ACE URL Redirect
Hello,
I am trying to redirect inbound connections from http://foo.com to http://foo.com/this/is/a/test 301. The relevant portion of the redirect config is as follows:
rserver redirect RD_QA_ANONYMOUS_LOGIN
description Redirect Inbound Connections to Anonymous Login Page
webhost-redirection https://foo.com/this/is/a/test 301
inservice
serverfarm redirect SF_QA_ANON_LOGIN
description Redirect Inbound Connections to Anonymous Login Page
rserver RD_QA_ANONYMOUS_LOGIN
inservice
parameter-map type http REDIRECT
description Redirect Inbound Connections to Anonymous Login Page
case-insensitive
persistence-rebalance
class-map match-any RD_PORTAL_QA_VIP_1
description ***VIP for QA Customer Portal***
2 match virtual-address 10.145.19.135 any
class-map type http loadbalance match-all RD_QA_ANON_01
2 match http header Host header-value ".*foo.com/"
policy-map type loadbalance first-match LB_RD_EXTPORTAL_QA_1
class RD_QA_ANON_01
serverfarm SF_QA_ANON_LOGIN
policy-map multi-match EXT_TEST_POLICY
class RD_PORTAL_QA_VIP_1
loadbalance vip inservice
loadbalance policy LB_RD_EXTPORTAL_QA_1
loadbalance vip icmp-reply active
appl-parameter http advanced-options REDIRECT
Right now, the client is not receiving the redirect message, only a FIN. I've tried several variations of the above config, with no success. Any ideas?
Thanks,
Michael
Hello Kanwal,
Good question. The answer is yes, both. The first goal was to enable redirection without SSL. After that was working, then next goal was to enable SSL. Working with TAC, we came up with the following config, which enabled the redirection with SSL. BTW: The SSL config was already in place. I am adding the SSL config for the sake of completeness. Also we are re-writing headers in both directions:
crypto chaingroup CHAINGROUP
cert ROOT
cert WC_INTER_1
cert WC_INTER_2
rserver redirect RD_REDIRECT_SERVICE
webhost-redirection https://%h/this/is/a/test 301
inservice
rserver host RS_REAL_SERVER_01
ip address 10.10.10.10
inservice
serverfarm host SF_REAL_SERVERFARM_01
rserver RS_REAL_SERVICE_01 1000
inservice
serverfarm redirect SF_REDIRECT_SERVICE
rserver RD_REDIRECT_SERVICE
inservice
parameter-map type http REWRITE
description Enable Header Rewrites
persistence-rebalance
header modify per-request
parameter-map type ssl SSL_TERMINATION
cipher RSA_WITH_RC4_128_MD5
cipher RSA_WITH_RC4_128_SHA
cipher RSA_WITH_3DES_EDE_CBC_SHA
cipher RSA_WITH_AES_128_CBC_SHA
cipher RSA_WITH_AES_256_CBC_SHA
sticky ip-netmask 255.255.255.0 address both STICKY_SERVERFARM_01
timeout 600
replicate sticky
serverfarm SF_REAL_SERVERFARM_01
action-list type modify http MODIFY_HEADER_LIST
header rewrite response location header-value "http://inside[.]foo[.]net(.*)" replace "https://outside.foo.com%1"
header rewrite response location header-value "http://inside[.]foo[.]com(.*)" replace "https://outside.foo.com%1"
header rewrite request Host header-value "outside\.foo\.com" replace "inside.foo.com"
ssl url rewrite location "outside\.foo\.com%1"
ssl-proxy service SSL_WC_01
key WC_KEY
cert WC_CERT
chaingroup RAPID_SSL
ssl advanced-options SSL_TERMINATION
class-map match-any VIP_1
2 match virtual-address 10.10.10.210 any
class-map type http loadbalance match-any LB_L7
2 match http url /.*
class-map type http loadbalance match-all REDIRECT_01
2 match http url /
policy-map type loadbalance first-match LB_POLICYMAP_1
class REDIRECT_01
serverfarm SF_REDIRECT SERVICE
class LB_L7
sticky-serverfarm STICKY_SERVERFARM_01
action MODIFY_HEADER_LIST
policy-map multi-match MM_POLICY
class VIP_1
loadbalance vip inservice
loadbalance policy LB_POLICYMAP_1
loadbalance vip icmp-reply active
nat dynamic 1 vlan 60
appl-parameter http advanced-options REWRITE
ssl-proxy server SSL_WC_01
Similar Messages
-
ACE: URL redirect - not working
Hi,
I've to do url redirection from port 80 to port 443. I've following configured:
rserver redirect url.test.com-rd
webhost-redirection https://url.test.com/
inservice
serverfarm redirect url.test.com:80
description url.test.com - port 80 redirect ***
rserver url.test.com-rd
inservice
class-map match-any url.test.com:80
2 match virtual-address 192.168.1. tcp eq www
policy-map type loadbalance first-match url.test.com:80
class class-default
serverfarm url.test.com:80
policy-map multi-match LOAD_BALANCE
class url.test.com:80
loadbalance vip inservice
loadbalance policy url.test.com:80
loadbalance vip icmp-reply active
===
with above configuration, ACE is redirection port 80 to port 443 but it also rewrites the header. i.e. ACE send me to
"https://url.test.com/" if I type "http://url.test.com/abc" in the browser. It should have redirected to "https://url.test.com/abc" ( it shouldn't have removed "/abc")
could you advice how to accomplish it.
