ACE redirect to different URI on rserver
We use JDE and up to now part of the tools was Apache which would redirect as follows
http://alias.server to http://real.server:13333/main.maf
the latest version no longer uses Apache so I was wondering how I can do it on the ACE
of course there is no problem going from alias.server port 80 to real.server:13333 but how can I add the URI main.maf?
Hi
The configuration would look like the following:
rserver host CHIJTW55
description CHIJTW55
ip address 172.16.98.106
inservice
rserver redirect JDEDV_RED
webhost-redirection http://172.16.73.10:13333/main.maf 301
serverfarm host JDEDV
description JDEDV servers
failaction purge
probe tcp13333
rserver CHIJTW55 13333
inservice
serverfarm redirect REDIRECT_FARM
rserver JDEDV_RED
inservice
class-map match-any JDEDV_vip_80
2 match virtual-address 172.16.73.10 tcp eq www
class-map match-any JDEDV_vip_13333
2 match virtual-address 172.16.73.10 tcp eq 13333
policy-map type loadbalance first-match JDEDV_80
class class-default
serverfarm REDIRECT_FARM
policy-map type loadbalance first-match JDEDV_13333
class class-default
serverfarm JDEDV
policy-map multi-match MULTI_POLICY
class JDEDV_vip_80
loadbalance vip inservice
loadbalance policy JDEDV_80
class JDEDV_vip_13333
loadbalance vip inservice
loadbalance policy JDEDV_13333
interface vlan X
service-policy input MULTI_POLICY
I hope this helps
Daniel
Similar Messages
-
Hi,we have our main website https://abc.com and it provides links to users for various applications.If i go to https://abc.com and click the link xyz on it, i get back to main page again and current connections drops to 0. here my browser should be redirected to https://abc.com/xyz which is not happening. Traffic is getting tunnnled to https://abc.com as seen in logs in http catcher.
But if i type in https://abc.com/xyz in browser, i go to correct page.
below is my configuration. please let me know if any other configuration is needed, Below config is with 2 links but actual production has many links.
I have similar issue for another application where links on main page can not be accessed. that application works on http instead of https.
rserver redirect xyz
inservice
webhost-redirection "https://abc.com/xyz"
rserver redirect uvw
inservice
webhost-redirection "https://abc.com/uvw"
rserver host abc
ip address 1.1.1.1
inservice
serverfarm redirect xyz
rserver xyz
inservice
parameter-map type http case_param
case-insensitive
no persistence-rebalance (i also tried enabling it)
set header-maxparse-length 65535
set content-maxparse-length 65535
length-exceed continue
parameter-map type ssl abc
cipher RSA_WITH_3DES_EDE_CBC_SHA
ssl-proxy service abc
key abc
cert abc
ssl advanced-options abc
serverfarm redirect uvw
rserver uvw
inservice
serverfarm host abc
rserver abc
inservice
class-map type http loadbalance match-any map1
match http url /xyz.*
class-map type http loadbalance match-any map1
match http url /uvw.*
policy-map type loadbalance first-match ssl-abc
class map1
serverfarm xyz
class map2
serverfarm uvw
class class-default
serverfarm abc
class ssl-intranet
loadbalance vip inservice
loadbalance policy ssl-abc
loadbalance vip icmp-reply active
nat dynamic 1 vlan 368
appl-parameter http advanced-options case_param
ssl-proxy server abc
the IP address mentioned for abc.com (1.1.1.1) is on cisco CSS (VIP for www.abc.com for internal users) which is serving my internal clients. The CSS then points to actual server hosting abc.com. The ACE is serving clients coming from Internet and CSS is serving my internal clients which connect with http. Is this problem because of communication issue between ACE and CSS?
Can anybody suggest?class-map match-all intranet
2 match virtual-address 198.184.231.7 tcp eq www
class-map match-all ssl-intranet
2 match virtual-address 198.184.231.7 tcp eq https
I have 2 different policy maps .........intranet map redirects to ssl-intranet map which then makes redirection to individual applications.
policy-map multi-match external-lb
class extranet
loadbalance vip inservice
loadbalance policy extranet
loadbalance vip icmp-reply active
nat dynamic 1 vlan 368
appl-parameter http advanced-options case_param
class ssl-extranet
loadbalance vip inservice
loadbalance policy ssl-extranet
loadbalance vip icmp-reply active
nat dynamic 1 vlan 368
appl-parameter http advanced-options case_param -
Can anybody point me in the right direction for changing the URL when the ACE is performing the redirection?
I have the standard ace redirection to HTTPS set up and it is working fine.
I have a wildcard certificate *.abc.com but when the application was being tested the URL abc.com kicks up a certificate error in the browser.
Not sure if I should have set the CN as *acb.com when ordering it but its done now.
