tries to login and an SSL session is established with the ACE
The user sends a POST request containing the cookie "A"
A backend SSL session is established with SERVER-1
The POST request is forwarded to SERVER-1
SERVER-1 responds with a 200 OK and the ACE generates another cookie "B" as it belongs to the sticky group ECOM_STICKY_TEST_HTTPS
The client browser reloads the page on port 80 and provides the cookie "B" (the last received)
The ACE sees the cookie "B" and should use the static cookie entry to select the SERVER-1
But instead, the ACE perform another load balancing decision and selects SERVER-2 !
The page is reloaded, but the name of the user does not appear on it
LiveHTTP Trace on Firefox :
GET /ecom/medias/sys_master/8800775602206/Home-page-main-banners-video.jpg HTTP/1.1
Host: ecom.test.toto.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://ecom.test.toto.com/uk/en/home
Cookie: STICKED-TO=R105816849;
HTTP/1.1 200 OK
Set-Cookie: STICKED-TO=R105816849; path=/
Date: Mon, 18 Oct 2010 15:31:37 GMT
Server: Apache/2.2.13 (Red Hat)
Connection: close
Transfer-Encoding: chunked
Content-Type: image/jpeg
Here we switch on HTTPS :
https://ecom.test.toto.com/uk/en/j_spring_security_check
POST /uk/en/j_spring_security_check HTTP/1.1
Host: ecom.test.toto.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://ecom.test.toto.com/uk/en/home
Cookie: STICKED-TO=R105816849; JSESSIONID=089DCF987DC03CAE0F516298EB886DAB.node1;
Content-Type: application/x-www-form-urlencoded
Content-Length: 75
spring-security-redirect=&j_username=yves144%40yahoo.com&j_password=junon01
Here we see cookie for the same server but for the HTTPS sticky group :
HTTP/1.1 302 Moved Temporarily
Set-Cookie: STICKED-TO=R355972695; path=/
Set-Cookie: _hybris.tenantID_=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly
Date: Mon, 18 Oct 2010 15:31:39 GMT
Server: Apache/2.2.13 (Red Hat)
Location: http://ecom.test.toto.com/uk/en/home
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8
Here we switch back to HTTP :
http://ecom.test.toto.com/uk/en/home
GET /uk/en/home HTTP/1.1
Host: ecom.test.toto.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://ecom.test.toto.com/uk/en/home
Cookie: STICKED-TO=R355972695; JSESSIONID=089DCF987DC03CAE0F516298EB886DAB.node1;
Here we see that the second server has been wrongly selected !
HTTP/1.1 200 OK
Set-Cookie: STICKED-TO=R105852786; path=/
Set-Cookie: _hybris.tenantID_=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly
Set-Cookie: JSESSIONID=5A0F6EB8FBF63D5D0590FECEC62A302E.node2; Path=/; HttpOnly
Date: Mon, 18 Oct 2010 15:31:40 GMT
Server: Apache/2.2.13 (Red Hat)
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store
Content-Language: en-GB
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=UTF-8
http://ecom.test.toto.com/ecom/medias/sys_master/8796174057502/uk.gif
GET /ecom/medias/sys_master/8796174057502/uk.gif HTTP/1.1
Host: ecom.test.toto.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 (CK-IBM) Firefox/3.5.8
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://ecom.test.toto.com/uk/en/home
Cookie: STICKED-TO=R105852786; JSESSIONID=5A0F6EB8FBF63D5D0590FECEC62A302E.node2;
HTTP/1.1 200 OK
Set-Cookie: STICKED-TO=R105852786; path=/
Date: Mon, 18 Oct 2010 15:31:40 GMT
Server: Apache/2.2.13 (Red Hat)
Content-Length: 382
Connection: close
Content-Type: image/gif
Hypothesis :
It seems that the static entries are not considered by the ACE...

Crystal Report in an iFrame redirect problem

Hi!
I have built a page with a only Crystal Report on it, which I display in an iFrame on another page.
I have a hyperlink on the page that is used to redirect the iFrame by assigning the iFrame a name and setting the target of the hyperlink to the iFrame. When the user clicks the hyperlink, it will redirect the iFrame.
This all works fine up until the point at which you generate the actual Crystal report. After the report has generated, attempting to redirect the iFrame via the hyperlink causes a new browser tab/window to open. A few tests that I have run using Javascript or codebehind circumvent this issue, but as it stands I cannot use this method.
This issue has only just arisen with the VS2010 version of Crystal Reports. The older versions do not have this problem.
Research I have done into the issue have been fruitless and have tinkered with the Report Viewer itself a bit to no avail.
Is there an explanation for this issue and/or a means of getting past this?
Any help or nudge in a new direction is very much appreciated!
Regards,
Frank.