Thanks in advance...Hi,
thanks pablo. but that isn't expected response. redirected url shows the load balanced server. i.e. for the following serverfarm of port 443:
serverfarm host url.test.com:443
description url.test.com - Port 7777 ***
failaction purge
probe url.test.com:7777
rserver server1.test.com 7777
inservice
redirected url comes as "http://server1.test.com:7777/abc/" ...instead of what I expect .i.e. i expect "
https://url.test.com/abc/" -
Hi,
I have ACE 4710. My users will be accessing website
www.fcc.com which is mapped to VIP in DNS.
My requirement is that when users access www.fcc.com then ACE should redirect the URL to the following ones
Dear Team,
Kindly create an new website with the below mentioned details.
Sitename : www.fcc.com
Ip address: 10.52.7.198
The above mentioned ip address will be given for load balancer. The urls to be mapped in load balancer is given below.
http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD
http://chfccapp02.kvbad.com:9001/forms/frmservlet?config=FCCPROD
Is it possible in ACE. Below is the config which I have planned to deploy.
probe tcp port9001
port 9001
interval 5
passdetect interval 5
connection term forced
rserver host FCC-APP-WEB1
ip address 10.52.7.196
inservice
rserver host FCC-APP-WEB2
ip address 10.52.7.197
inservice
rserver redirect FCC-Redirect1
webhost-redirection http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD 301
inservice
rserver redirect FCC-Redirect2
webhost-redirection http://chfccapp02.kvbad.com:9001/forms/frmservlet?config=FCCPROD 301
inservice
serverfarm host FCC-Dynamic-SF
description *** FCC Dynamic ServerFarm ***
probe port10870
rserver FCC-APP-WEB1
inservice
rserver FCC-APP-WEB2
inservice
serverfarm redirect FCC-App-Redirect
rserver FCC-Redirect1
inservice
rserver FCC-Redirect2
inservice
class-map type http loadbalance match-any FCC-Redirect
2 match http header Host header-value "fcc"
class-map match-any FCC-Redirect-VIP
2 match virtual-address 10.52.7.198 tcp any
policy-map type loadbalance first-match FCC-APP
class FCC-Redirect
serverfarm FCC-App-Redirect
policy-map multi-match PM-MULTI-MATCH
class FCC-Redir-VIP
loadbalance vip inservice
loadbalance policy IDAM-REDIR
loadbalance vip icmp-reply
Is the config right. The customer is ready to change any URL name or the config to make it work.Hi Kanwal,
I got that URL copied as it is with ? included as per you suggestion. Then I came to know that ACE cannot redirect to two different URLs so I changed it only one URL.
Old Config :
Earlier there were two URLs with two redirect servers.
rserver redirect FCC-Redirect1
webhost-redirection http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD 301
inservice
rserver redirect FCC-Redirect2
webhost-redirection http://chfccapp02.kvbad.com:9001/forms/frmservlet?config=FCCPROD 301
inservice
serverfarm redirect FCC-App-Redirect
rserver FCC-Redirect1
inservice
rserver FCC-Redirect2
inservice
New Config:
rserver redirect FCC-Redirect1
webhost-redirection http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD 301
inservice
serverfarm redirect FCC-App-Redirect
rserver FCC-Redirect1
inservice
After this config change, ACE is not redirecting traffic to the real servers but only handing over the redirect URL "http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD" to the client. When the client access www.fcc.com, his webpage is redirected to the above URL and then he direclty hits the real server as the redirected URL is mapped to real server IP in DNS. This means that I will have to give direct access to server on port 9001. This behaviour is not which I want. Is this how the URL redirect works?? I am bit naive on this type of ACE config.
