CSM HTTP Redirect with SSL

Problem we are having:
A client opens an HTTPS connection to a CSM with SSL offload to SSL module. The decrypted clear HTTP request hits the IIS server and is redirected (301).
The client gets an HTTP redirect and not an HTTPS redirect.
The reason for the 301 redirect is the IIS server does not have a physical resource but rather a virtual directory so it issues a 301 and adds a /. eg https://www.cisco.com/tech is redirected to https://www.cisco.com/tech/ in a working situation.

look for the urlrewrite command in order to change HTTP into HTTPS.
Regards,
Gilles.

Similar Messages

  • HTTP Redirect with Global Load Balancing

    I've seen a lot of documentation about redirects and what I am trying to do seems simple enough yet I can't get it to work. Here is a summary:
    We have two CSSs in different data centers with load balancing in a roundrobin fashion.
    User types www.test.com:9086/test.html
    User hits one of the CSSes configured to respond to www.test.com, CSS1 and CSS2.
    If CSS1 gets the request, it should redirect request to server1:9086/test.html
    If CSS2 gets the request, it should redirect request to server2:9086/test.html
    Here is a sample of one of the CSSes:
    content vTEST
    dnsbalance roundrobin
    add dns www.test.com
    url "/*"
    protocol tcp
    port 9086
    vip address 192.168.3.135
    add service rTEST
    active
    service rTEST
    protocol tcp
    port 9086
    type redirect
    keepalive type none
    ip address 2.2.2.2
    redirect-string "server1:9086/test.html"
    active
    I've seen a lot of example of using HTTP Redirects, but none of them touch on using global load balancing as we are trying to accomplish.
    Now, if I type in a browser:
    http://www.test.com:9086/test.html
    it fails. Why? because the CSS returns back an IP of 2.2.2.2 for www.test.com, which isn't a real IP address (this is by design). If I type:
    http://192.168.3.135:9086/test.html
    it works because it successfully redirects to:
    http://server1:9086/test.html
    because it is going directly against the VIP and redirecting as it should.
    So the redirect function we know is working on the CSS as expected. However, the problem is this:
    When I ping www.test.com I should get back the VIP address of the content rule (192.168.3.135) and I do UNTIL I ADD THE REDIRECT TYPE to the service. Once I do that if I ping www.test.com I will get back 2.2.2.2. Somehow once the redirect is added the IP address of the service (2.2.2.2) is returned instead of the content VIP (192.168.3.135). That shouldn't happen.
    I hope this makes sense and any help would be greatly appreciated!!!

    I think what you want to do is explained at :
    http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a0080094068.shtml
    For your information, you should also look at this solution :
    http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a00801dcd75.shtml
    Regards,
    Gilles.

  • CSM HTTP Probes with Method GET

    Hello.
    How does the HTTP Probe with Method GET work on CSM and what is the difference with CSS?
    CSS calculates the HASH of the web page it receives as a first answer and considers that as a REFERENCE HASH, to compare with subsequent answers. Is the behaviour of the CSM the same?
    In the CSS it is also possible to insert the HASH in the configuration as a reference HASH. I did not find such a command on the CSM. Is that feature not present on CSM?
    Thanks.

    the CSM just looks for the response code.
    No hash or anything similar to the CSS.
    Regards,
    Gilles.

