Advance Balance and Https pages

Hello,
I have setup load blancing on our web server, using a content rule and services, with Protocol tcp and any port.
I find that it will allow Https traffic through when the Advance Balance option is not enabled but i get a "server or DNS error" when i have A.B enabled.
My switch is the former Arrowpoint CS-100 software ver 3.02.
Help!!
Pearl

the type of "Advanced Balance" option selected is important. Note that the HTTPS traffic is encrypted so we can NOT do any advanced balance that needs to look at the payload (it's encrypted so the CSS can NOT see it). The "advanced-balance sticky-srcip" would work.
Cookies can't be used because they are encrypted,
SSL is not useful as IE will change the SSL session ID,
URL can't be used because it's encrypted.

Similar Messages

  • Advanced-balance and weighting

    Hello,
    I'd like to assign weights to services, but it says in the documentation that this works for weighted round-robin load-balance algorithm. will this work for an advance-balance scenario? i.e. will the config below work?
    content Serv1-Rule
    add service Serv-1
    add service Serv-2 weight 2
    add service Serv-3 weight 4
    protocol tcp
    redundant-index 1
    port 80
    advanced-balance arrowpoint-cookie
    vip address 12.18.27.20
    active
    thanks,
    dayo

    the way it works, is that the CSS tries to do an advanced-balance decision.
    In your case, the CSS looks for a cookie ARPT=...
    If this CSS can't make an advanced-balance decision (ie: there is no cookie) it will make a basic balancing decision.
    This is where you can use a weight.
    So, your config is good except that you didn't specify the basic loadbalancing method so the CSS will do roundrobin.
    You need to configure something like 'balance weightedrr'
    Gilles.

  • Https and http configuration

    Hello All
    Can anyone tell me how to configure a website which contain both https and http pages? I mean for example, if you go to your online banking website, all the pages before you reach the Login page are in http. But once you have login, all the pages are under https.
    For my own project, I have also installed the SSL onto my Tomcat, it works fine. However, all the pages are under https, even the index.html page. Below is my server.xml, hope it may give you more information.
    Many thanks
    Viola
    ============================================================================
    <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8081 -->
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    port="8080" minProcessors="5" maxProcessors="75"
    enableLookups="true" redirectPort="8443"
    acceptCount="100" debug="0" connectionTimeout="20000"
    useURIValidationHack="false" disableUploadTimeout="true" />
    <!-- Note : To disable connection timeouts, set connectionTimeout value
    to -1 -->
    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    port="8443" minProcessors="5" maxProcessors="75"
    enableLookups="true"
    acceptCount="100" debug="0" scheme="https" secure="true"
    useURIValidationHack="false" disableUploadTimeout="true">
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
    clientAuth="false" protocol="TLS" />
    </Connector>
    <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    port="8009" minProcessors="5" maxProcessors="75"
    enableLookups="true" redirectPort="8443"
    acceptCount="10" debug="0" connectionTimeout="20000"
    useURIValidationHack="false"
    protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>

    True for my version of TOMCAT
    I think that if you check http://localhost:8080
    you will find that you can access your pages
    with out using http also.
    You are applying ssl to the server not the individual
    war files. So you can access the files using both
    https and http.
    What you need todo is set the security parameters of the
    war file that you want to access using https to only allow
    connection using https.
    So now you can access the web pages using http or https
    but you can only access the file with the security settings
    using https.
    Note if you are using sessions becareful you don't jump between
    http & https and leave the session id exposed.

  • HTTP POST with advance balance cookies

    Hello
    I am trying to keep a session sticky for 20 mins based on cookies. The problem is the application is using HTTP POSTs and the balance method only looks into the HTTP GET. How can I get the CSS to look into the HTTP POST?
    Any examples would be great.
    Thanks.
    Donagh

    Hi Gilles
    Thanks for your reply. I have obviously been misinformed about the POST and the GET. That is good but now I don't have an answer to my problem!! I am balancing on a cookie called ASP.NET_SessionId=
    Here is my config
    content Toughbook_PDAs
    vip address 10.40.21.28
    add service w2k-eolasprd1
    add service w2k-eolasprd2
    protocol tcp
    port 80
    string prefix "ASP.NET_SessionId="
    sticky-inact-timeout 20
    advanced-balance cookies
    active
    I have attached a trace and I am looking for
    ASP.NET_SessionId=1w0cql550wou04albf4jrjfoy45
    Hopefully my config is incorrect.
    Thank You
    Donagh

  • CSS 11501 SSL and port 80 advanced-balance of cookies

    I am trying to perform advanced cookie balancing with out pulling the cookie from the URL. The only cookie which is consistant is "ASP.NET_SessionId and it is not in the URL string.
    Also, Can in parallel can I balance last connection? I need to set a round robin to keep site traffice balanced.

