CSM HTTP Redirect with SSL
Problem we are having:
A client opens an HTTPS connection to a CSM with SSL offload to SSL module. The decrypted clear HTTP request hits the IIS server and is redirected (301).
The client gets an HTTP redirect and not an HTTPS redirect.
The reason for the 301 redirect is the IIS server does not have a physical resource but rather a virtual directory so it issues a 301 and adds a /. eg https://www.cisco.com/tech is redirected to https://www.cisco.com/tech/ in a working situation.
look for the urlrewrite command in order to change HTTP into HTTPS.
Regards,
Gilles.
Similar Messages
-
HTTP Redirect with Global Load Balancing
I've seen a lot of documentation about redirects and what I am trying to do seems simple enough yet I can't get it to work. Here is a summary:
We have two CSSs in different data centers with load balancing in a roundrobin fashion.
User types www.test.com:9086/test.html
User hits one of the CSSes configured to respond to www.test.com, CSS1 and CSS2.
If CSS1 gets the request, it should redirect request to server1:9086/test.html
If CSS2 gets the request, it should redirect request to server2:9086/test.html
Here is a sample of one of the CSSes:
content vTEST
dnsbalance roundrobin
add dns www.test.com
url "/*"
protocol tcp
port 9086
vip address 192.168.3.135
add service rTEST
active
service rTEST
protocol tcp
port 9086
type redirect
keepalive type none
ip address 2.2.2.2
redirect-string "server1:9086/test.html"
active
I've seen a lot of example of using HTTP Redirects, but none of them touch on using global load balancing as we are trying to accomplish.
Now, if I type in a browser:
http://www.test.com:9086/test.html
it fails. Why? because the CSS returns back an IP of 2.2.2.2 for www.test.com, which isn't a real IP address (this is by design). If I type:
http://192.168.3.135:9086/test.html
it works because it successfully redirects to:
http://server1:9086/test.html
because it is going directly against the VIP and redirecting as it should.
So the redirect function we know is working on the CSS as expected. However, the problem is this:
When I ping www.test.com I should get back the VIP address of the content rule (192.168.3.135) and I do UNTIL I ADD THE REDIRECT TYPE to the service. Once I do that if I ping www.test.com I will get back 2.2.2.2. Somehow once the redirect is added the IP address of the service (2.2.2.2) is returned instead of the content VIP (192.168.3.135). That shouldn't happen.
I hope this makes sense and any help would be greatly appreciated!!!I think what you want to do is explained at :
http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a0080094068.shtml
For your information, you should also look at this solution :
http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a00801dcd75.shtml
Regards,
Gilles. -
CSM HTTP Probes with Method GET
Hello.
How does the HTTP Probe with Method GET work on CSM and what is the difference with CSS?
CSS calculates the HASH of the web page it receives as a first answer and considers that as a REFERENCE HASH, to compare with subsequent answers. Is the behaviour of the CSM the same?
In the CSS it is also possible to insert the HASH in the configuration as a reference HASH. I did not find such a command on the CSM. Is that feature not present on CSM?
Thanks.the CSM just looks for the response code.
No hash or anything similar to the CSS.
Regards,
Gilles. -
CSM 302 redirection with domain change
running CSM-S with 2.2.(5)....I need to do the following on the same vserver:
==========================================================
Point 2) and point 3) should take precedence on point 1)
1) URL /*
From http://mysites.ams.pippo.com
to http://mysite-ams.pippo.com
2) URL /personal/%p
from:
http://mysites.ams.pippo.com/personal/[SAMAccoutnName]
to:
http://mysite-ams.pippo.com/personal/pippo_[SAMAccoutnName]
3) URL variable2/personal/%p
from:
http://mysites.ams.pippo.com/variable2/personal/variable1
to:
http://mysite-ams.pippo.com/variable2/personal/pippo_variable1
is this the right config? can we do a webex?