I want the client to access www.fcc.com port 80 which should then be redirected to the URL running on real servers on port 9001. The real server should then respond back to VIP on port 80 and then VIP should return the traffic to the client.
Is it possible? Attaching the running config -
ISE CWA FLEXCONNECT - No url redirect
Hi,
I'm setting up a LAB environment for CWA with ISE(1.2.1), vWLC(8.0.100), ASA5505(9.1.X) and a 2602 AP in flexconnect mode.
Unfortunately I'm running into problems.
The AP, WLC and ISE is all running in vlan 1 which terminates in the 5505 as a inside interface.
Vlan 2 is a guest network terminating on a separate interface in the ASA.
The problem that I'm facing is that the url-redirect from the ISE dosent' work. If i check the client summery on the vWLC I can see that the client get applyes the redirect flexconnect ACL and that the URL is present. I've verified that it's not a DNS issue and I'm able to manually connect to ISE so there is no ACL blocking me. The client just dosen't get the redirect. I've tired with multiple devices (windows,ios,android) and it's all the same.
I've followed the following guides:
http://www.drchaos.com/flexconnect-local-switching-guestbyod/
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116087-configure-cwa-wlc-ise-00.html#anc11
Currently I'm at work but I can provide some debug output later.
Have anyone seen this behavior before?It is possible that you are hitting the following bug:
https://tools.cisco.com/bugsearch/bug/CSCue68065
One thing this bug does not mention is that there is another resolution outside of disabling local switching. The alternative is:
1. Create a standar ACL on the controller that is named exactly as the FlexConnect ACLs
2. The standard ACL does not have to have any ACE in it
I have ran into this issue before and the above workaround has worked for me. The issue was supposed be addressed in version 8.x of the WLC but I think it is still worth giving it a try.
Thank you for rating helpful posts! -
SSL termination and URL redirection
Hi All,
I have configured application in cisco ACE module for which i got more requirement for URL redirection.
Application setup is as below.
VIP : 10.232.92.x/24 which is pointing to 2 Web server 10.232.94.x/24 range. In addition to that app team want APP server also need to be loadbalanced hence new VIP is configured for 10.232.92.x/24 which is pointing to 2 different app server 10.232.94.x/24.
Both Web and App servers are having different IP but in same broadcastdomain. SSL termination is done on ACE.
Issue : 1) After initiating connection i am getting login page but after login its again giveing login page. After 2 to 3 trial its giving me application page but with invalid session error.
2) How to do https connection redirecting to different path.
Ex. https://apps.xyz.com to https://apps.xyz.com/abc
configuration :
probe tcp rem_app_tcp
port 2100
interval 5
passdetect interval 10
passdetect count 2
open 1
probe http rem_itsm_https
port 80
interval 5
passdetect interval 10
passdetect count 2
request method get url /keepalive/https.html
expect status 200 200
open 1
serverfarm host app_tcp
predictor leastconns
probe rem_app_tcp
rserver server1 2100
inservice
rserver server2 2100
inservice
serverfarm host rem_https
predictor leastconns
probe rem_itsm_https
rserver server3 80
inservice
rserver server4 80
inservice
action-list type modify http remurlrewrite
ssl url rewrite location "apps\.xyz\.com"
policy-map type loadbalance first-match app_tcp
class class-default
serverfarm app_tcp
policy-map type loadbalance first-match app_https
class class-default
serverfarm rem_https
action remurlrewrite
class-map match-all VIP_rem_app_tcp
2 match virtual-address 10.232.92.8 any
class-map match-all VIP_rem_itsm_https
2 match virtual-address 10.232.92.9 tcp eq https
class-map match-all real_servers_vlan273
2 match source-address 10.232.94.0 255.255.255.0
policy-map multi-match VIPS
class real_servers_vlan273
nat dynamic 1 vlan 273
class VIP_rem_app_tcp
loadbalance vip inservice
loadbalance policy rem_app_tcp
loadbalance vip icmp-reply
class VIP_rem_itsm_https
loadbalance vip inservice
loadbalance policy rem_itsm_https
loadbalance vip icmp-reply
ssl-proxy server Remedy-SSL-PROXYHi Kanwaljeet,
I have applied below config for HTTPS URL redirection. Seems it dint work for me. Redirect serverfarm and policy map was not hitted.