I am wanting to redirect when http://abc.com is put in the client browser to https://www.abc.com
I have tried reading these forums and using header rewrite to change the location on response but it just doesn't seem to work.
I have tried deleting/renaming/replacing the host header on request and rewrite/delete on response. Tried all sorts of regex nothing works.
I can insert a header so I know the action is being hit, just can't seem to change the host on request or location on response.
Any idea's?
I am guessing the inner workings only allow for modification of these headers when the redirects are being done by the server and the headers are passing through the load balancer.
on latest 5(2.1) version
example of one I tried
action-list type modify http ABC_MODIFY
header rewrite response location header-value "https://abc(.*)" replace "https://www.abc%1"
then applied to policy redirect mapI tried another approach which seemed to work.
rserver redirect RED2A
webhost-redirection https://www.%h 302
inservice
rserver redirect RED2
webhost-redirection https://%h 302
inservice
serverfarm redirect RED2-VIP-IN
rserver RED2
inservice
serverfarm redirect RED2A-VIP-IN
rserver RED2A
inservice
class-map type http loadbalance match-any RED2A-VIP-IN
2 match http header Host header-value "abc.com"
class-map match-any RED2-VIP-IN
2 match virtual-address x.x.x.x tcp eq www
..etc
policy-map type loadbalance first-match RED2-VIP-IN-LB-POLICY
class RED2A-VIP-IN
serverfarm RED2A-VIP-IN
class class-default
serverfarm RED2-VIP-IN
this seemed to redirect the abc.com to https://www.abc.com and the other requests like other.abc.com to https://other.abc.com
I tried regex for the header value match like [^\.]abc.com and ^abc.com but these didn't seem to match. -
We have a ACE redirect configured on 3 physically seperate ACE modules with the following config. It works on one ACE Module and not on the other 2.
Capture on the ACE and sniffer gives this error.R [bad tcp cksum 2d41!] ACE sends resets to the client. Anyone run into this issue?
The software version is system: Version A2(1.0a) [build 3.0(0)A2(1.0a)
rserver redirect Test
webhost-redirection http://www.test.com
inservice
serverfarm redirect Test
rserver Test
inservice
class-map match-any Test
2 match virtual-address 192.168.10.10 tcp eq www
policy-map type loadbalance first-match Test
class class-default
serverfarm Test
class Test
loadbalance vip inservice
loadbalance policy Test
loadbalance vip icmp-reply activeSorry maybe I didn't explain what I was getting at good enough...
I guess I'm basically asking if there's potential for asymmetry at the site that's not working.
For example.
Say I have a load balanced server. It has two interfaces a "front end" and a "back end". I manage the server on the backend from my laptop, for which the server has a route. Now if I try to hit the public VIP of the LB, traffic is routed to the VIP, then to the server, but because the server already has a route to my laptop via the backend, it bypasses the load balancer on the return and replies directly to me, thus putting the flow out of sync and never completing the connection...
Not saying that's it, but I've had so many asymmetry issues that are tough to figure out that It's usually one of the first things I rule out...
It's possible if the site that's not working is local to you and the others aren't, this may be a potential issue?? -
How to redirect to different page after login in APEX 4.1
Dear All,
Here my Requirement is,When the users login,
when they entered their username and password and pressed login button,
they have to redirected to different pages based on the type of user.
Here my LOGIN_TABLE has following 3 columns,
1.Username
2.Password
3.Type.
The TYPE has 2 values, employee and admin.
when the type is admin they should be redirected to page 2,
reaining i.e employee users has to be redirected to page 3.
How can I do this? please give some suggestion.
Thank you.
regards,
GurujothiDear Christian,
Thank you for your reply,
I would like to explain something,
When I using the following function,
*create or replace FUNCTION custom_auth_g (
p_username IN VARCHAR2,
p_password IN VARCHAR2)
RETURN BOOLEAN IS
BEGIN
FOR c1 IN (SELECT 1
FROM login_table
WHERE upper(username) = upper(p_username)
AND upper(password) = upper(p_password))
LOOP
RETURN TRUE;
END LOOP;
RETURN FALSE;
END;*
When login, It checks in the login_table table and if the username is exist with the pass word it successfully entered inside the application.
for all users only one page which we set.
My Login_table also contains type which has 2 type as I mentined above.
But As I mentioned earliar based on the user type it has to be redirected to 2 different page.
I found this Package but I cant understand,Can you please Explain?