  • CSM 302 redirection with domain change

    running CSM-S with 2.2.(5)....I need to do the following on the same vserver:
    ==========================================================
    Point 2) and point 3) should take precedence on point 1)
    1)  URL /*
    From http://mysites.ams.pippo.com
    to http://mysite-ams.pippo.com
    2)  URL /personal/%p
    from:
    http://mysites.ams.pippo.com/personal/[SAMAccoutnName]
    to:
    http://mysite-ams.pippo.com/personal/pippo_[SAMAccoutnName]
    3)  URL variable2/personal/%p
    from:
    http://mysites.ams.pippo.com/variable2/personal/variable1
    to:
    http://mysite-ams.pippo.com/variable2/personal/pippo_variable1
    is this the right config? can we do a webex?
    map URL-ANY url
      match protocol http url /*
    map URL-SHARPT-P2 url
      match protocol http url /personal/%p
    map URL-SHARPT-P3 url
      match protocol http url mysites.%2/personal/%1
    policy SHARPT-PROD-RD1
      url-map URL-ANY
      serverfarm SHARPT-PROD-RD1
    serverfarm SHARPT-PROD-RD1
      nat server
      no nat client
      redirect-vserver SHARPT_PROD-RD
       webhost relocation http://mysite-ams.pippo.com/%p
       inservice
    policy SHARPT-PROD-RD2
      url-map URL-SHARPT-P2
      serverfarm SHARPT-PROD-RD2
    serverfarm SHARPT-PROD-RD2
      nat server
      no nat client
      redirect-vserver SHARPT_PROD-RD2
       webhost relocation  http://mysite-ams%2/personal/pippo_%1
    inservice
    policy SHARPT-PROD-RD3
      url-map URL-SHARPT-P3
      serverfarm SHARPT-PROD-RD3
    serverfarm SHARPT-PROD-RD3
      nat server
      no nat client
      redirect-vserver SHARPT_PROD-RD3
       webhost relocation  http://mysite-%2/personal/pippo_%1
    inservice
    vserver SHARPT-PROD
    parse-length 4000
    slb-policy SHARPT-PROD-RD1
    slb-policy SHARPT-PROD-RD2
    slb-policy SHARPT-PROD-RD3

    Hi,
    I'm afraid that what you are trying to achieve is not possible on the CSM. You cannot configure regex-based redirection.
    The maximum you would be able to achieve is changing "http://mysites.ams.pippo.com" into "http://mysite-ams.pippo.com"
    For the kind of rediretion you require, you would need to move to ACE.
    I wish I could give you a more satisfactory answer
    Regards
    Daniel

  • RFC To HTTP Synchronous with SSL Encryption

    Hallo
    I have a Scenario RFC --> XI ---> HTTP with responce coming back from HTTP to xi and then in turn will go back to SAP Synchronously.
    so it is like : RFC to XI and then To HTTP application at BANK partner
    I know the basic steps of how to import the RFC and how to create the Data Type for HTTP request and response and doing interface mapping for request message and response message.
    but my case is more complex because before i send the message to the web application over HTTP i need to encrypt the message and communicate with the web application of the bank, so i wonder how can we implement SSL to handshake with the bank successfully and how to encrypt the xml before i send the message to the bank ????
    also one more interesting question is : when i send the xml file to the bank over HTTPs  i have to pass only the encrypted part of the xml file as an arugment of the http body...so what does that mean and how can i send data as an argument inside the HTTP request ??
    please help me out guys and thanks in advance
    Edited by: Tarek Atassi on Jun 22, 2010 8:04 AM

    check this guide:
    http://help.sap.com/saphelp_nwpi711/helpdata/en/f7/c2953fc405330ee10000000a114084/frameset.htm

  • Using HTTP Services with SSL using Internet Explorer

    Hello,
    Basically what's happening is that the secure services aren't
    loading when I pull up the website when using Internet Explorer.
    The website works perfect in FireFox and Safari however nothing
    loads via the HTTP services when they use SSL. I've read over Lin
    Lin's article
    http://weblogs.macromedia.com/lin/archives/flex/security/index.cfm
    about using SSL with IE however I'm confused as how to implement
    the changes she mentions. She basically mentions a couple of the
    reasons why the httpServices wouldn't be able to load data in when
    connecting via SSL. I've read over the Adobe TechNote at
    http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=fdc7b5c&pss=rss_flashplayer_fdc7b5 c
    but this wasn't clear either.
    1. How do I change the server settings to have the correct
    header information?
    2. Can I change something in the Flex Compiler to allow for
    SSL and IE?
    This works perfect in FireFox and Safari and retrieves data
    with no problems. Any ideas, information would be appreciated.