    Thank you for the link.
    question? Can I also use the advanced-Balance Arrowhead-cookies ? and will I also need a keepalive:
    !*******************KEEPALIVE*************************
    keepalive IISsys01
    type http
    uri "/content.html"
    ip address 192.168.1.125
    active
    keepalive IISsys02
    type http
    uri "/content.html"
    ip address 192.168.1.165
    active
    keepalive IISweb01
    type http
    uri "/content.html"
    ip address 172.25.4.1
    active
    keepalive IISweb02
    type http
    uri "/content.html"
    ip address 172.25.4.3
    active

  • Add Device sees wireless but printer is wired and can reach the HTTP page on wire

    I installed my new Officejet 8000 Pro A809 with an ethernet but when I run the HP "Add Device" Wizard, it trys to install it as wireless even though I select wired and the install fails.
    I can see the http page for the printer and it shows all sane information about my printer so I believe the ethernet is actually working.
    I am running WinXP with the FW off. The printer is on the same switch as my PC & of course I can see the http page
    In the wizard, although I selected "Wired" of course the wire is working, the "Found Network Printers" page shows that its connection is wireless. None-the-less I click next and a screen comes up for "Starting Network Services" & it rolls though topology, wireless strength, etc. and to sending an SLP request to the IP then it fails & shows an picture of a wireless signal and a big red X.
    The HP Home Network Diagnostics Utility says that software to connect to printer over network is missing BUT I ran the Wizard all the way though a second time, I selected that my device was not online and it finished OK. I ran the UPDATE from the Utility & it did a security update; I rand it again and it did not find any.
    Although my FW is off, I checked the ports that the FW Guide says are needed:
    I can telenet to the printer on ports 9100 & 92200
    I cannot telnet on ports 137,139 or 427
    Ideas?
    Thanks!
    Larry Holt
    This question was solved.
    View Solution.

    OK, plugging the Ethernet cable into the printer should turn off the printer's wireless radio, but in case it did not, click the button near the blue light (or go to Setup > Network > Turn off wireless radio on the front panel).
    Now, don't bother with the Add Device wizard, let's just add it manually:
    Verify that you can browse to the printer's internal web page by its IP address.  If you cannot, disable your security system's firewall (not Windows firewall, it is usually not in the way).
    1. Click "Start" button --> Printers and Faxes.
    2. Under Printer Tasks, click "Add Printer".
    3. Click "Next" button on the Add Printer Wizard window.
    4. Select "Local printer attached to this computer". Deselect "Automatically detect and install My Plug and play printer". Click "Next".
    5. Under Select a Printer Port option, select "Create a new port" and select "Standard TCP/IP Port" and click "Next" button.
    6. In the "Welcome to the Add Standard TCP/IP printer port wizard" make sure that the printer is turned on and connected to same network that your computer is connected to. Click "Next" button.
    7. Under "Add Standard TCP/IP Printer Port" enter the printer's IP address. Click "Next" then click "Finish".
    8. Now, select HP from the list of manufacturers, select your printer from the list of Printer models and click 'Next' button.
    9. If you can't find your printer, you'll need to find the install CD and use the "Have Disk" option to select one of the hp*.ini files. Alternatively, you can select another HP printer model from the same type.
    10. Add the print spooler name and click "Next".
    11. Click "Next"
    12. Click "Next" and then "Finish"
    Say thanks by clicking "Kudos" "thumbs up" in the post that helped you.
    I am employed by HP

  • How do i get that bar to appear on the screen for http and web pages?

    How do i get that bar to appear on top of the screen for http and web pages?

    Yes im using safari version  5.1.2 (6534.52.7)  I have tried clicking show toolbar  from the view menu but i still can't see it.  It's the bar where you type in a website link or http:// that I can find - any other suggestions much appreciated

  • Why can I only load https pages, Safari and Maverick?

    Hi
    I can't load http web pages in Safari, but can load https pages. Have similar problem with Opera, but no problem loading http web pages on my iPad. The problem started yesterday and is on my iMac.  So am guessing that it is a mavericks setting issue?
    Any suggestions on what to do?

    Hi all
    Uninstalling Sophos from my computer resolved this problem.

  • How to give Username and password when calling HTTP page?

    I have this code when i run this I get credentials error. How to give credentials .The authentication is set to windows in the https page. Means pop up will appear to get the credentials
    declare
    req UTL_HTTP.REQ;
    resp UTL_HTTP.RESP;
    value varchar2(1024);
    p_url varchar2(4000);
    OPT varchar2(1000);
    BEGIN
    dbms_output.put_line('');
    p_url:='http://www.xyz.com/';
    dbms_output.put_line(p_url);
    req := UTL_HTTP.begin_REQUEST(p_url);
    utl_http.set_header(req, 'User-Agent', 'Mozilla/4.0');
    resp := utl_http.get_response(req);
    loop
    utl_http.read_line(resp, value, true);
    dbms_output.put_line(value);
    end loop;
    exception
    when utl_http.end_of_body then
    utl_http.end_response(resp);
    END;
    When i run this i get
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
    <title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
    <style type="text/css">

    Basic authentication is set using the UTL_HTTP.Set_Authentication() call.
    If you are using a proxy and need procy authentication, you can set the username and password for proxy access, as part of the proxy URL. E.g.
    utl_http.set_proxy( 'http://proxyuser:[email protected]', null );NTLM (Windows NT LAN Manager) authentication is proprietary and not part of the HTTP specifications. If that is needed, try and use the username and password as part of the URL - or do some research on how to manually perform NTLM authentication.
    If you are using HTTPS, you need an Oracle Wallet with that server's certificate (making it a trusted certificate), and then set/use the wallet using the UTL_HTTP.Set_Wallet() call. See sample code in {message:id=10820182}.