*create or replace PACKAGE app_security_pkg
AS
PROCEDURE add_user
p_username IN VARCHAR2
,p_password IN VARCHAR2
PROCEDURE login
p_uname IN VARCHAR2
,p_password IN VARCHAR2
,p_session_id IN VARCHAR2
,p_flow_page IN VARCHAR2
FUNCTION get_hash
p_username IN VARCHAR2
,p_password IN VARCHAR2
RETURN VARCHAR2;
PROCEDURE valid_user2
p_username IN VARCHAR2
,p_password IN VARCHAR2
FUNCTION valid_user
p_username IN VARCHAR2
,p_password IN VARCHAR2
RETURN BOOLEAN;
END app_security_pkg;*
*create or replace PACKAGE BODY app_security_pkg
AS
PROCEDURE login
p_uname IN VARCHAR2
,p_password IN VARCHAR2
,p_session_id IN VARCHAR2
,p_flow_page IN VARCHAR2
IS
lv_goto_page NUMBER DEFAULT 1;
BEGIN
-- This logic is a demonstration of how to redirect
-- to different pages depending on who successfully
-- authenticates. In my example, it simply demonstrates
-- the ADMIN user going to page 1 and all other users going
-- to page 2. Add you own logic here to detrmin which page
-- a user should be directed to post authentication.
IF UPPER(p_uname) = 'ADMIN'
THEN
lv_goto_page := 1;
ELSE
lv_goto_page := 2;
END IF;
APEX_UTIL.SET_SESSION_STATE('FSP_AFTER_LOGIN_URL');
wwv_flow_custom_auth_std.login
p_uname => p_uname,
p_password => p_password,
p_session_id => p_session_id,
p_flow_page => p_flow_page || ':' || lv_goto_page
EXCEPTION
WHEN OTHERS
THEN
RAISE;
END login;
PROCEDURE add_user
p_username IN VARCHAR2
,p_password IN VARCHAR2
AS
BEGIN
INSERT INTO app_users (username, PASSWORD)
VALUES (UPPER (p_username),
get_hash (TRIM (p_username), p_password));
COMMIT;
EXCEPTION
WHEN OTHERS
THEN
ROLLBACK;
RAISE;
END add_user;
-- Function to Perform a oneway hash of the users
-- passwords. This cannot be reversed. This exmaple
-- is a very week hash and if been used on a production
-- system, you may want to use a stronger hash algorithm.
-- Read the Documentation for more info on DBMS_CRYPTO as
-- this is the supported package from Oracle and
-- DBMS_OBFUSCATION_TOOLKIT is now depricated.
FUNCTION get_hash (p_username IN VARCHAR2, p_password IN VARCHAR2)
RETURN VARCHAR2
AS
BEGIN
RETURN DBMS_OBFUSCATION_TOOLKIT.md5 (
input_string => UPPER (p_username)
|| '/'
|| UPPER (p_password));
END get_hash;
PROCEDURE valid_user2 (p_username IN VARCHAR2, p_password IN VARCHAR2)
AS
v_dummy VARCHAR2 (1);
BEGIN
SELECT '1'
INTO v_dummy
FROM app_users
WHERE UPPER (username) = UPPER (p_username)
AND PASSWORD = get_hash (p_username, p_password);
EXCEPTION
WHEN NO_DATA_FOUND
THEN raise_application_error (-20000, 'Invalid username / password.');
END valid_user2;
FUNCTION valid_user (p_username IN VARCHAR2, p_password IN VARCHAR2)
RETURN BOOLEAN
AS
BEGIN
valid_user2 (UPPER (p_username), p_password);
RETURN TRUE;
EXCEPTION
WHEN OTHERS
THEN RETURN FALSE;
END valid_user;
END app_security_pkg;*
And you said "assign an URL to FSP_AFTER_LOGIN_URL, depending on the Type column",
Where to assign,Could you please Explain?
Thank you. -
Redirect to different pages based on user input value
Hello,
Anyone please help.
I am trying to redirect to different pages based on user inputs. I have a form in which I have one text item and a submit button. For example consider text item to be empno; So once the user enters a empno and hits submit button; I need to redirect to different pages based on this job.
For Ex: if user inputs empno whose job is 'ANALYST' then redirect to page 1
if user inputs empno whose job is 'MANAGER' then redirect to page 10
For this scenario. i wrote a pl/sql process for the submit button; but no luck -- its not at all redirecting instead its in the same page. Below is the process.
declare
v_job varchar2(20);
begin
select job into v_job from emp where empno = :P9_EMPNO_R;
if v_job = 'ANALYST' then
OWA_UTIL.REDIRECT_URL('f?p=&APP_ID.:1:&SESSION.::&DEBUG.::', TRUE);
end if;
if v_job = 'MANAGER' then
OWA_UTIL.REDIRECT_URL('f?p=&APP_ID.:10:&SESSION.::&DEBUG.::', TRUE);
end if;
end;Please help. I am using Oracle APEX version 4.2 and database Oracle 11g R2
Thanks,
Ortonorton607 wrote:
Hello,
Anyone please help.
I am trying to redirect to different pages based on user inputs. I have a form in which I have one text item and a submit button. For example consider text item to be empno; So once the user enters a empno and hits submit button; I need to redirect to different pages based on this job.