access-list ANY line 8 extended permit ip any any
probe tcp rem_app_tcp
port 2100
interval 5
passdetect interval 10
passdetect count 2
open 1
probe http rem_itsm_https
port 80
interval 5
passdetect interval 10
passdetect count 2
request method get url /keepalive/https.html
expect status 200 200
open 1
ip domain-name nls.jlrint.com
ip name-server 10.226.0.10
ip name-server 10.226.128.10
rserver redirect REDIRECT-TO-HTTPS
webhost-redirection https://%h/arsys 301
inservice
rserver host serv1
ip address 10.232.94.74
inservice
rserver host serv2
ip address 10.232.94.75
inservice
rserver host serv3
ip address 10.232.94.76
inservice
rserver host serv4
ip address 10.232.94.77
inservice
serverfarm redirect REDIRECT-SERVERFARM
predictor leastconns
rserver REDIRECT-TO-HTTPS
inservice
serverfarm host rem_app_tcp
predictor leastconns
probe rem_app_tcp
rserver serv1 2100
inservice
rserver serv2 2100
inservice
serverfarm host rem_itsm_https
predictor leastconns
probe rem_itsm_https
rserver serv3 80
inservice
rserver serv4 80
inservice
ssl-proxy service Remedy-SSL-PROXY
key Remkey.pem
cert Remcert.pem
class-map type management match-any MANAGEMENT_CLASS
3 match protocol ssh any
4 match protocol snmp any
5 match protocol icmp any
6 match protocol http any
7 match protocol https any
class-map match-all VIP_rem_app_tcp
2 match virtual-address 10.232.92.8 any
class-map match-all VIP_rem_itsm_http
2 match virtual-address 10.232.92.9 tcp eq www
class-map match-all VIP_rem_itsm_https
2 match virtual-address 10.232.92.9 tcp eq https
class-map match-all real_servers_vlan273
2 match source-address 10.232.94.0 255.255.255.0
policy-map type management first-match MANAGEMENT_POLICY
class MANAGEMENT_CLASS
permit
policy-map type loadbalance first-match REDIRECT-PM
class class-default
serverfarm REDIRECT-SERVERFARM
policy-map type loadbalance first-match rem_app_tcp
class class-default
serverfarm rem_app_tcp
policy-map type loadbalance first-match rem_itsm_https
class class-default
serverfarm rem_itsm_https
policy-map multi-match VIPS
class real_servers_vlan273
nat dynamic 1 vlan 273
class VIP_rem_itsm_http
loadbalance vip inservice
loadbalance policy REDIRECT-PM
class VIP_rem_itsm_https
loadbalance vip inservice
loadbalance policy rem_itsm_https
loadbalance vip icmp-reply
ssl-proxy server Remedy-SSL-PROXY
class VIP_rem_app_tcp
loadbalance vip inservice
loadbalance policy rem_app_tcp
loadbalance vip icmp-reply
interface vlan 270
description VIP
ip address 10.232.92.4 255.255.255.0
alias 10.232.92.6 255.255.255.0
peer ip address 10.232.92.5 255.255.255.0
access-group input ANY
service-policy input MANAGEMENT_POLICY
service-policy input VIPS
no shutdown
interface vlan 273
description Real server
ip address 10.232.94.66 255.255.255.192
alias 10.232.94.65 255.255.255.192
peer ip address 10.232.94.67 255.255.255.192
access-group input ANY
nat-pool 1 10.232.92.253 10.232.92.253 netmask 255.255.255.0 pat
service-policy input MANAGEMENT_POLICY
service-policy input VIPS
no shutdown -
Hi,
I need to do url redirection. I've worked on CSS alot so far but I'm new bie to ACE.