map URL-ANY url
match protocol http url /*
map URL-SHARPT-P2 url
match protocol http url /personal/%p
map URL-SHARPT-P3 url
match protocol http url mysites.%2/personal/%1
policy SHARPT-PROD-RD1
url-map URL-ANY
serverfarm SHARPT-PROD-RD1
serverfarm SHARPT-PROD-RD1
nat server
no nat client
redirect-vserver SHARPT_PROD-RD
webhost relocation http://mysite-ams.pippo.com/%p
inservice
policy SHARPT-PROD-RD2
url-map URL-SHARPT-P2
serverfarm SHARPT-PROD-RD2
serverfarm SHARPT-PROD-RD2
nat server
no nat client
redirect-vserver SHARPT_PROD-RD2
webhost relocation http://mysite-ams%2/personal/pippo_%1
inservice
policy SHARPT-PROD-RD3
url-map URL-SHARPT-P3
serverfarm SHARPT-PROD-RD3
serverfarm SHARPT-PROD-RD3
nat server
no nat client
redirect-vserver SHARPT_PROD-RD3
webhost relocation http://mysite-%2/personal/pippo_%1
inservice
vserver SHARPT-PROD
parse-length 4000
slb-policy SHARPT-PROD-RD1
slb-policy SHARPT-PROD-RD2
slb-policy SHARPT-PROD-RD3Hi,
I'm afraid that what you are trying to achieve is not possible on the CSM. You cannot configure regex-based redirection.
The maximum you would be able to achieve is changing "http://mysites.ams.pippo.com" into "http://mysite-ams.pippo.com"
For the kind of rediretion you require, you would need to move to ACE.
I wish I could give you a more satisfactory answer
Regards
Daniel -
RFC To HTTP Synchronous with SSL Encryption
Hallo
I have a Scenario RFC --> XI ---> HTTP with responce coming back from HTTP to xi and then in turn will go back to SAP Synchronously.
so it is like : RFC to XI and then To HTTP application at BANK partner
I know the basic steps of how to import the RFC and how to create the Data Type for HTTP request and response and doing interface mapping for request message and response message.
but my case is more complex because before i send the message to the web application over HTTP i need to encrypt the message and communicate with the web application of the bank, so i wonder how can we implement SSL to handshake with the bank successfully and how to encrypt the xml before i send the message to the bank ????
also one more interesting question is : when i send the xml file to the bank over HTTPs i have to pass only the encrypted part of the xml file as an arugment of the http body...so what does that mean and how can i send data as an argument inside the HTTP request ??
please help me out guys and thanks in advance
Edited by: Tarek Atassi on Jun 22, 2010 8:04 AMcheck this guide:
http://help.sap.com/saphelp_nwpi711/helpdata/en/f7/c2953fc405330ee10000000a114084/frameset.htm -
Using HTTP Services with SSL using Internet Explorer
Hello,
Basically what's happening is that the secure services aren't
loading when I pull up the website when using Internet Explorer.
The website works perfect in FireFox and Safari however nothing
loads via the HTTP services when they use SSL. I've read over Lin
Lin's article
http://weblogs.macromedia.com/lin/archives/flex/security/index.cfm
about using SSL with IE however I'm confused as how to implement
the changes she mentions. She basically mentions a couple of the
reasons why the httpServices wouldn't be able to load data in when
connecting via SSL. I've read over the Adobe TechNote at
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=fdc7b5c&pss=rss_flashplayer_fdc7b5 c
but this wasn't clear either.
1. How do I change the server settings to have the correct
header information?
2. Can I change something in the Flex Compiler to allow for
SSL and IE?
This works perfect in FireFox and Safari and retrieves data
with no problems. Any ideas, information would be appreciated.Hello,
Basically what's happening is that the secure services aren't
loading when I pull up the website when using Internet Explorer.
The website works perfect in FireFox and Safari however nothing
loads via the HTTP services when they use SSL. I've read over Lin
Lin's article
http://weblogs.macromedia.com/lin/archives/flex/security/index.cfm
about using SSL with IE however I'm confused as how to implement
the changes she mentions. She basically mentions a couple of the
reasons why the httpServices wouldn't be able to load data in when
connecting via SSL. I've read over the Adobe TechNote at
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=fdc7b5c&pss=rss_flashplayer_fdc7b5 c
but this wasn't clear either.