For Ex: if user inputs empno whose job is 'ANALYST' then redirect to page 1
if user inputs empno whose job is 'MANAGER' then redirect to page 10
For this scenario. i wrote a pl/sql process for the submit button; but no luck -- its not at all redirecting instead its in the same page. Below is the process.
declare
v_job varchar2(20);
begin
select job into v_job from emp where empno = :P9_EMPNO_R;
if v_job = 'ANALYST' then
OWA_UTIL.REDIRECT_URL('f?p=&APP_ID.:1:&SESSION.::&DEBUG.::', TRUE);
end if;
if v_job = 'MANAGER' then
OWA_UTIL.REDIRECT_URL('f?p=&APP_ID.:10:&SESSION.::&DEBUG.::', TRUE);
end if;
end;Please help. I am using Oracle APEX version 4.2 and database Oracle 11g R2
Thanks,
OrtonI have a similar scenario in my application and this is how I handle it.
1. Create a page item on the page, say Px_PAGE_NUM
2. Create a "On Submit - After Computations and Validations" page process to set the above page item. In your case, you can use the same logic that you have already in place (except the call to OWA_UTIL.REDIRECT_URL) :
declare
v_job varchar2(20);
begin
select job into v_job from emp where empno = :P9_EMPNO_R;
if v_job = 'ANALYST' then
:Px_PAGE_NUM := '1';
end if;
if v_job = 'MANAGER' then
:Px_PAGE_NUM := '10';
end if;
end;3. Create a "On Submit: After processing" branch. Specify the "Target Type" as "Page in the application" and "Page Number" as &Px_PAGE_NUM. (with the dot).
I hope the above helps.
BTW, the following thread in the forum related to OWA_UTIL.REDIRECT_URL might help:
issue OWA_UTIL.REDIRECT_URL with APEX 4.1.1 -
No redirection to different url upon http connections limit exceeded
Hi,
As of Standalone OC4j 10.1.2, if you want messages to be redirected to a different URL when the maximum connections limit is reached, you would include the HTTP redirect URL to max-http-connections tag inside server.xml.
<max-http-connections max-connections-queue-timeout="120" socket-backlog="50"
value="100">http://optional.redirect.url/page.jsp</max-http-connections>
I have a standalone OC4j 10.1.3, and would like to be able to redirect to different URL when maximum connections limit is reached but the above max-http-connections does not work and I am not redirected to different URL when maximum connectionns limit is reached. I read user guide of OC4j 10.1.3 and there is no mentioning of max-http-connections at all. In there, they talk about limiting concurrency via http thread pool but there is no discussion as to the mechanism of redirecting users to a different URL where I can display a user friendly message to say "Server is busy, please try again later..." instead of browser display a message "Page cannot be displayed"..
Please advice,
ThanksAny thoughts on above issue ? please help.
thanks
Sam -
ACE 4710 Redirect to Different Server Farm based on URL
I have a weblogic 11 serverfarm where i want to redirect to a different serverfarm based on the URL. I am able to do it and it appears to be working however I am having issues with the cookies. I seem to be getting logged out of our App when switching between the serverfarms. Is there any way to fix this issue? My configuration is below.
Thanks!
-Andy
Generating configuration....
crypto chaingroup WWW-PROD-CHAINGROUP
cert AddTrustExternalCARoot.crt
cert COMODOHigh-AssuranceSecureServerCA.crt
access-list allow line 8 extended permit ip any any
probe http HTTP_PROBE
port 7001
interval 10
passdetect interval 5
request method get url /login.jsp
expect status 200 299
connection term forced
probe icmp PROBE_SERVICE_ICMP
interval 5
passdetect interval 5
receive 5
probe tcp TCP7001_PROBE
port 7005
interval 5
passdetect interval 5
receive 3
connection term forced
open 2
rserver redirect REDIRECT-TO-HTTPS
webhost-redirection https://%h%p 301
inservice
rserver host WLS11Host1
ip address 192.168.211.250
inservice
rserver host WLS11Host2
ip address 192.168.211.14
inservice
serverfarm redirect REDIRECT-SERVERFARM
rserver REDIRECT-TO-HTTPS
inservice
serverfarm host SPEND-FARM
probe HTTP_PROBE
rserver WLS11Host1 7001
inservice
serverfarm host WLS11FARM
probe HTTP_PROBE
rserver WLS11Host2 7001
inservice
parameter-map type http HTTP-PARM
persistence-rebalance
set secondary-cookie-start none
parameter-map type http PARSE
persistence-rebalance
set header-maxparse-length 8192
length-exceed continue
parameter-map type ssl SSL_MAP
cipher RSA_WITH_RC4_128_MD5
cipher RSA_WITH_RC4_128_SHA
cipher RSA_WITH_3DES_EDE_CBC_SHA
cipher RSA_WITH_AES_128_CBC_SHA
cipher RSA_WITH_AES_256_CBC_SHA
sticky http-cookie ACE_COOKIE-7001 7001_STICKY
cookie insert browser-expire
serverfarm WLS11FARM
replicate sticky
