Filter incomming HTTPS traffing based on destination URL

Similar Messages

• HTTP Redirect based upon SRC IP Address

  Is there a way to perform an http redirect based upon user's source IP address on the CSM/GSS environment?
  Logic:
  IF < src ip address is within exception list > THEN
  http redirect to URL2
  ELSE
  http to URL1
  END

  Is there a version of this solution (redirect by client source IP) for the CSS?
  I'm attempting to redirect clients from a few specific networks (source IP's) to the VIP of a second CSS using a service-type redirect and "prefer " ACL commands:
  clause 10 permit any 1.1.1.0 255.255.252.0 destination content owner/content-rule prefer service-type-redirect
  There is an "any any destination any" last clause in the ACL for the remaining source IPs. The ACL is applied to the incoming circuits leading to the webservers.
  A show of the ACL's shows all responses - no matter the client source IP - being caught by the permit any clause at the end of the ACL.
  Extra points: this is a one-arm design with source group destination applied (to return server traffic to the CSS) and traffic is https with SSL terminating at the servers (no SSL module). Content rules are set to be sticky for srcip. Both CSSs are answering content-based DNS queries for the same URL with their local VIP address (but controlling which DNS server clients query isn't readily possible, so static proximity using DNS didn't provide the answer).
  Each CSS is in a different data center: the idea is to keep traffic local by redirecting non-local traffic to its "local" (the other) CSS if services are active (and to keep traffic on the first CSS if the services at the redirected-to CSS are down).
  Don't want too much, do I? ;-)
  Thanks for everyone's time -
  -K.

• Content file download failed. Reason: HTTP status 404: The requested URL does not exist on the server.

  Hi,
  I am getting this error in most of our WSUS servers.
  Content file download failed.
  Reason: HTTP status 404: The requested URL does not exist on the server.
  Source File: /Content/FB/134501186F4C81089054E4EC3376E74EEC895EFB.exe 
  Destination File: d:\wsus\WsusContent\FB\134501186F4C81089054E4EC3376E74EEC895EFB.exe
   After few minutes, getting below error as well. But i could see the synchronization has completed successfully.
  Log Name:      Application
  Source:        Windows Server Update Services
  Date:          12/19/2014 4:45:55 PM
  Event ID:      10032
  Task Category: 7
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      ******
  Description:
  The server is failing to download some updates.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Windows Server Update Services" />
      <EventID Qualifiers="0">10032</EventID>
      <Level>2</Level>
      <Task>7</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-12-19T08:45:55.000000000Z" />
      <EventRecordID>496887</EventRecordID>
      <Channel>Application</Channel>
      <Computer>*****</Computer>
       <Data>The server is failing to download some updates.</Data>
  This error is happening everyday. Please advise for a fix.

  Reason: HTTP status 404: The requested URL does not exist on the server.
  Source File: /Content/FB/134501186F4C81089054E4EC3376E74EEC895EFB.exe 
  Destination File: d:\wsus\WsusContent\FB\134501186F4C81089054E4EC3376E74EEC895EFB.exe
  Source:        Windows Server Update Services
  Description:
  The server is failing to download some updates.
  This error is happening everyday. Please advise for a fix.
  If this is happening on an UPSTREAM server it is because you have approved updates that are no longer available from Microsoft. Almost always this involves approvals of *EXPIRED* updates (which have been pulled from the catalog and cannot be downloaded).
  If this is happening on a DOWNSTREAM server it's because something/someone deleted the files from the upstream server. It can also happen if the entire upstream ~\WSUSContent folder has gone amuk.
  For an upstream server, find the expired updates, remove the approvals, cancel the downloads, and then decline the updates.
  For a downstream server, figure out what the affected updates are and fix the upstream server.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Configuring the Destination URL for the Adobe Document Services

