How configure rewriter proxy to allow both http and https

Similar Messages

• How do I configure the portal to allow both anonymous and LDAP or Membership Logins?

  I want my portal's content to be publically accessable, to allow anonymous users to browse the content without the ability to modify layouts, content, etc. <br><br> But I can't figure out how to make the portal completely skip the login menu page. If I enable any modules besides the Anonymous module, I get the login menu. If I disable all modules but anonymous, I get a login module denied error message when I post to the login servlet from one of my pages.
  What do I need to do? My frustration with the lack of decent documentation of most of the features of this product is growing by the second.

  When opening up the administrative console
  (http://localhost:8080/console?func=frameset) and looking at the source
  it shows the following:
  <HTML>
  <HEAD>
  <TITLE>iPlanet Portal Server 3.0 Administration Console</TITLE>
  </HEAD>
  <FRAMESET FRAMEBORDER="no" COLS="*" ROWS="110,*" BORDER=0>
  <FRAME BORDER=0 SCROLLING="no" MARGINHEIGHT=10 SRC="/admin/top.html">
       <FRAMESET COLS="250,*" BORDER=0>
       <FRAME SRC="/console?func=directNav" NAME="navigatorFrame">
       <FRAME SRC="/console?func=frameAdmin" NAME="adminFrame">
       </FRAMESET>
  </FRAMESET>
  </HTML>
  Where are the html files located that the console servlet is including?
  The problem that I am encountering is this:
  I need to set the "Primary Document Directory" in the iPlanet webserver
  to something other than - <ipsbase>/public_html which seems to be the
  default configuration. When I switched the doc root to /foo/bar/ I
  noticed no problems with the portal server until I tried to enter the
  admin console. My browser reported back file not found errors for each
  of the frame pages that are included in the HTML snippet above. I
  understand that by changing the document root that the servlet no longer
  has a context of /admin/top.html but does anyone have thoughts as to
  what is going on and how to resolve this?
  thanks
  -matt

• How to protect both access (http and https) with a Policy Agent

  Hi,
  During the installation of a web Policy Agent (i.e. Policy Agent for IIS) we have to choose the protocol (and port) of the web server we want to protect.
  If we have an IIS with secure (https) and non secure (http) applications, how we manage this scenario with the policy agent?
  Regards,

  Hi,
  Finally, i have installed the agent in IIS5 in the non secure port (http) and in fact it detects both access (http and https) fine.
  The problem now is that if i try to access to a non secure url ( http://mynonsecureapp.com ) all works fine, the agent redirects to https://myaccessmanager.com:443/amserver/UI/Login?goto=http://mynonsecureapp.com but when i try to access to a secure url ( https://mysecureapp.com ) the agent try to redirects me to: https://myaccessmanager.com:443/amserver/UI/Login?goto=http://mysecureapp.com (notice that the agent removes the 's' in the url).
  The amAgent log file shows:
  +2008-07-17 09:44:08.296MaxDebug 656:d8f6b0 PolicyAgent: am_web_is_notification(), https://sigcit.agp.gva.es:443/fullcitriweb is not notification url http://sigcit.agp.gva.es:80/amagent/UpdateAgentCacheServlet?shortcircuit=false.+
  +2008-07-17 09:44:08.296 Warning 656:d8f6b0 PolicyAgent: OnPreprocHeaders(): Access Manager Cookie not found.+
  +2008-07-17 09:44:08.296 Debug 656:d8f6b0 PolicyAgent: am_web_is_access_allowed(): url 'https://sigcit.agp.gva.es:443/fullcitriweb' path_info ''.+
  +2008-07-17 09:44:08.296MaxDebug 656:d8f6b0 PolicyAgent: am_web_is_access_allowed(): processing url http://sigcit.agp.gva.es:80/fullcitriweb.+
  +2008-07-17 09:44:08.296 Debug 656:d8f6b0 PolicyAgent: am_web_is_access_allowed(): client_ip 172.27.65.62 not found in client ip not enforced list+
  Any ideas?
  Regards,
  Edited by: idm_oceanic on Jul 17, 2008 1:33 AM

• Https and http configuration

  Hello All
  Can anyone tell me how to configure a website which contain both https and http pages? I mean for example, if you go to your online banking website, all the pages before you reach the Login page are in http. But once you have login, all the pages are under https.
  For my own project, I have also installed the SSL onto my Tomcat, it works fine. However, all the pages are under https, even the index.html page. Below is my server.xml, hope it may give you more information.
  Many thanks
  Viola
  ============================================================================
  <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8081 -->
  <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
  port="8080" minProcessors="5" maxProcessors="75"
  enableLookups="true" redirectPort="8443"
  acceptCount="100" debug="0" connectionTimeout="20000"
  useURIValidationHack="false" disableUploadTimeout="true" />
  <!-- Note : To disable connection timeouts, set connectionTimeout value
  to -1 -->
  <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
  <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
  port="8443" minProcessors="5" maxProcessors="75"
  enableLookups="true"
  acceptCount="100" debug="0" scheme="https" secure="true"
  useURIValidationHack="false" disableUploadTimeout="true">
  <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
  clientAuth="false" protocol="TLS" />
  </Connector>
  <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
  <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
  port="8009" minProcessors="5" maxProcessors="75"
  enableLookups="true" redirectPort="8443"
  acceptCount="10" debug="0" connectionTimeout="20000"
  useURIValidationHack="false"
  protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>