1. How do I change the server settings to have the correct
header information?
2. Can I change something in the Flex Compiler to allow for
SSL and IE?
This works perfect in FireFox and Safari and retrieves data
with no problems. Any ideas, information would be appreciated. -
HTTP redirection with Auth Plugin
Hi Guys,
I am relatively new to the FMS World, so bear with me if this is a silly question.
I have an external service which tells me that a particular stream for a customer cannot be allowed and I need to redirect the URL to some http:// page.
This happens in the E_PLAY Event on the auth plugin. My question is, can the auth plugin redirect the entire page to another HTTP page? I know that with the auth plugin you can rewrite the stream name so that another stream is played, but not sure if it is capable of redirecting the entire page.
If the auth plugin by cannot redirect by itself, will the serverside actionscript be able to do so? I can pass the http:// URL to the server side action script via the notify event.
Please suggest the best way to do this. I am using FMS 3.0
Thanks,
AKThat is odd. It worked for me. Can you paste your entries that are dealing with weblogic? This includes your <IfModule> tag.
So, when you try to hit the url, you get a 404 from Apache?
Eric
"Laurent PAILLARD" <[email protected]> wrote in message news:[email protected]..
Same problem. Apache still handles the request and does not proxy it.
"Eric Gross" <[email protected]> a écrit dans le message news: 3c61876c$[email protected]..
I hope you mean the Apache plugin and not the isapi plugin.
Try this:
<Location /*/servlets>
SetHandler weblogic-handler
</Location>
Regards,
Eric
"Laurent PAILLARD" <[email protected]> wrote in message news:[email protected]..
System :
Solaris 8
Weblogic 6.1 SP2
Apache 1.3.19 with weblogic ISAPI plugin
For performance purposes, we want to separate static content from our web application. We deploy a pipo.ear with a pipo.war file inside for Weblogic and we unjar the war file in a '/pipo' directory in the HTTP server document Root.
To redirect JSP files there are no problems. The problems occur with servlets. We decided to register all our servlets in web.xml with a 'servlets/' prefixe so that Apache should redirect requests with it.
All our HTTP requests became :
http://www.myweb.com/pipo/servlets/myServlet
The problem is that ISAPI plug-in never proxy servlet requests to Weblogic. It only works when '/servlets' prefixe is placed just behind the domain name such as http://www.myweb.com/servlets/* and never with http://www.myWeb.com/*/servlets/*.
I hope it's just a problem of configuration with Apache. I've already tried :
<Location */servlets*>
SetHandler weblogic-handler
</Location>
but nothing changed. We don't have such problem with NSAPI plugin for iPlanet but as we must use Apache ...
[att1.html] -
Hello,
Is it possible to configure the following redirect
connections to www.mydomain.com/news/home.html
redirected to
www.anotherdomain.com/sorryserver/sorry.html
I have read the doco on this but at the following url
http://www.cisco.com/en/US/customer/products/hw/switches/ps708/module_installation_and_configuration_guides_chapter09186a008011c65f.html#wp1012610
It says about the webhost relocation configuration
"Only the beginning of the URL can be specified in the relocation string. The remaining portion is taken from the original HTTP request".
What does that mean exactly?
Thank you.look at this example
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00802877f6.shtml
The %p feature is the PATH.
So in your example %p = news/home.html
But since you don't want to use it in your redirect, you don't need it.
Just configure the full path in the webhost location.
Regards,
Gilles. -
ICal publication on IIS Website with SSL
Hi,
Can i publish iCal calendars on IIS Webdav directory with SSL configuration on an other port than default 443 ???
I try to publish on this server and this work for:
- "http" site
- "https" site with ssl port 443
but no with "https" site with ssl port 445 for example.
my publication url is "https://myserver.com:445/calendars/"
Where is the problem???