  hi all,
  I am going through the documentation for "Configuring the Destination URL for the Adobe Document Services " at :
  http://help.sap.com/saphelp_nw2004s/helpdata/en/02/560f41ca73d349e10000000a1550b0/frameset.htm
  I am not able to understand 7th step
  <b>7.      Define the user name and password. To find out how to create the user name and password for the Adobe document services, see Creating a User for Basic Authentication in the document Adobe Document Services – Configuration Guide. You can find this guide in the SAP Service Marketplace under Quick Link /InstguidesNW04.</b>
  In our scenario
  <i>We are running NW04s SP11 on 2 machines
  1) <u>32-bit machine with ADS and credentials properly configured on Web AS for Java installation</u>
  <b>com.adobe  AdobeDocumentServices  null (710.20061024154505.342190)
  com.adobe  AdobeDocumentServicesEjbClientLibrary  null (705.20060407121920.289077)
  sap.com  SAP-JEE  7.00 SP11 (1000.7.00.11.0.20070201154700) 
  sap.com  SAP-JEECOR  7.00 SP11 (1000.7.00.11.0.20070201154700)
  com.adobe  DocumentServicesBinaries2  null (710.20060629085312.115621) 
  com.adobe  DocumentServicesConfiguration  null (710.20061024154505.342190) 
  com.adobe  DocumentServicesDestProtoService  null (710.20060821084105.325745) 
  com.adobe  DocumentServicesLibrary  null (710.20060629090137.115621) 
  com.adobe  DocumentServicesLicenseDatabase  null (705.20051005114147.242570) 
  com.adobe  DocumentServicesLicenseManager  null (710.20060929113452.336248) 
  com.adobe  DocumentServicesLicenseService  null (710.20060929113452.336248) 
  com.adobe  DocumentServicesLicenseSupportService  null (710.20060929113641.336248)
  </b>
  2) <u>64-bit machine with portal installation on Web AS for Java, with ESS and MSS</u>
  <b>sap.com/SAP-JEECOR  7.00 SP11 (1000.7.00.11.0.20070201154700)  20070308153304 
  sap.com/SAP-JEE  7.00 SP11 (1000.7.00.11.0.20070201154700)  20070308153213 
  sap.com  SAP_ESS  600 SP7 (1000.600.0.7.12.20070314050106)
  sap.com  SAP_MSS  600 SP7 (1000.600.0.7.4.20070321052655)
  sap.com  tc/wd/webdynpro  null (7.0009.20060804145649.0000) </b>
  </i>
  Why do we have to create a new user for the server which is consuming the web service? We already have an user "ADSUser" defined for the Web AS server which has ADS services deployed.
  I have opened this thread to solve the previous unanswered question I posted on SDN Empty area in place of Interactive form. .
  One more thing the adobe print forms of ESS [Total Compensation Statement and Salary Statement] are rendering properly, only the ones with Interactive ability or not.
  thanks,
  Sanketh

  Hello Sanketh,
  1. To access the NW04s configuration guide,
      - Go to https://service.sap.com/adobe
      - On the left frame (tree), under Adobe > Media Library > Documentation
      - On the right had pane you will find the link to the NW04s Configuration guide
  2. The link that you have mentioned below details the steps required to be carried out on the client machine that consumes the Adobe Document Services. In our case that is the j2ee engine on which your Web Dynpro application is running. It could be the same physical machine with two different j2ee instances hosting Web Dynpro and ADS or it could be two different physical machine or a single machine having a single instance of j2ee engine hosting both the Web Dynpro and the ADS.
  You do not have to create a separate username and a password on the consuming machine but you need to configure the Web Service client proxy to point to the ADS (maybe hosted on a different machine) with the username and the password created on the ADS server. As you have mentioned, you have already created such an user on the ADS (ADSUser). This user authentication on the client machine (consuming server - Web Dynpro) would be required at the runtime by the j2ee engine to authenticate itself with the ADS.
  Best Regards,
  Krish

• No destination URL is defined. Use the followind redirect URL in Transactio

  Hi,
  I am new BSP, I have to display logon screen in my BSP application, i was copied SYSTEM bsp application and tried to run it, but it is throwing error "No destination URL is defined. Use the followind redirect URL in Transaction SICF:  /sap(====)/public/bsp/sap/login/default.htm?sap-url= " . Please let us know what has to be done for the same
  Message was edited by:
          Rams BSP