Hello Frank:
This issue has been reported to R&D for a fix (ADAPT01554950). At this time, the fix is targeted (not guaranteed) for Service Pack 3. ETA; mid 2012.
For a possible work-around, see the following thread:
Crystal Reports Viewer VS2010 FRAME target issue
Ludek
Follow us on Twitter http://twitter.com/SAPCRNetSup
Got Enhancement ideas? Try the [SAP Idea Place|https://ideas.sap.com/community/products_and_solutions/crystalreports]
Edited by: Ludek Uher on Nov 28, 2011 7:48 AM

GPO (as a whole) problem or Folder Redirection Problem?

Hello everyone,
After a couple hours of looking at different TN articles on folder redirection I just can't get it to work properly. I had some major system errors and had to perform a clean install of the OS. My folder redirections from the old install seem to be in place
and are about the same size despite me backing up all the content before the reinstall on each terminal (4 of them) to a usb drive.
I enabled folder redirection through the dashboard and performed a gpupdate /force I see the GPO in the Group Policy editor but none of my machines seem to be accepting any group policies now that I look at it and write this I have firefox set to update
to the latest .msi and it isn't doing that either could this be a bigger problem than just folder redirection?
Any tips or links to articles I may have not seen would be much appreciated.
Thank you in advance everyone.

Hi James,
Based on your description, I understand that you enable folder redirection (click Implement Group Policy on
Dashboard) on a Windows Server 2012 Essentials (or a Windows Server 2012 R2 Essentials?).
On current situation, please refer to following and check.
1. Would you please let me know edition information of this client computer?
2. On the server essentials, please open Group Policy Management. Then navigate to WSE Group Policy Folder Redirection and click it. In right panel, navigate to WMI Filtering
and select WSE Group Policy WMI Filter, then click Open button. Please check
Queries in the WMI Filter. You can psot complete queries here (include Namespace and Query).
3. On the client computer, please run the command in a command prompt:
gpresult /z > c:\policy.txt. Then check this policy.txt in C drive or post the result here.
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu

Web Redirection Problem on Cisco ISE 1.2 and WLC 7.5

Hello,
We are at initial phase of deploying ISE 1.2 in our environment for Wireless Guest Users.
I have configured ISE and WLC to talk to each other which is working fine. An SSID with MAC-Filtering is also configured on WLC and ACL only allowing ISE and DNS traffice.
I have configured proper authentication and authorization policies on ISE. Now, when I try to connect my device (laptop and android mobile), I see my device gets associated with the SSID (Demo) and gets the right IP Address from DHCP and right VLAN from WLC. The log process on ISE is as follows.
11001
Received RADIUS Access-Request
11017
RADIUS created a new session
11027
Detected Host Lookup UseCase (Service-Type = Call Check (10))
15049
Evaluating Policy Group
15008
Evaluating Service Selection Policy
15048
Queried PIP
15048
Queried PIP
15004
Matched rule
15041
Evaluating Identity Policy
15006
Matched Default Rule
15013
Selected Identity Source - Internal Endpoints
24210
Looking up User in Internal Users IDStore - B8:B4:2E:A6:7D:75
24216
The user is not found in the internal users identity store
24209
Looking up Endpoint in Internal Endpoints IDStore - B8:B4:2E:A6:7D:75
24211
Found Endpoint in Internal Endpoints IDStore
22037
Authentication Passed
15036
Evaluating Authorization Policy
15048
Queried PIP
15048
Queried PIP
15048
Queried PIP
15004
Matched rule - Guest Redirection
15016
Selected Authorization Profile - Test_Profile
11002
Returned RADIUS Access-Accept
I also see a redirect url in the detailed authentication logs. But the problem is that when I open my browser on my device, it doesn't get redirected to the guest portal url. Now since I can't get there, I can't continue with the rest of the process of authentication, COA and final ACL for internet access.
Can some one please either guide me the correct steps that I need to follow, if I have mis configured something or advise if this is a bug.
Thanks in advance.
Jay

The ACL is definitely used to define what traffic is re-directed to ISE and what traffic is not redirected. Having the permit-all statement at the end will break redirection. If you are using flex-connect then you will need to use flex-connect ACLs and apply those to the flex-connect APs. The links below should give you an idea of what needs to be done:
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113606-byod-flexconnect-dg-000.html
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116087-configure-cwa-wlc-ise-00.html
Thank you for rating helpful posts!

ACE redirect problem

Similar Messages

Maybe you are looking for