for example - my CSS config for url rediction is as follow:
service server1:443
ip address 192.168.1.1
protocol tcp
port 443
keepalive type ssl
active
service server2:443
ip address 192.168.1.2
protocol tcp
port 443
keepalive type ssl
active
service server1:80
type redirect
redirect-string "https://mail.google.com/exchange"
ip address 192.168.1.1
no prepend-http
active
service server2:80
type redirect
redirect-string "https://mail.google.com/exchange"
ip address 192.168.1.2
no prepend-http
active
owner mail
content mail.google.com:443
vip address 10.10.10.1
port 443
protocol tcp
application ssl
add service server1:443
add service server2:443
advanced-balance sticky-srcip
active
content mail.google.com:80
vip address 10.10.10.1
protocol tcp
port 80
url "/*"
add service server1:80
add service server2:80
active
what would be equivalent ACE config? please advise....probe tcp generic-tcp
interval 5
passdetect interval 20
passdetect count 2
connection term forced
exit
rserver server1
ip add 192.168.1.1
inservice
exit
rserver server2
ip add 192.168.1.2
inservice
exit
rserver redirect https-target
webhost-redirection https://mail.google.com/exchange
inservice
exit
serverfarm redirect secure-redirect
rserver https-target
inservice
exit
serverfarm host SF443
failaction purge
predictor leastconns
probe generic-tcp
rserver server1 443
inservice
rserver server2 443
inservice
exit
exit
sticky ip-netmask 255.255.255.255 address source SF443-SG
timeout 3600
replicate sticky //only required if HA is in use
serverfarm SF443
exit
class-map match-any www-CM
2 match virtual-address 10.10.10.1 255.255.255.255 tcp eq www
exit
class-map match-any https-CM
2 match virtual-address 10.10.10.1 255.255.255.255 tcp eq 443
exit
policy-map type loadbalance first-match http-PM
class class-default
serverfarm secure-redirect
exit
exit
policy-map type loadbalance first-match https-PM
class class-default
sticky-serverfarm SF443-SG
exit
exit
policy-map multi-match LBR-LB
class www-CM
loadbalance vip inservice
loadbalance policy http-PM
loadbalance vip icmp-reply
class https-CM
loadbalance vip inservice
loadbalance policy https-PM
loadbalance vip icmp-reply
exit
exit
interface vlan xxx
ip address xxx
alias xxx
peer ip address xxx
access-group input xxx
service-policy input LBR-LB
no shutdown
exit -
Hi guys.
Recenty I see the following config.
rserver redirect REDIRECT-TO-HTTPS
webhost-redirection https://%h%p 301
inservice
serverfarm redirect REDIRECT-SERVERFARM
rserver REDIRECT-TO-HTTPS
inservice
I suspect this is a generic config to rewrite a redirection sent from rsever to client when it sends a http redirection and the client need to do a https conection.
My question is: this configuration will rewrite all redirect? What happens if the redirect sent from real server need to reach the client as http (not translated)
Thanks in advance.Hi David,
The above configuration is for ACE to redirect and not "Rserver". So if a user comes on http://xyz.com and you want ACE to redirect it to https"//xyz.com, you use above configuration. Now there will be a class-map condition as well as policy maps and hence ACE will redirect only those requests which will match the condition. Also, redirect and rewrite are two different functions. If you want the ACE to intercept server response and rewrite it, then you should have a look at "URL Rewrite as well as SSL rewrite" features. Again you will have proper configurations place for ACE to decide what to rewrite and what not.
Let me know if you have any questions.
Regards,
Kanwal -
Hi,
How to configure the ACE to redirect a https request to different url.
For example
Clients requesting https://www.mycompany.com shall be redirected to https://www1.mycompany.com.
Please let me know.Thanks in AdvanceHi Gilles,
I am having the certificate and the key.
Please check the config and confirm whether this looks fine or not.
I am using GSS to resolve www.mycompany.com and www1.mycompany.com
probe http Server1
interval 15
passdetect interval 60
request method head url /keepAlive.html
expect status 200 202
open 10
parameter-map type ssl PARAMMAP_SSL_TERMINATION
cipher RSA_WITH_3DES_EDE_CBC_SHA
cipher RSA_WITH_AES_128_CBC_SHA priority 2
cipher RSA_WITH_AES_256_CBC_SHA priority 3
rserver redirect HTTPS-REDIRECT
conn-limit max 4000000 min 4000000
webhost-redirection https://www1.mycompany.com.au 301
inservice
serverfarm host SFARM_HTTPS
rserver Server1_http 80
inservice
serverfarm redirect https-redirect
rserver HTTPS-REDIRECT
inservice
ssl-proxy service SSL_PSERVICE
key MYKEY.PEM
cert ACE-SP2.CER
ssl advanced-options PARAMMAP_SSL_TERMINATION
class-map type http loadbalance match-any HTTPS1
2 match http header Host header-value "www[.]mycompany[.]com"
class-map type http loadbalance match-any HTTPS2
2 match http header Host header-value "www1[.]mycompany[.]com"
policy-map type loadbalance first-match HTTPS
class HTTPS1
serverfarm https-redirect
class HTTP2
serverfarm SFARM_HTTPS
class class-default
serverfarm SFARM_HTTPS
policy-map multi-match HTTPS-PM
class HTTPS-RED
loadbalance vip inservice
loadbalance policy HTTPS
loadbalance vip icmp-reply active
ssl-proxy server SSL_PSERVICE
Also let me know know if there is any another way to configure the redirection other than matching host header.