  Hi Rams,
  see http://help.sap.com/saphelp_47x200/helpdata/en/33/8351f1f3351c41853ea3508cbef0cf/frameset.htm
  and
  http://help.sap.com/saphelp_47x200/helpdata/en/1d/13c73cee4fb55be10000000a114084/frameset.htm
  It sounds like you have not configured the redirect correctly in the ICF.
  Cheers
  Graham

• HTTP redirect based on client IP

  Hello,
  Is anyone aware of a method to redirect an HTTP request based on the Client IP using ICM/Web Dispatcher?
  The "icm/HTTP/redirect_" parameter doesn't appear to allow you to use the client IP as a criteria for the redirect, and I have not been able to find any other indication of how this might be accomplished on SMP, SDN, or Online Help.
  The goal of this is to perform a protocol switch and redirect all HTTP requests from a specific IP range to HTTPS.
  thanks!
  John

  Just a thought:
  Have two instances of Web Dispatcher, listening on different ports.
  Split incoming connections to different ports, whichever way is available:
  1. Ask you network team to forward request from one subnet to one port and another subnet to another port.
  2. On Windows server use RRAS
  3. On any server use software routing;
  4. Setup routing appliance before the server.
  Not too elegant, but should work...
  Regards,
  Slava

• SAP Web dispatcher not forwarding incoming HTTP portal sessions.

  Hello,
  We are using an EP6 Portal from which Abap Web dynpros are launched. The incoming http sessions were accessing our backend ECC6 SAP system through the sap server message . The http sessions were badly dispatched between the two abap servers. We have been advised by SAP to use the sap web dispatcher instead.
  The sap web dispatcher has been correctly installed and configured (on the central abap instance ).
  I have carefully read the SAP help section concerning the server selection using the sap web dispatcher :
  http://help.sap.com/saphelp_nw04s/helpdata/en/5f/7a343cd46acc68e10000000a114084/frameset.htm
  All our settings seem to be OK :
  The incoming HTTP requests are forwarded to abap servers only.
  *In transaction SICF, all the services under the tree
  sap/public/icf_info have been assigned to the same logon group .
  The capacity of the two servers included in the logon
  group " is the same :
  server40 LB=12
  server60 LB=12
  In the Web interface, capacity equal "1" for the two servers.
  wdisp/load_balancing_strategy=  weighted_round_robin
  In the SAP web interface, the prefered server is ALWAYS the same :
  Status of Server Group "LOADIS"
  Loadbalancing Information
  Number of Servers in this group 2
  Last used Server
  Preferred next Server server40_SPA_10
  But it seems that the sap web dispatcher is not used at ALL.
  The Load distribution is still based on the SMLG workload as it was the case, before, with the sap message server. The information displayed in the web interface (preferred server) is wrong.
  The Preferred next Server is ALWAYS server40_SPA_10 (shown in the web interface), but, in fact, the http sessions are distributed between the two servers server60_SPA_00 and server40_SPA_10 depending on the server quality diplayed in transaction smlg. It was exactly the same behaviour we had before, only with the sap server message .
  Any useful help would be highly appreciated.
  Best Regards.

  Hi,
  firstly, have you checked note 1094342? What variant do you want to use? Do you terminate a SSL connection on web dispatcher and create a new one between web dispatcher and application server? It looks like the web dispatcher can't verify SSL certificate used by application server. Maybe you've already tried this but you can try to turn off SSL between dispatcher and application server. If this setup works then problem is in SSL connection. You can check what host name is used in SSL certificate and what host name is used by dispatcher. You can use parameter wdisp/ssl_certhost which sets host name which will be used for certificate validation.
  Cheers

• Prioritize traffic based on destination IP?

  Hi all, we're looking to use an ASA5505 or 5510 as our firewall but want to see if one of them can help us prioritize traffic. I know it does QoS but we're wanting to dedicate x amount of our bandwidth to traffic based on destination IP address. Is that possible and does it take a license upgrade?
  Thanks!