sticky http-cookie ACE-COOKIE-SPEND SPEND_STICKY
cookie insert browser-expire
serverfarm SPEND-FARM
replicate sticky
ssl-proxy service WWW-PROD-SSLPROXY
key client_ssl.pem
cert pastar.crt
chaingroup WWW-PROD-CHAINGROUP
ssl advanced-options SSL_MAP
class-map type http loadbalance match-any HTTP-MARKETING
2 match http url /index.html
class-map type http loadbalance match-any HTTPS-SPEND
2 match http url /spend/.*
class-map type http loadbalance match-any L5
2 match http url /.*
class-map match-all WLS-7001-CLASS
2 match virtual-address 192.168.215.28 tcp eq www
class-map match-all WLS11-HTTPS-CLASS
2 match virtual-address 192.168.215.28 tcp eq https
policy-map type loadbalance first-match HTTPS
class HTTPS-SPEND
sticky-serverfarm SPEND_STICKY
insert-http x-forward header-value "%is"
class L5
sticky-serverfarm 7001_STICKY
insert-http x-forward header-value "%is"
policy-map type loadbalance first-match WLS11-7001-Policy
class HTTP-MARKETING
sticky-serverfarm 7001_STICKY
insert-http x-forward header-value "%is"
class HTTPS-SPEND
serverfarm REDIRECT-SERVERFARM
class L5
serverfarm REDIRECT-SERVERFARM
policy-map multi-match WLS11-SLB
class WLS-7001-CLASS
loadbalance vip inservice
loadbalance policy WLS11-7001-Policy
loadbalance vip icmp-reply active
nat dynamic 1 vlan 1000
appl-parameter http advanced-options HTTP-PARM
class WLS11-HTTPS-CLASS
loadbalance vip inservice
loadbalance policy HTTPS
loadbalance vip icmp-reply active
nat dynamic 1 vlan 1000
appl-parameter http advanced-options PARSE
ssl-proxy server WWW-PROD-SSLPROXY
interface vlan 1000
ip address 192.168.215.27 255.255.255.0
access-group input allow
nat-pool 1 192.168.215.28 192.168.215.28 netmask 255.255.255.255 pat
service-policy input WLS11-SLB
no shutdown
ip route 0.0.0.0 0.0.0.0 192.168.215.1
snmp-server community poweradvocaterw group Network-MonitorHi,
So when you come with " http url /index.html", you go to "sticky-serverfarm 7001_STICKY" and ACE must be inserting sticky "ACE_COOKIE-7001". Now when you get redirected because you match "HTTPS-Spend", ACE will loadbalance the request which will now come on HTTPS and insert sticky " ACE-COOKIE-SPEND". That's why i guess you see two sticky entries. Now i guess ACE will keep the connection to servers in "sticky-serverfarm SPEND_STICKY" or you see that ACE is not doing the same or you expected the ACE to send the requested to "sticky-serverfarm 7001_STICKY" even though it matches the HTTPS-Spend class-map condition?
Regards,
Kanwal -
Hi !
I am trying to do the following:
A customer dials into our network. The first HTTP Request get`s redirected to some Content-Page.
This could be annoying for some customers that`s why we want to implement a button on that page to DISABLE this Redirect Feature for that customer.
I am sure the redirect will work - but I am wondering if it`s possible to store some data on the customers web-browser - to make sure the feature remains DISABLED whenever he dials to the network again - and doesn`t get redirected anymore .
Is there a chance to match on the ACE against some sort of f.e. cookie - to make sure the client is not redirected anymore if this cookie is present ?
If not - then the client gets redirect.
I would really appreciate any help / hints.
cheers
HansIn the following example if the http request comes for VIP:192.168.1.1 then the header is checked for cookie name "testcookie" and if the cookie value is "Donot-Redirect" then request is served by serverfarm "APP1-sf" and if this value is not present then request is redirected to http://192.168.120.132/redirect.html .
parameter-map type http APP1-pmap
persistence-rebalance
rserver redirect SERVER-redirect
webhost-redirection http://192.168.120.132/redirect.html 302
inservice
rserver host App1-server1
ip address 10.10.10.111
inservice
rserver host App1-server2
ip address 10.10.10.10
inservice
serverfarm redirect SFARM-redirect
rserver SERVER-redirect
inservice
serverfarm App1-SF
predictor leastconns
probe TCP81
rserver App1-server1
inservice
rserver App1-server2
inservice
class-map match-all App1-VIP
2 match virtual-address 192.168.1.1 tcp eq 80
class-map type http loadbalance match-any APP1-CHECK
match http cookie testcookie cookie-value Donot-Redirect
policy-map type loadbalance first-match APP1-policy
class APP1-CHECK
serverfarm App1-SF
class class-default
serverfarm SFARM-redirect
policy-map multi-match VIPS
class App1-VIP
loadbalance vip inservice
loadbalance policy APP1-policy
loadbalance vip icmp-reply active
appl-parameter http advanced-options APP1-pmap
HTH
Syed Iftekhar Ahmed -
ACE Redirect. Configuration Problem?