Thanks in Advance -
How to do auto URL redirect in sun web server ?
Hi, i need to do auto url redirect in my sun web server. Currently i'm setup some rules for the reverse proxy in obj.conf file and the syntax looks like:
<Object name="reverse-proxy-/test">
<If $internal and $uri =~ "index.html">
NameTrans fn="redirect" from="/" uri="/examples/abc.html"
</If>
Route fn="set-origin-server" server="http://localhost:8989"
</Object>
The situation is:
1) When users browse "*http://localhost/examples/abc.html*" it will redirect to abc.html
2) When users browse "*http://localhost/test*" it will redirect to the localhost admin GUI (http://localhost:8989/admingui/admingui/serverTaskGeneral)
My desire output should be whenever users browse the "*http://localhost/test*" , it will redirect to abc.html page.
the syntax might be wrong. So, anyone knows how to fix this? I'm keep trying but nothing worked. Please help me.Moderator action: Moved from Servers General Discussion.
db -
Need help with URL Redirect in Sun Web Server 7 u5
All I am trying to do is redirect to a static URL and for the life of me I can not get it to behave the way I would expect. I am new to Sun Web Server so I am just trying to use the Admin Console to set this up.
Here is what I'm trying to do:
Redirect from - http://www.oldsite.com/store/store.html?store_id=2154
To - http://www.newsite.com/Stores/StoreFront.aspx?StoreId=2154
Here's what I tried in the console.
Added a new URL Redirect
Set the Source to be Condition and set it to: '^/store_id=2154$' (quotes included)
Then set the Target to: http://www.newsite.com/Stores/StoreFront.aspx?StoreId=2154
Then for the URL Type I checked Fixed URL
When I tested with: http://www.oldsite.com/store/store.html?store_id=2154 it did redirect as desired
BUT
When I tested with: "http://www.oldsite.com/store/store.html?store_id=5555" it too got redirected to the Target and I can't figure out how this second URL can satisfy the condition to get redirected.
Any help is most appreciated.thanks for choosing sun web server 7
it is simpler if you just edit the configuration files manually
cd <ws7-install-root>/https-<hostname>/config/
edit obj.conf or <hostname>-obj.conf (if there is one for you depending on your configuration so that it look something like)
<Object name="default">
AuthTrans..
#add the folllowing line here
<If defined $query>
<If $urlhost =~ "/oldsite.com" and
$uri =~ "/store/store.html" and
$query =~ "store_id=2154" >
NameTrans fn="redirect" from="/" http://www.newsite.com/Stores/StoreFront.aspx?StoreId=2154
</If>
</If>
..rest of the existing obj.conf. continues
NameTrans...
now, you can either do <ws7-install-root>/https-<hostname>/bin/reconfig -> to reload your configuration without any server downtime or <ws7-install-root>/https-<hostname>/bin/restart -> to restart the server
if it did work out for your, you will need to run the following so that admin server is aware of what you just did
<ws7-install-root>/bin/wadm pull-config user=admin config=<hostname> <hostname.domainname>
hope this helps -
Is there a way to create a popup to a page in URL Redirect ?
I have a button (also with a report link column) that is doing a URL Redirect to another page in my app. This works fine.
However, some pages I branch to are small forms and a popup of that form would be more appropriate.
Is there any way to create a URL Redirect that redirects as a popup rather than a page navigation? Similarly, can you branch to a popup page with a report link column?
Thanks,
Reid
Edited by: reidster on Jul 30, 2009 7:10 PMWith your help, I was able to create a popup on a report link column using this:
I just added an "a href" around it.