Thanks.Hi Parth,
This forum discusses about web development including HTML, CSS and Script for Internet Explorer. So you post is off-topic here. I suggest you re-post a question to IIS forum for better support.
http://forums.iis.net/
Best regards,
Shu
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Hi,
How to configure the ACE to redirect a https request to different url.
For example
Clients requesting https://www.mycompany.com shall be redirected to https://www1.mycompany.com.
Please let me know.Thanks in AdvanceHi Gilles,
I am having the certificate and the key.
Please check the config and confirm whether this looks fine or not.
I am using GSS to resolve www.mycompany.com and www1.mycompany.com
probe http Server1
interval 15
passdetect interval 60
request method head url /keepAlive.html
expect status 200 202
open 10
parameter-map type ssl PARAMMAP_SSL_TERMINATION
cipher RSA_WITH_3DES_EDE_CBC_SHA
cipher RSA_WITH_AES_128_CBC_SHA priority 2
cipher RSA_WITH_AES_256_CBC_SHA priority 3
rserver redirect HTTPS-REDIRECT
conn-limit max 4000000 min 4000000
webhost-redirection https://www1.mycompany.com.au 301
inservice
serverfarm host SFARM_HTTPS
rserver Server1_http 80
inservice
serverfarm redirect https-redirect
rserver HTTPS-REDIRECT
inservice
ssl-proxy service SSL_PSERVICE
key MYKEY.PEM
cert ACE-SP2.CER
ssl advanced-options PARAMMAP_SSL_TERMINATION
class-map type http loadbalance match-any HTTPS1
2 match http header Host header-value "www[.]mycompany[.]com"
class-map type http loadbalance match-any HTTPS2
2 match http header Host header-value "www1[.]mycompany[.]com"
policy-map type loadbalance first-match HTTPS
class HTTPS1
serverfarm https-redirect
class HTTP2
serverfarm SFARM_HTTPS
class class-default
serverfarm SFARM_HTTPS
policy-map multi-match HTTPS-PM
class HTTPS-RED
loadbalance vip inservice
loadbalance policy HTTPS
loadbalance vip icmp-reply active
ssl-proxy server SSL_PSERVICE
Also let me know know if there is any another way to configure the redirection other than matching host header.
Thanks in Advance -
HTTPS Keepalive with the CSM & SSL Module
Has anyone had any success getting a secured web page for a keepalive using the CSM with and SSL module. If so can post an example?
Thank you,
DaveHi David,
Here find some full config example for your perusal for CSM and SSL Services Module Initial Configuration Example
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a0080216c16.shtml
2nd config example to Configuring CSM to Load Balance SSL to a Farm of SCAs for One-Armed Proxy Mode
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00801aca55.shtml
Sachin garg -
Crystal Reports export and print fails with SSL / https but works with http
Windows 2008 Server, 32-bit (IIS7)
ASP.NET 2.0
Ajax 1.0
Crystal Reports version 10.5.3700.0
http: printing works, export works
https: printing not working, only export to MS Excel and MS Word work.
I am able to generate reports using both http and https, and the toolbar icons are all showing. However, I am unable to print or export properly with SSL.
Printing prompts me with a select printer window, and then a window 'Retrieving Page 1' follow by two messages from Crystal Print Control both stating:
A communication error occured. Printing will be stopped.
Exporting generates various errors depending on which export method is being selected (however Excel and Word work over https).
I've found the same problem on this site and other forums, but never a resolution to get exporting and printing to work with SSL. Will someone please provide me assistance or possibly relay what settings they're using if they have Crystal Reports export or printing working over SSL in IIS7? Everything works fine when I change the address from https to http.
Please let me know if I can help by providing further information. We've gone through a great deal of possible solutions with code and I'm currently looking in to IIS settings again.
Thank you.Thanks Ludek. I got it by searching KB number.
Unfortunately, it didn’t fix my problem even my IE (IE8 and IE 9) has correct setting. I double check my version. PrintControl.CAB is version 10.2.0.1146. we use VS 2005 Crystal report and VB .NET. It works fine on HTTP. But when we use HTTPS (SSL Certificate from go daddy).