Hi,
I´m configuring Redirect in ACE 4710 and it doesn´t work fine. The client has two real servers and he wants redirect the traffic when both real servers are down.
They have other server with static content (http) for redirect the trafic.
The configuration is (complete configuration is attached):
rserver host Backup_Rserver
ip address 192.168.0.212
inservice
rserver host achs-tamw01
ip address 192.168.0.217
inservice
rserver host achs-tamw02
ip address 192.168.0.205
inservice
rserver host achs-tamw03
ip address 192.168.0.203
inservice
serverfarm host SF_Backup
rserver Backup_Rserver 80
inservice
serverfarm host TAMW_80
predictor leastconns
probe PROBE_TAMW:80
rserver achs-tamw01 80
inservice
rserver achs-tamw02 80
inservice
rserver achs-tamw03 80
inservice
sticky ip-netmask 255.255.255.255 address source TAMW_80_STICKY
replicate sticky
serverfarm TAMW_80 backup SF_Backup
policy-map type loadbalance first-match VIP-POLICY-TAMW_80
class class-default
sticky-serverfarm TAMW_80_STICKY
policy-map multi-match LB-VIP
class VIP_TAMW_80
loadbalance vip inservice
loadbalance policy VIP-POLICY-TAMW_80
loadbalance vip icmp-reply active
nat dynamic 1 vlan 10
interface vlan 10
nat-pool 1 172.16.10.39 172.16.10.39 netmask 255.255.255.255 pat
service-policy input LB-VIP
When both real servers are down, the VIP remains operational and the backup real servers is operational and I can see statistics increase in this server:
ACE-CC/Contexto_B# sh rserver
rserver : Backup_Rserver, type: HOST
state : OPERATIONAL (by default, unverified)
----------connections-----------
real weight state current total
---+---------------------+------+------------+----------+--------------------
serverfarm: SF_Backup
192.168.0.212:0 8 OPERATIONAL 4 66
In these moment both real servers were down and I could see connections, but when user from Internet o LAN try to connect it can´t see static content.
ACE-CC/Contexto_B# sh service summ
service-policy: LB-VIP
Class VIP Prot Port VLAN State Curr Conns Hit Count Conns Drop
VIP_TAMW_80 172.16.10.150 tcp eq 80 1,10 IN-SRVC 21 903 0
VIP remains operational.
Regards,
JaimeHi Peter,
I did test only in HTTP mode. In the configurations you can see that I applied a backup server only the port 80:
serverfarm host SF_Backup
rserver Backup_Rserver 80
inservice
I didn´t create a SF_Backup_443 because we were testing only with services in HTTP.
I still can´t do labs test, although it seems that configuration is well.
Regards.
Jaime. -
I have ACE 4710 and I want to use this to redirect port 80 traffic to my proxy server. But I am not able to do that. MY ACE is in routed mode. Below is my ACE configuration when I am applying the policy on the interface I am not able to browse the Internet.
I am connected to the Interface VLAN 300. Below is the configuration for ACE.