Thanks again!
Edited by: reidster on Jul 30, 2009 10:18 PM
Edited by: reidster on Jul 30, 2009 10:18 PM -
Set item value at other page via URL-redirect
Hi, I have a button and I want to open a new window with it using an url-target.
</br>
</br>
javascript:window.open ('f?p=&APP_ID.:143:&SESSION.::NO:143:P143_KDT_ID,P143_MESSAGE:&P140_KDT_ID.,&P140_MESSAGE.') </br>
</br>
When I use branching I get an error that there is no page to branch to. I don't understand why. As a workaround I use an url-redirect when the button is pressed, but I'm stuck on getting the current item value into the target page. I tried using $v('P140_MESSAGE') but I can't get the url valid.Jacob,
The problem was that when the HTML for the button is rendered, the value of P1_ITEM from session state was "glued in" to the generated URL at that time. If you then entered a value for the iterm, even though your onChange AJAX technique changed the value in session state it was too late to change the already generated HTML for the button, specifically the URL target for the button.
I created a Set Item2 button on your page with this for the URL attribute:
javascript:window.open('f?p=&APP_ID.:2:&SESSION.::NO::P2_ITEM:' + document.getElementById('P1_ITEM').value);
Let me know if that does what you need.
There is another problem and I don't know the cause. When you click the button, it opens the new window properly but leaves the original page in an error state of some kind. I could not reproduce this in my application using the same js, so I'll be interested in how you solve that.
Scott -
URL redirection config in PI SOAP receiver communication channel
Hi,
I am working on a similar scenario where I my consuming an external web service using https protocol from PI.
I have configured a soap receiver channel to call the target url of this web service as https://portal.xyz.org.uk/webservice_alt.
I am getting an error HTTP 302 suggesting that PI is not able to follow the re-direction to the target URL as the service resides not on that URL but on https://portal1.xyz.org.uk/webservice_alt or https://portal2.xyz.org.uk/webservice_alt.
This is their server fail over handling mechanism which is very common. But PI 7.0 is not able to handle this.
So if I change the target URL on the SOAP receiver channel to https://portal1.xyz.org.uk/web service or https://portal2.xyz.org.uk/webservice_alt , PI works fine without errors . But this is not the right approach because, every time the web service provider takes one of these systems down for upgrade/patching etc, they inform us and then I manually go and change the target URL to the available server on my production PI system config.
My problem is I want to resolve this redirection error in PI. I have tried raising a call with SAP itself and they pointed out to use Axis adapter which is still not working.
So I am here asking for help. any suggestions please from the experts?
Thanks
Jhansi.Hi guys,
I am sorry if I have not been clear so far!!
What I am talking about is a URL redirection capability of PI. what i mean is , when you call any service in general using a browser/soap ui etc, it pings that url and follows the redirection.
For example when i try to test this external web service directly using soap ui tool, it also returns HTTP 302 error. But when I set the 'Follow redirect' property to 'true' , it follows the redirection and calls the service on 'portal1' or 'portal2' .
You assume PI is a test tool like SOAPUI. When the address or URL changed in WSDL and if you load the latest WSDL in soapUI it post the request to the latest URL. YOu import WSDL only in ESR not in IR. Dont forget it. Though WSDL has soap address location, it will not impact the wsdl changes directly in ID.
It makes no sense to complain regarding the behaviour of PI when the reason for the problem is outside (WS provider).
please note that the target url is fixed which is https://portal.xyz.org.uk/webservice_alt.
so we are not talking here about the service provider altering the service and sending us new wsdl's etc.
All users of this webservice have been non-sap users so far and consumers use java, .net etc platforms and are easily able to handle the redirection.because this redirection is a part of failover mechanism.
I hope i am able to picture my problem.
thanks
Jhansi. -
Hello,
say I want to have five ISE 1.3 nodes behind load balancer, I want only only G0 behind LB, and G1 interfaces will be dedicated for certain things. Specifically I want to use G1 interface for Redirected Web Portal access (could be CWA, device registration, NSP, etc). RADIUS auth will happen through LB on G0 of some specific PSN, and that PSN will url-redirect user to the CWA URL.
How do I tell ISE to use specifically Gig1's IP address or Gig2's IP address? When I check result authorization profile, there is no option there, it's just ip:port. Obviously, that's not the right place, because which PSN is used to processed the policy is unpredictable.