  Jerry, i would try something like in the second config example I mentioned. keep in mind, if ISP doesn't support marking packets, it may be hard to QoS inbound. if you assign the VOIP traffic high priority, it should go out interface first during congestion. Don't need to dedicate a certain amount of bandwidth in any way. Make sure in the design to keep the VOIP traffic, VPN traffic and User PAT (outbound NAT) traffic on separate IP's. That will help when defining the access-lists. This QoS stuff is kind of tricky and is bit confusing. I have setup a few configs according to the above examples and they _seem_ to work. I ran a policing queue on the edge router for traffic leaving to ASA, and ran a priority queue on the ASA. When i test big download from a major site, which could consume all bandwidth, it doesn't appear to clobber VOIP traffic. The same results apply, when I test a big upload to internet. The QoS stuff is tricky though, and i _didn't_ see what I expected when i use the show QoS commands to see traffic drops, etc. so YMMV!
  Take a look at this link for ASA 7.X release, which may give you some ideas:
  "QoS based on ACL with VPN Configuration" You can change ACL to include the outside interface IP as long as you have separated the NAT's, VPN, etc. like i mentioend earlier.
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml
  Will

• Handling incoming "HTTP Post"

  I'm a bit confused here...
  I've Flex 3/ActionScript as front-end with Java back-end (with BlazeDS in between);
  I need to receive an incoming "HTTP Post" sent by external server (paypal IPN) to a specific URL I need to provide - notifying on specific event, and do some action in response to that event.
  > How do I implement such listener to an incoming HTTP Post in Flex?
  > What kind of setup is needed to link that listener to the relevant URL?
  Haim

  Hello,
  I have the same problem. Could anyone manage this situation?
  Thanks,
  Daniel Viero.

• "Decoding" the Destination URL/IP listed in the in Outgoing Log

  Is there any way to translate the Destination URL/IP that is recorded in the Outgoing Log file to an actual URL?  I would like to know what the actual website is (trying to make sure my kids are behaving themselves), but I cannot figure out how to take the IP address that is listed (EVERYTHING is listed as an IP - no meaningful URLs at all) and visit it.
  Any help on this would be appreciated - thanks!

  Welcome to the linksys forums. You can go to this website:
  http://samspade.org/
  Just copy the ip address into the field and it will supply you with information about the website.
  Hope this helps, good luck.

• Passing parameter to third party survey via Webex Event Destination URL

  I am looking into using the end of event destination URL to route an Event attendee to a third party survey tool.  Is it possible to pass WebEx environment variables (attendee email, event name, event start date, etc.) via URL parameters, so I don't need to ask the user the name and event attended in the survey?
  Thanks, David!

  Hi David,
  I assume this is for WebEx SaaS (Cloud based) solution. Unfortunately, this community is for Cisco WebEx Meetings Server (on-prem solution) and is not observed by WebEx SaaS experts. You might be better of by calling into WebEx Support - 1.866.229.3239, provide them with your WebEx Site name and see if they can answer your question.
  -Dejan

• In BI how to filter the selection options based on inputs on top field

  Hi Friends,
  In BI, How to filter the selection options based on inputs on top field.
  The system should automatically filter the lower level drop downs based on the selection of a higher level.
  For e.g. :
  If a user selects a Country then the States drop down should only display the State's belongs to the Country. Similarly when a State is selected, the District drop down should display only those District's belongs to the State.
  Thanks in Advance.
  Regards
  Jayaram M

  Hi Anil,
  Thanks for reply but I couldn't use Compounding Characteristic here. Need some other solution.
  Regards
  Jayaram M

• How to change the fields in a JSF form based on a URL parameter

  I am trying to build a generic JSF form of parameters which I want to dynamically change (i.e.
  change which field is visible, what the label text should be, etc) based on a URL parameter.
  I can set the fields using logic in the backing bean as an action on a command button pressed.
  But how do I do it based on the URL parameter ? I can retrieve the URL parameter but I
  don't know where to put (or hook) the Java code to do this initialization prior to
  the page being rendered for the first time.
  The fields in the JSF is being configured dynamically using a database table.
  BTW I am using Jdeveloper 10.1.3.5
  Thanks
  CK