class-map type management match-any CM_ALL
2 match protocol snmp any
3 match protocol http any
4 match protocol https any
5 match protocol icmp any
6 match protocol telnet any
class-map match-any CM_BYPASS_FOR_LAN
3 match virtual-address 100.1.1.0 255.255.255.0 tcp eq www
8 match virtual-address 10.0.0.0 255.0.0.0 tcp eq www
9 match virtual-address 172.16.0.0 255.255.0.0 tcp eq www
10 match virtual-address 192.168.0.0 255.255.0.0 tcp eq www
11 match virtual-address 172.20.0.0 255.255.0.0 tcp eq www
12 match virtual-address 172.23.15.0 255.255.255.0 tcp eq www
13 match virtual-address 172.23.16.0 255.255.255.0 tcp eq www
class-map match-any CM_BYPASS_SUBNET
9 match virtual-address 100.0.0.0 255.0.0.0 tcp eq www
15 match virtual-address 192.168.0.0 255.255.0.0 tcp eq www
16 match virtual-address 172.20.0.0 255.255.0.0 tcp eq www
17 match virtual-address 172.16.0.0 255.255.0.0 tcp eq www
18 match virtual-address 172.23.16.0 255.255.255.0 tcp eq www
19 match virtual-address 172.23.15.0 255.255.255.0 tcp eq www
20 match virtual-address 10.0.0.0 255.0.0.0 tcp eq www
class-map match-any CM_IM
2 match virtual-address 0.0.0.0 0.0.0.0 tcp eq 5050
3 match virtual-address 0.0.0.0 0.0.0.0 tcp eq 1080
4 match virtual-address 0.0.0.0 0.0.0.0 tcp eq 5101
class-map match-all CM_SF_BCPR
255 match virtual-address 0.0.0.0 0.0.0.0 tcp eq www
policy-map type management first-match PM_ALL
class CM_ALL
permit
policy-map type loadbalance http first-match PM_L7_BYPASS_FOR_LAN_HTTP
class class-default
forward
policy-map type loadbalance http first-match PM_L7_BYPASS_HTTP
class class-default
forward
policy-map type loadbalance http first-match PM_LB_SF_BCPROXY
class class-default
serverfarm SF_BCPR
policy-map multi-match PM_BYPASS_FOR_LAN_HTTP
class CM_BYPASS_FOR_LAN
loadbalance vip inservice
loadbalance policy PM_L7_BYPASS_FOR_LAN_HTTP
policy-map multi-match PM_BYPASS_HTTP
class CM_BYPASS_SUBNET
loadbalance vip inservice
loadbalance policy PM_L7_BYPASS_HTTP
policy-map multi-match PM_MAIN_BCPROXY
class CM_SF_BCPR
loadbalance vip inservice
loadbalance policy PM_LB_SF_BCPROXY
loadbalance vip icmp-reply active
appl-parameter http advanced-options PARAMAP_CASE
service-policy input PM_ALL
interface vlan 100
description FW-INSIDE CONTEXT1
ip address 192.168.180.5 255.255.255.240
no icmp-guard
access-group input acl-out
no shutdown
interface vlan 300
description ACE-INSIDE CONTEXT RACK1
ip address 192.168.10.5 255.255.255.0
no normalization
no icmp-guard
access-group input acl-in
service-policy input PM_BYPASS_FOR_LAN_HTTP
service-policy input PM_BYPASS_HTTP
service-policy input PM_MAIN_BCPROXY
no shutdown
interface vlan 301
description BC-VLAN CONTEXT RACK1
ip address 192.168.180.97 255.255.255.240
access-group input acl-proxy
no shutdown
Please let me know where I am missing the configuration. I will be very thankful for the prompt help.Hi,
You need to put your rserver inservice.
rserver host RS_BCPR01
ip address 192.168.180.103
inservice
As you can see, when you're displaying your rserver/serverfarm, it's current status is OUTOFSERVICE, which indicates, that the rserver has been manually suspended for service.
hth -
We are migrating a large application to a new serverfarm one folder at a time. the exiting applicaiton server is not loadbalanced via the ACE.
We want to set a vip on the ACE as the primary DNS entry for host ans.company.com. When users requrest ans.company.com/dfr they will get L7 loadbalanced (via url matching) to a new local serverfarm.
When the users request ans.company.com/cms we want to redirect them to the old application server that wull be renamed via dns as classic.ans.company.com.
As each folder is migrated to the new servers the L7 rules will be modified to keep that traffic local
example
user requests ans.company.com/bfr or ans.company.com/cms they will be sent to the local new serverfarm.
user requests ans.company.com/dma1 or ans.company.com/dma2 they will be redirected to classic.ans.company.com/dma1 or classic.ans.comapny.com/dma2 (depending on the original request).
Does anyone have an sample script for this type of senario? I have the loadbalancing working fine. It's the redirection that is not working. I am trying to use a L7 url match to send the requrest to a redirect rserver
Any help would be appreciated.It should be some thing like
rserver redirect REDIRECT-TO-OLD
webhost-redirection http://classic.ans.company.com/%p 302
inservice
serverfarm redirect REDIRECT-SERVERFARM
rserver REDIRECT-TO-OLD
inservice
class-map type http loadbalance match-any local-new
match http url /bfr
match http url /cms
class-map type http loadbalance match-any remote-old
match http url /dma1
match http url /dma2
policy-map type loadbalance first-match L7_LOGIC
class local-new
serverfarm local-serverfarm
class remote-old
serverfarm REDIRECT-SERVERFARM
policy-map multi-match CLIENT_VIPS
class VIPs
loadbalance vip inservice
loadbalance policy L7_LOGIC
HTH
Syed Iftekhar Ahmed -
Configuration help - ACE redirection
Please see the below ACE configuration. It is currently in place for both load balancing and redirection. Here are the 4 current scenarios...
1. https://www.URL1.com is the desired URL and will be load balanced. Certificate is for this URL.
2. http://www.URL1.com will redirect the client to https://www/URL1.com for appropriate load balancing.
3. URL1.com resolves to the same vip ip address as www.URL1.com, so http://URL1.com will redirect the client to https://URL1.com
4. https://URL1.com will be load balanced, but client gets a certificate error since the cert is not associated with this address.