1: Crystal report export
Export to MS Excel, Word: pop us “File download”, then click “Save”. It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
Export to RPt, Rich text format: It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
Export to PDF : nothing happened.
2: Print:
Pop up dialog to select printer, click “Print” “. Shows windows “Crystal Report Viewer” and pop us error message box. Title is “Crystal Print Control”. Message is “An communication error occurred. Printing will be stopped”. Click “OK” and pop up error message box again.
Please advise.
Thank you very much! -
I purchased 2 packages of gems for skylanders and only received 1 package. Got email receipts and tried to report problem with link in email on my ipad2 and it keeps coming up with to many https redirects. Can anyone help? Just want my gems :).
Contact iTunes Customer Service and request assistance
Use this Link > Apple Support iTunes Store Contact -
Error in scenario "FILE to HTTP(with SSL)" - HTTP client code 110 reason.
Hi friends,
Our scenario is as follows:
We are trying to send XML file from our SAP-XI to external tool "COMMunix XC" (a multi-protocol EDI platform tool).
We have configured " FILE TO HTTP(with SSL)" scenario (trying to connect HTTPS/port)
1. We have created RFC destination of type G and refered the same RFC in Communication channel (Adapter type: HTTP)
2. We have send the SSL Server certificate to other party and ensure that they have imported at thier end.
3. We have included the certificates from other party in our SAP XI STRUST under SSL Client (Standard) node.
4. We have tried " CONNECTION TEST " in the RFC destination created in type G (in STEP 1) and it shows the GREEN TICK at bottom, no other message nor any error message
When we trigger the communication we recieve the error: HTTP client code 110 reason in SXMB_MONI.
Please let us know if we have missed out some step.
What does error message indicate,
Regards,
RehanHi Rehan,
I see that the PROCTIMEOUT was already at a very high value.
Does this occur for messages of a particularly large size? If yes, you could increase the parameter
icm/HTTP/max_request_size_KB = 2097152
This would need to be done in the sender/receiver system as well as XI.
Otherwise you could try reproducing the issue and checking the dev_icm log in the work directory, or go to SMICM -> Goto -> Display trace file
check for errors like NIECONN_REFUSED or "no service for protocol HTTPS" which can often be related to this type of issue.
Kind regards,
Sarah -
WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS
Hi,
I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http.
When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl.
What change should I make so that WSDL url will have https instead of http ?
This is service side configuration.
<system.serviceModel>
<services>
<service name="Service.IService">
<endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
</service>
</services>
<bindings>
<basicHttpBinding />
</bindings>
<client />
<behaviors>
<serviceBehaviors>
<behavior>
<serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Thanks in advance !!Hi,
For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
<behaviors>
<serviceBehaviors>
<behavior
name="MyServiceTypeBehaviors"
>
<serviceMetadata
httpGetEnabled="true"
/>
</behavior>
</serviceBehaviors>
</behaviors>
For more information, you could refer to:
http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
Regards
Maybe you are looking for
-
up to now I had no problem when editing photos with photoshop elements 9. Due to an unknown reason/event the colours displayed , now, are not correct : it looks like the gama adjustment has been changed and the photo rendition is uncorrect. If I di
-
Form spread over several pages. How?
I have a large table that I would like to use buttons to navigate to subsets of fields. Here is a link to a sample app. http://apex.oracle.com/pls/otn/f?p=29570 When I click the edit or add create new item button, it takes me to the form with only a
-
Internal table - move record to first record in table
How can a move a record already in an internal table to the first record in the table? There is no appropriate sort that would make it the first record.
-
I have Google as my default home page in Firefox and the Google browser opens when I start Firefox, but every time I open a new tab it opens the Yahoo browser.
-
Because chargers for MacBook Pro's are going whack...
Well, my charger for my 2010 MacBook Pro (15 inch) is broken. I'm trying to order a new charger online but I need to use my warrenty. Apple won't let me purchase online for free or anything and I haven't the slighest idea how to get a new charger...