  • Where advanced search and replace in the new pages ?

    before it was easy to replace "tabulation" and many other things
    What's happen with the last update ??????????

    Yes it is missing along with 90+ other features.
    http://www.freeforum101.com/iworktipsntrick/viewforum.php?f=22&sid=faa0f0d1d7a55 e7ef01cde3e89a74fa8&mforum=iworktipsntrick
    You should find your previous Pages in your Applications/iWork folder.
    http://www.freeforum101.com/iworktipsntrick/viewtopic.php?t=432&mforum=iworktips ntrick
    Rate and review Pages 5 in the App Store for the benefit of other users and to let Apple know how you feel.
    Peter

  • Youtube not opening in Safari browser. However it works with google browser. There is a red arrow coming, with https in you tube, and the page just does not open. help required.

    youtube not opening in Safari browser. However it works with google browser. There is a red arrow coming, with https in you tube, and the page just does not open. help required.
    It seems I have done some mistake when you tube was open, and i stopped one site to delete!
    From then on it is not working.
    Any solutions?
    GV Joshi

    Hi gajanan vasant!
    I have a couple of articles for you that should help you troubleshoot your issue with Safari. First, you may want to try a reset on Safari by following the procedure listed in this article:
    Safari 5.1 (OS X Lion): Reset Safari
    http://support.apple.com/kb/PH5043
    If you are still having issues after resetting Safari, you may want to check out this article about third-party add-ons in Safari:
    Safari: Unsupported third-party add-ons may cause Safari to unexpectedly quit or have performance issues
    http://support.apple.com/kb/TS3230
    Thanks for using the Apple Support Communities!
    Regards,
    Braden

  • Safari switches between http and https infinitely; refuses to load the page and quits

    Such problems have not occured with Snow Leopard while opening the same webpage.
    Also apple mail quits everytime I get mail from Junk Mailbox manager at my University.
    Startup screen freezes approx (1 in 5 times while restarting); dont know what causes it.
    Has anyone had similar cascade of problems?? I havent installed any programs after upgrading to Lion!!!!

    Greetings,
    In the reference you cited below:
    http://download.oracle.com/docs/cd/B31017_01/web.1013/b28957/configssl.htm#CHDHGCDJsee the "Optional Steps in secure-web-site.xml" where a description of how to setup a mixed secure (https) and regular http pages site is described.
    -Michael

  • I'm using OXO e-commerce template, and trying to auto advance slides on home page; In jquery.main.js

    I'm using OXO e-commerce template, and trying to auto advance slides on home page; In jquery.main.js option autoslide is set to true, how do I make slides change besides clicking on switcher? ..pls help

    I'm using OXO e-commerce template, and trying to auto advance slides on home page; In jquery.main.js option autoslide is set to true, how do I make slides change besides clicking on switcher? ..pls help

  • Load Balance Reverse Poxy using ACE and HTTP Header Sticky

    Dear all,
    I have a reverse proxy that makes HTTP and HTTPS requests to an ACE.
    For implement persistence I want to configure HTTP HEADER Stickyness using the X-Forwarder-For information but I don't know:
    How to implement it ( I'l apreciate a little example about it).
    Which values I need for OFFSET and LENGHT fields.
    Can you help me please?
    Thanks a lot!!

    Hi Cesar.
    Thanks a lot for your answer but I think you misunderstand the question or I'm not explaninig very well
    I don't need to insert anything.
    The serverfarm X will be accesed by a reverse proxy. This reverse proxy already inserts the X-Forearder-From header, so the request from the reverse proxy comes with this header to the serverfarm X.
    The problem is that now, the serverfarm X sticky the client based on source IP. This is a wrong behavior becasue all the request comes form the same source (Reverse proxy) and all the load forwards to the same real IP address.
    This is because I want to change the sticky from source IP to HTTP header and looks for the X-Forwarder-For filed.
    Hop it will clarify the question!

  • Load balancing and RFC problem

    Hi!
    I have a problem regarding load balancing and RFC's. We use the follow function in librfc32.dll (from VB6) for RFC calls: RfcOpenExt It's working fine no problem, but from now on we will have to use the this funcion due to load balancing: RfcOpenExtV3
    The only difference between the two functions is the parameters. RfcOpenExtV3 has 5 additional parameters:
    intLoadBalance1, strLbHost1, strLbSysName1, strLbGroup1, intSapGui1
    I asked our tech guys for the details so that I can set up the parameters (double check everything) and the RfcOpenExtV3 doesn't working. Return value is zero.
    Have somebody faced with this issue before?
    Thanks in advance!

    Hi,
    1. Probably this  link may help.
    [http://help.sap.com/saphelp_nw04/helpdata/en/22/042f18488911d189490000e829fbbd/content.htm]
    Especially see the function parameters on this page,
    which are the bottom.
    regards,
    amit m.

Maybe you are looking for