    Hello,
    Basically what's happening is that the secure services aren't
    loading when I pull up the website when using Internet Explorer.
    The website works perfect in FireFox and Safari however nothing
    loads via the HTTP services when they use SSL. I've read over Lin
    Lin's article
    http://weblogs.macromedia.com/lin/archives/flex/security/index.cfm
    about using SSL with IE however I'm confused as how to implement
    the changes she mentions. She basically mentions a couple of the
    reasons why the httpServices wouldn't be able to load data in when
    connecting via SSL. I've read over the Adobe TechNote at
    http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=fdc7b5c&pss=rss_flashplayer_fdc7b5 c
    but this wasn't clear either.
    1. How do I change the server settings to have the correct
    header information?
    2. Can I change something in the Flex Compiler to allow for
    SSL and IE?
    This works perfect in FireFox and Safari and retrieves data
    with no problems. Any ideas, information would be appreciated.

  • HTTP redirection with Auth Plugin

    Hi Guys,
                 I am relatively new to the FMS World, so bear with me if this is a silly question.
    I have an external service which tells me that a particular stream for a customer cannot be allowed and I need to redirect the URL to some http:// page.
    This happens in the E_PLAY Event on the auth plugin. My question is, can the auth plugin redirect the entire page to another HTTP page? I know that with the auth plugin you can rewrite the stream name so that another stream is played, but not sure if it is capable of redirecting the entire page.
    If the auth plugin by cannot redirect by itself, will the serverside actionscript be able to do so? I can pass the http:// URL to the server side action script via the notify event.
    Please suggest the best way to do this. I am using FMS 3.0
    Thanks,
    AK

    That is odd. It worked for me. Can you paste your entries that are dealing with weblogic? This includes your <IfModule> tag.
    So, when you try to hit the url, you get a 404 from Apache?
    Eric
    "Laurent PAILLARD" <[email protected]> wrote in message news:[email protected]..
    Same problem. Apache still handles the request and does not proxy it.
    "Eric Gross" <[email protected]> a écrit dans le message news: 3c61876c$[email protected]..
    I hope you mean the Apache plugin and not the isapi plugin.
    Try this:
    <Location /*/servlets>
    SetHandler weblogic-handler
    </Location>
    Regards,
    Eric
    "Laurent PAILLARD" <[email protected]> wrote in message news:[email protected]..
    System :
    Solaris 8
    Weblogic 6.1 SP2
    Apache 1.3.19 with weblogic ISAPI plugin
    For performance purposes, we want to separate static content from our web application. We deploy a pipo.ear with a pipo.war file inside for Weblogic and we unjar the war file in a '/pipo' directory in the HTTP server document Root.
    To redirect JSP files there are no problems. The problems occur with servlets. We decided to register all our servlets in web.xml with a 'servlets/' prefixe so that Apache should redirect requests with it.
    All our HTTP requests became :
    http://www.myweb.com/pipo/servlets/myServlet
    The problem is that ISAPI plug-in never proxy servlet requests to Weblogic. It only works when '/servlets' prefixe is placed just behind the domain name such as http://www.myweb.com/servlets/* and never with http://www.myWeb.com/*/servlets/*.
    I hope it's just a problem of configuration with Apache. I've already tried :
    <Location */servlets*>
    SetHandler weblogic-handler
    </Location>
    but nothing changed. We don't have such problem with NSAPI plugin for iPlanet but as we must use Apache ...
    [att1.html]

  • CSM Http redirect

    Hello,
    Is it possible to configure the following redirect
    connections to www.mydomain.com/news/home.html
    redirected to
    www.anotherdomain.com/sorryserver/sorry.html
    I have read the doco on this but at the following url
    http://www.cisco.com/en/US/customer/products/hw/switches/ps708/module_installation_and_configuration_guides_chapter09186a008011c65f.html#wp1012610
    It says about the webhost relocation configuration
    "Only the beginning of the URL can be specified in the relocation string. The remaining portion is taken from the original HTTP request".
    What does that mean exactly?
    Thank you.

    look at this example
    http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00802877f6.shtml
    The %p feature is the PATH.
    So in your example %p = news/home.html
    But since you don't want to use it in your redirect, you don't need it.
    Just configure the full path in the webhost location.
    Regards,
    Gilles.