  True for my version of TOMCAT
  I think that if you check http://localhost:8080
  you will find that you can access your pages
  with out using http also.
  You are applying ssl to the server not the individual
  war files. So you can access the files using both
  https and http.
  What you need todo is set the security parameters of the
  war file that you want to access using https to only allow
  connection using https.
  So now you can access the web pages using http or https
  but you can only access the file with the security settings
  using https.
  Note if you are using sessions becareful you don't jump between
  http & https and leave the session id exposed.

• Both http and https on struts in tomcat using SSL

  I want to apply both http and https as need, on a single web application on struts. My server is tomcat. I need a complete documentation. Some help me please.

  If you are terminating SSL on ACE then there is no way to do it with one policy because of ssl-proxy command. However it is possible to use same serverfarms with two VIP like this:
  access-list ACL line 10 extended permit ip any any
  rserver host TEST
    ip address 20.20.2.11
    inservice
  serverfarm host TEST
    rserver TEST
      inservice
  ssl-proxy service SSL_SERVER
    key KEY12.PEM
    cert CERT12.PEM
  class-map match-any SSL
    2 match virtual-address 10.10.2.101 tcp eq https
  class-map match-any HTTP
    2 match virtual-address 10.10.2.101 tcp eq http
  policy-map type loadbalance first-match L7_POL
     class class-default
       serverfarm TEST
  policy-map multi-match L7
     class SSL
       loadbalance vip inservice
       loadbalance policy L7_POL
       loadbalance vip icmp-reply
       ssl-proxy server SSL_SERVER
      class HTTP
      loadbalance vip inservice
      loadbalance policy L7_POL
      loadbalance vip icmp-reply
  interface vlan 210
     ip address 10.10.2.1 255.255.255.0
     service-policy input L7
     access-group input ACL
     no shutdown
  interface vlan 220
     ip address 20.20.2.1 255.255.255.0
     no shutdown
  ip route 0.0.0.0 0.0.0.0 10.90.15.1
  However, if you are not doing SSL termination on ACE and you are just doing L4 load-balancing, you will most likely need to configure SSL stickiness, which again leads to having separate policies because of the sticky serverfarms which need separate loadbalance policy lines.

• How to create the Business System both sender and receiver in SAP XI / PI

  Dear All
  kindly let me know how to create the Business System both sender and receiver in SAP XI / PI
  Regards
  Blue

  Hi,
    If by any chance you are not able to find these....
  https://www.sdn.sap.com/irj/sdn/wiki?path=/display/xi/workingwithSystemLandscapeDirectory+%28SLD%29&
  http://help.sap.com/saphelp_nw04s/helpdata/en/24/8fa93e08503614e10000000a114084/frameset.htm
  http://help.sap.com/saphelp_nw70/helpdata/en/f1/92b248db68409487661ff13239127d/content.htm
  Regds,
  Pinangshuk.

• PORTAL ACCESS  THROUGH HTTP and HTTPS BOTH

  Hi,
  Is it possible to make the portal listen on both http and https ports at the same time? What is the required configuration for the same?
  Please let me know for any other details.
  Any input is highly appreciated.
  regards,
  Chandra

  Hello Chandra,
  you can activate SSL in the J2EE engine and then you have both Protocolls avaliable. The documentaiton can be found at <a href="http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm">Configuring the Use of SSL on the SAP J2EE Engine</a>.
  Regards
  Gregor