So then I go to guest portal, and specifically Self-Registered Guest Portal that I'm using. So here I see Gig0, Gig1, Gig2, and Gig3 listed. My guess is that if I only leave Gig1 selected then I will achieve my goal, is that correct?
But then, why does it let me choose multiple interfaces, what happens if I select all of them?
Am I missing another spot in ISE admin where I can control this?
Additional question. I know that in ISE 1.2 you could configure "ip host" in ISE's CLI, which would force URL-redirect response to be translated to FQDN:port. Is that still the right method in ISE 1.3?
Thanks!Take a look at the following document:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/installation_guide/b_ise_InstallationGuide13.pdf
Towards the end of the document you will find a section called: "Cisco ISE Infrastructure" and there you will see the following:
• Cisco ISE management is restricted to Gigabit Ethernet 0.
• RADIUS listens on all network interface cards (NICs).
• All NICs can be configured with IP addresses.
So, you can take an interface, give it an IP address and then assign it to the web portal that you are working with.
I hope this helps!
Thank you for rating helpful posts! -
ISE & Switch URL redirect not working
Dear team,
I'm setting up Guest portal for Wired user. Everything seems to be okay, the PC is get MAB authz success, ISE push URL redirect to switch. The only problem is when I open browser, it is not redirected.
Here is some output from my 3560C:
Cisco IOS Software, C3560C Software (C3560c405-UNIVERSALK9-M), Version 12.2(55)EX3
SW3560C-LAB#sh auth sess int f0/3
Interface: FastEthernet0/3
MAC Address: f0de.f180.13b8
IP Address: 10.0.93.202
User-Name: F0-DE-F1-80-13-B8
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
URL Redirect ACL: redirect
URL Redirect: https://BYODISE.byod.com:8443/guestportal/gateway?sessionId=0A005DF40000000D0010E23A&action=cwa
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A005DF40000000D0010E23A
Acct Session ID: 0x00000011
Handle: 0xD700000D
Runnable methods list:
Method State
mab Authc Success
SW3560C-LAB#sh epm sess summary
EPM Session Information
Total sessions seen so far : 10
Total active sessions : 1
Interface IP Address MAC Address Audit Session Id:
FastEthernet0/3 10.0.93.202 f0de.f180.13b8 0A005DF40000000D0010E23A
Could you please help to explore the problem? Thank you very much.With switch IOS version later than 15.0 the default interface ACL is not required. For url redirection the dACL is not required as this ACL is part of traffic restrict for "guest" users.
In my experiece some users can not get the redirect correctly because anti-spoof ACL on management Vlan or stateful firewall blocks the TCP syn ack.
It is rare in campus network access layer switches have user SVI configured so the redirect traffic has to be sent from the netman SVI, but trickly the TCP SYN ACK from the HTTP server will be sent back from the netman Vlan without source IP changed. (The switch is spoofing the source IP in my understanding with changing only the MAC address of the packet). In most of the cases there should be a basic ACL resides on the netman SVI on the first hop router, where the TCP SYN ACK may be dropped by the ACL.
tips:
1. "debug epm redirect" can make sure your traffic matches the redirect url and will get intercepted by the switch
2. It will be an ACL or firewall issue if you can see epm is redirecting your http request but can not see the SYN ACK from the requested server.
Which can win the race: increasing bandwidth with new technologies VS QoS?
Maybe you are looking for
-
Multiple registration with sip-ua
Hi, someone know a way to do multiple registration with a single 2811 using sip-ua configuration with multiple accounts?? thnx s.
-
Hi I'm having som problems figuring out the following. I have a table, let's call it Mytable. It contains two columns. Column one is a date, and column two is a number. I would like another table, Displaytable, to show sums for certain timeperiods, i
-
hello friends i am new to XI . current working as abap consultant . now shifting to XI so can any one help where i can download trail version of XI. i downloaded 2004s and 2004 netweaver but Xi is not working in that.
-
Work Center in equipment master
Dear All, We have created equipment master for 1000 palnt and then assigned work center belongs to 1100 palnt.System accepted 1100 plant work center.My requirement is plant number and work center palnt must be same.
-
Error Code -8003 while emptying trash
I have deleted some Time Machine backups.backupdb folders from my backup volume into my trash and now I can't empty the trash. The volume with the backups.backupdb data was getting full and I wanted to give it more space. Now when I attempt to empty