  • ICal publication on IIS Website with SSL

    Hi,
    Can i publish iCal calendars on IIS Webdav directory with SSL configuration on an other port than default 443 ???
    I try to publish on this server and this work for:
    - "http" site
    - "https" site with ssl port 443
    but no with "https" site with ssl port 445 for example.
    my publication url is "https://myserver.com:445/calendars/"
    Where is the problem???
    Thanks.

    Hi Parth,
    This forum discusses about web development including HTML, CSS and Script for Internet Explorer. So you post is off-topic here. I suggest you re-post a question to IIS forum for better support.
    http://forums.iis.net/
    Best regards,
    Shu
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • ACE - HTTPS redirection

    Hi,
    How to configure the ACE to redirect a https request to different url.
    For example
    Clients requesting https://www.mycompany.com shall be redirected to https://www1.mycompany.com.
    Please let me know.Thanks in Advance

    Hi Gilles,
    I am having the certificate and the key.
    Please check the config and confirm whether this looks fine or not.
    I am using GSS to resolve www.mycompany.com and www1.mycompany.com
    probe http Server1
    interval 15
    passdetect interval 60
    request method head url /keepAlive.html
    expect status 200 202
    open 10
    parameter-map type ssl PARAMMAP_SSL_TERMINATION
    cipher RSA_WITH_3DES_EDE_CBC_SHA
    cipher RSA_WITH_AES_128_CBC_SHA priority 2
    cipher RSA_WITH_AES_256_CBC_SHA priority 3
    rserver redirect HTTPS-REDIRECT
    conn-limit max 4000000 min 4000000
    webhost-redirection https://www1.mycompany.com.au 301
    inservice
    serverfarm host SFARM_HTTPS
    rserver Server1_http 80
    inservice
    serverfarm redirect https-redirect
    rserver HTTPS-REDIRECT
    inservice
    ssl-proxy service SSL_PSERVICE
    key MYKEY.PEM
    cert ACE-SP2.CER
    ssl advanced-options PARAMMAP_SSL_TERMINATION
    class-map type http loadbalance match-any HTTPS1
    2 match http header Host header-value "www[.]mycompany[.]com"
    class-map type http loadbalance match-any HTTPS2
    2 match http header Host header-value "www1[.]mycompany[.]com"
    policy-map type loadbalance first-match HTTPS
    class HTTPS1
    serverfarm https-redirect
    class HTTP2
    serverfarm SFARM_HTTPS
    class class-default
    serverfarm SFARM_HTTPS
    policy-map multi-match HTTPS-PM
    class HTTPS-RED
    loadbalance vip inservice
    loadbalance policy HTTPS
    loadbalance vip icmp-reply active
    ssl-proxy server SSL_PSERVICE
    Also let me know know if there is any another way to configure the redirection other than matching host header.
    Thanks in Advance

  • HTTPS Keepalive with the CSM & SSL Module

    Has anyone had any success getting a secured web page for a keepalive using the CSM with and SSL module. If so can post an example?
    Thank you,
    Dave

    Hi David,
    Here find some full config example for your perusal for CSM and SSL Services Module Initial Configuration Example
    http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a0080216c16.shtml
    2nd config example to Configuring CSM to Load Balance SSL to a Farm of SCAs for One-Armed Proxy Mode
    http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00801aca55.shtml
    Sachin garg

  • Crystal Reports export and print fails with SSL / https but works with http

    Windows 2008 Server, 32-bit (IIS7)
    ASP.NET 2.0
    Ajax 1.0
    Crystal Reports version 10.5.3700.0
    http:  printing works, export works
    https:  printing not working, only export to MS Excel and MS Word work.
    I am able to generate reports using both http and https, and the toolbar icons are all showing.  However, I am unable to print or export properly with SSL.
    Printing prompts me with a select printer window, and then a window 'Retrieving Page 1' follow by two messages from Crystal Print Control both stating:
    A communication error occured.  Printing will be stopped.
    Exporting generates various errors depending on which export method is being selected (however Excel and Word work over https).
    I've found the same problem on this site and other forums, but never a resolution to get exporting and printing to work with SSL.  Will someone please provide me assistance or possibly relay what settings they're using if they have Crystal Reports export or printing working over SSL in IIS7?  Everything works fine when I change the address from https to http.
    Please let me know if I can help by providing further information.  We've gone through a great deal of possible solutions with code and I'm currently looking in to IIS settings again.
    Thank you.