How can I redirect http://URL1.com and https://URL1.com to https://www.URL1.com? Can I create a L7 policy map in addition to the existing L4 policy map?
Thanks for any help you can give.
rserver host URL1-ws07
ip address 1.1.1.1
inservice
rserver host URL1-ws08
ip address 1.1.2.1
inservice
rserver host URL1-ws09
ip address 1.1.3.1
inservice
rserver host URL1-ws10
ip address 1.1.4.1
inservice
rserver host URL1-ws06
ip address 1.1.5.1
inservice
!************** Generic redirect rserver used by many policy maps to redirect clear text addresses to secure addresses *************
rserver redirect server-rd
webhost-redirection https://%h%p 301
inservice
ssl-proxy service URL1
key URL10911-key
cert URL10911-cert
chaingroup verisign-ev-cg
serverfarm host URL1
description www.URL1.com
probe port_80
rserver URL1-ws07 80
inservice
rserver URL1-ws08 80
inservice
rserver URL1-ws09 80
inservice
rserver URL1-ws10 80
inservice
rserver URL1-ws06 80
inservice
sticky http-cookie acecookie sticky-URL1
cookie insert browser-expire
replicate sticky
serverfarm URL1
!***************** Redirect to https *****************
class-map match-all URL1-vip
2 match virtual-address 2.2.2.2 tcp eq https
class-map match-all URL1-vip-rd
2 match virtual-address 2.2.2.2 tcp eq www
policy-map type loadbalance first-match URL1-lb
class class-default
sticky-serverfarm sticky-URL1
action https-rewrite
insert-http X-Forwarded-For header-value "%is"
policy-map type loadbalance first-match URL1-rd
class class-default
serverfarm server-rd
policy-map multi-match yellow-policy
class URL1-vip-rd
loadbalance vip inservice
loadbalance policy URL1-rd
loadbalance vip icmp-reply active
class URL1-vip
loadbalance vip inservice
loadbalance policy URL1-lb
loadbalance vip icmp-reply active
appl-parameter http advanced-options generic-http-parameter-map
ssl-proxy server URL1Hi there,
If all the URLs respond to the same VIP then you need to modify your server-rd as follows:
rserver redirect server-rd
webhost-redirection https://www.URL1.com/%p 301
inservice
That would take care of the HTTP part.
For HTTPS we can't do much as decryption happens before URL matching, you'll get the certificate
error before being sent to the correct domain. The only way you can get HTTPS working is either with:
- Wildcard Certificate: *.URL1.com
- SAN certificate: You can include multiple domains into the same SSL certificate.
HTH
Pablo -
MSPL retarget or redirect to tel URI
Hello,
I'm trying to create an MSPL script that will automatically forward calls to an external number (an external answering service), if the original recipient is busy.
I can redirect the call using RetargetRequest, but only to internal SIP URIs.
I have tried formatting the URI for the RetargetRequest operation in a number of different ways, but have not had any luck to get it to work.
Is it possible to redirect a SIP INVITE to an external number?
Thank you.
RasmusI'm not sure if you can do this in MSPL alone, however you can in the .NET side. Simply directly set Request.RequestUri to the new phone destination, instead of calling Retarget or SetDestination. This is how call forwarding/simluring works
inside default routing. -
Load balancing within the same ACE across two different contexts residing on the same vlan
I'm working on a design that requires traffic be sent to a different context in the same ACE. The question I have is can this be done when both reside on the same VLAN. Would the traffic in this case be handled at layer 2 instead of layer 7. Would I have to create a seperate subnet in order to provide loadbalancing?
|__________________|
| | vlan 5 | |
| |
| |
Context A |
|
|
Context B
Thanks, Jerilynby design, two contexts on the same box in the same vlan can't communicate. You have to use an external L3 device.
A workaround may be to use two diferent vlans and then bridge between them with a loopback cable.
Maybe you are looking for
-
I am unable to restore my iphone, because it has become disabled. When I go to restore, it says to turn off "Find My iPhone" app. I can't, because it is disabled. I deleted the app and it still says the same thing. Any ideas?
-
Computer freezes after software install
after i updated to the newest version of snow leapord my computer will freeze/and or restart during use. also, i now cannot access my system prefereces. what does all of this mean?
-
I am a new developer in iOS, need info about iTunes Store
I am a new developer in iOS, I have created an weather app just to show recruiters about my work and to get the work or job from them. This is not for sale, i know apple provide built in weather app. Can i add this app to iTunes store.
-
Java servlet: how to store large data result across multiple web session
Hi, I am writing a java servlet to process some large data. Here is the process 1), user will submit a query, 2) servlet return a lot of results for user to make selection, 3). user submit their selections (with checkboxes). 4). servlet send back the
-
ASA %ASA-3-210007: LU allocate xlate failed
I have a client that keeps receiving the following syslog error: /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style