  Thanks. I decided to set a Session bean to store the value of the URL parameter (if it is set)
  and then to use the session bean to initialize the attributes of the fields on the JSF Page.
  There also seems to be some caching of the inputText fields (i.e. it reverts back to the first
  initialized value) even though I tried to change it using the URL parameter in the requestScope
  backing bean. So, setting the values into the Session bean and retrieving it back from there
  seems to be more reliable.

• 2013 Exchange, Can't connect to Exchange Management Shell. It cannot determine the content type of the HTTP response from the destination computer.

  The following error occurs.
           Welcome to the Exchange Management Shell!
  Full list of cmdlets: Get-Command
  Only Exchange cmdlets: Get-ExCommand
  Cmdlets that match a specific string: Help *<string>*
  Get general help: Help
  Get help for a cmdlet: Help <cmdlet name> or <cmdlet name> -?
  Show quick reference guide: QuickRef
  Exchange team blog: Get-ExBlog
  Show full output for a command: <command> | Format-List
  Tip of the day #0:
  Did you know that the Identity parameter is a "positional parameter"? That means you can use:
   Get-Mailbox "user" instead of: Get-Mailbox -Identity "user"
  It's a neat usability shortcut!
  VERBOSE: Connecting to mail1.dorothy.local.
  New-PSSession : [mail1.dorothy.local] Connecting to remote server mail1.dorothy.local failed with the following error
  message : The WinRM client cannot process the request. It cannot determine the content type of the HTTP response from
  the destination computer. The content type is absent or invalid. For more information, see the
  about_Remote_Troubleshooting Help topic.
  At line:1 char:1
  + New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
     gTransportException
      + FullyQualifiedErrorId : -2144108297,PSSessionOpenFailed
  Exception calling "GetComputerSite" with "0" argument(s): "The Specified directory object cannot be found."
  At C:\Program Files\Microsoft\Exchange Server\V15\bin\ConnectFunctions.ps1:164 char:2
  +     $localSite=[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetC ...
  +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
      + FullyQualifiedErrorId : ActiveDirectoryObjectNotFoundException
  Failed to connect to an Exchange server in the current site.
  Enter the server FQDN where you want to connect.: mail1.dorothy.local
  VERBOSE: Connecting to mail1.dorothy.local.
  New-PSSession : [mail1.dorothy.local] Connecting to remote server mail1.dorothy.local failed with the following error
  message : The WinRM client cannot process the request. It cannot determine the content type of the HTTP response from
  the destination computer. The content type is absent or invalid. For more information, see the
  about_Remote_Troubleshooting Help topic.
  At line:1 char:1
  + New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
     gTransportException
      + FullyQualifiedErrorId : -2144108297,PSSessionOpenFailed
  Randy Cheek

  Good Morning,
  Log into the server with an account that has appropriate Exchange rights, not a local account.  
  Note: By default - Domain Admins don't have Exchange rights.
  Dame Luthas, ITILv3, MCSE Messaging 2013, MCSA, MCITP
  My Technical Blog: http://thelifestrategist.wordpress.com
  Discipline is the Difference between Goals and Accomplishments
  If this post is useful, please hit the green arrow on the left & if this is the answer hit "mark as answer"

• Java.io.IOException: Server returned HTTP response code: 405 for URL

  I'm trying write to a file using a combination of CGI and Java. I am following this website:
  http://www.webdeveloper.com/java/java_jj_read_write.html
  However, when I try to write out to the file, I keep getting the error in the title: HTTP response code: 405 for URL: .....
  I was wondering if anyone knew what this mean? I searched the forum and found a post from 2 years ago that was exactly the same problem I was having, only thing is that there were no responses to it. Hopefully I'll have a bit more luck.

  http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html