    Thanks Ludek. I got it by searching KB number.
    Unfortunately, it didn’t fix my problem even my IE (IE8 and IE 9) has correct setting.  I double check my version. PrintControl.CAB is version 10.2.0.1146. we use VS 2005 Crystal report and VB .NET. It works fine on HTTP. But when we use HTTPS (SSL Certificate from go daddy).
    1: Crystal report export
                Export to MS Excel, Word: pop us “File download”, then click “Save”. It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
                Export to RPt, Rich text format: It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
                Export to PDF : nothing happened.
    2: Print:
                Pop up dialog to select printer, click “Print” “. Shows windows “Crystal Report Viewer” and pop us error message box. Title is “Crystal Print Control”. Message is “An communication error occurred. Printing will be stopped”. Click “OK” and pop up error message box again.
    Please advise.
    Thank you very much!

  • TS1702 I purchased 2 packages of gems for skylanders and only received 1 package. Got email receipts and tried to report problem on ipad2 and it keeps coming up with to many https redirects. Can anyone help? Just want my gems :).

    I purchased 2 packages of gems for skylanders and only received 1 package. Got email receipts and tried to report problem with link in email on my ipad2 and it keeps coming up with to many https redirects. Can anyone help? Just want my gems :).

    Contact iTunes Customer Service and request assistance
    Use this Link  >  Apple  Support  iTunes Store  Contact

  • Error in scenario "FILE to HTTP(with SSL)" - HTTP client code 110 reason.

    Hi friends,
    Our scenario is as follows:
    We are trying to send XML file from our SAP-XI to external tool "COMMunix XC" (a multi-protocol EDI platform tool).
    We have configured " FILE TO HTTP(with SSL)" scenario (trying to connect HTTPS/port)
    1. We have created RFC destination of type G and refered the same RFC in Communication channel (Adapter type: HTTP)
    2. We have send the SSL Server certificate to other party and ensure that they have imported at thier end.
    3. We have included the certificates from other party in our SAP XI STRUST under SSL Client (Standard) node.
    4. We have tried " CONNECTION TEST " in the RFC destination created in type G (in STEP 1) and it shows the GREEN TICK at bottom, no other message nor any error message
    When we trigger the communication we recieve the error: HTTP client code 110 reason in SXMB_MONI.
    Please let us know if we have missed out some step.
    What does error message indicate,
    Regards,
    Rehan

    Hi Rehan,
    I see that the PROCTIMEOUT was already at a very high value.
    Does this occur for messages of a particularly large size?  If yes, you could increase the parameter
       icm/HTTP/max_request_size_KB = 2097152
    This would need to be done in the sender/receiver system as well as XI.
    Otherwise you could try reproducing the issue and checking the dev_icm log in the work directory, or go to SMICM -> Goto -> Display trace file
    check for errors like NIECONN_REFUSED or "no service for protocol HTTPS" which can often be related to this type of issue.
    Kind regards,
    Sarah

  • WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS

    Hi,
    I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http. 
    When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl. 
    What change should I make so that WSDL url will have https instead of http ? 
    This is service side configuration.
    <system.serviceModel>
        <services>
          <service name="Service.IService">
            <endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
          </service>
        </services>
        <bindings>
          <basicHttpBinding />
        </bindings>
        <client />
        <behaviors>
          <serviceBehaviors>
            <behavior>
              <serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
              <serviceMetadata httpGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
      </system.serviceModel>
    Thanks in advance !!

    Hi,
    For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
    <behaviors>
    <serviceBehaviors>
    <behavior
    name="MyServiceTypeBehaviors"
    >
    <serviceMetadata
    httpGetEnabled="true"
    />
         </behavior>
    </serviceBehaviors>
    </behaviors>
    For more information, you could refer to:
    http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
    http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
    Regards

Maybe you are looking for