• WCCP Configuration HTTP and HTTPS

  Looking for anyone that might have a clue in on this, im attempting to configure a pair of routers to use WCCP to redirect HTTP and HTTPS traffic to two content keeper devices. The network im building is going to be used for a guest internet connection where defining proxies on end devices would be unusable.
  I'll drop the configs in below but for now what i have are 2 cisco 3925 routers configured for HSRP. 2 content keeps running squid for the cache engine. with my current configurations, I have wccp web-cache and wccp service 70 configured (all 4 devices are available/usable in both services). this is a layer 2 setup. HTTP traffic is picked up and redirected to the content keepers without issue. https traffic does not appear to be detected by the routers. I have chosen not to use ACLS for WCCP and use the redirect in because we want to capture http(s) traffic from all hosts.
  for HTTP, I see hits counters rise on the router under show ip wccp, i see hit counters for the content keepers increase, i see http traffic on the firewall from the content keepers and I get the web page on the device
  For HTTPS I do not see hit counters under wccp increase, I do not see any traffic on the content keepers bridge, and i see traffic on the firewall from the hosts orginal ip address.
  interface0/2 internal LAN
  interface 0/0 content keepers (no WCCP commands)
  interface 0/1 gateway firewalls. (no WCCP commands
  ip wccp check services all
  ip wccp web-cache
  ip wccp 70
  interface GigabitEthernet0/2
  description To Lan
  ip address x.x.x.x
  ip wccp web-cache redirect in
  ip wccp 70 redirect in
  standby 1 ip x.x.x.x
  standby 1 priority 150
  standby 1 preempt
  duplex auto
  speed auto
  Global WCCP information:
      Router information:
          Router Identifier:                   x.x.x.2
      Service Identifier: web-cache
          Protocol Version:                    2.00
          Number of Service Group Clients:     2
          Number of Service Group Routers:     2
          Total Packets Redirected:            17999
            Process:                           0
            CEF:                               17999
          Service mode:                        Open
          Service Access-list:                 -none-
          Total Packets Dropped Closed:        0
          Redirect access-list:                110
          Total Packets Denied Redirect:       0
          Total Packets Unassigned:            0
          Group access-list:                   -none-
          Total Messages Denied to Group:      0
          Total Authentication failures:       0
          Total GRE Bypassed Packets Received: 0
            Process:                           0
            CEF:                               0
      Service Identifier: 70
          Protocol Version:                    2.00
          Number of Service Group Clients:     2
          Number of Service Group Routers:     2
          Total Packets Redirected:            0
            Process:                           0
            CEF:                               0
          Service mode:                        Open
          Service Access-list:                 -none-
          Total Packets Dropped Closed:        0
          Redirect access-list:                -none-
          Total Packets Denied Redirect:       0
          Total Packets Unassigned:            0
          Group access-list:                   -none-
          Total Messages Denied to Group:      0
          Total Authentication failures:       0
          Total GRE Bypassed Packets Received: 0
            Process:                           0
            CEF:                               0
  Show details and show service attached.

  Hello Josh,
  1. Yes, port-specific ACL is not supported. But it is not a big problem. Usually on WCCP server you can configure very specific bypass (Cisco WSA supports that - do not know about Sophos). For bypassed traffic WCCP server will reinject that packet in GRE and send back to ASA which will decapsulate it and send as normal packets.
  It's a good design, because you can have very granural bypass policy on WCCP server.
  2. Yes, configuration is correct, although it's better to be more specific (not send all traffic to WCCP if there is no need for that).
  3. Yes, you can use deny in redirect-list to exclude traffic.
  4. WCCP keepalives are being send by WCCP server by default every 10 seconds. If ASA does not see that replies for some time it marks server as dead and uses other ones.
  Michal

• Configuring WCCP for http and https

  How do I configure wccp on a 6509 to redirect http and https trafic to a S650. I am using the following config and http is working fine:
  ip wccp version 2
  ip wccp web-cache redirect-list aclwccp
  interface Vlan23
  description Rede Firewall
  ip address 10.0.23.20 255.255.255.0
  ip access-group 172 out
  ip wccp web-cache redirect out
  mls rp vtp-domain coc_block1
  mls rp ip
  mls netflow sampling
  end
  Should I config an other service for the https protocol?

  Cecato,
  The WSA can be configured to send 80 and 443 traffic, in the WCCP settings area (5.2.0+). There are some things you will need to be aware of before doing this though:
  1. If you are on 5.2.0-x, you will not be able to inspect HTTPS traffic. Only version 5.5.0+ has the ability to decrypt HTTPS traffic. Because of this, it is not recommended to redirect port 443 on WSA version 5.2.
  2. You will most likely need to specify a service ID other then web-cache. On most Cisco devices, web-cache is reserved for port 80 traffic only and cannot be changed. Any other service ID will work as you want it to.

• HI i have macbook pro with OSX 10.8. I am facing typical problem with Wi- Fi , in school wi-fi it does'nt connects to http sites and connects only https  but in home wi-fi it connects to all all http and https sites. How fix this problem as I am new this

  HI i have macbook pro with OSX 10.8. I am facing typical problem with Wi- Fi , in school wi-fi it does'nt connects to http sites and connects only https as no security/proxy settings done but in home wi-fi it connects to all  http and https sites. How to fix this problem as I am new this operating system. Please any one help me in this as I have installed Delicious Library which is not working in school becoz it searches amzon http site.

  I would imagine that at school, you're required to connect through an HTTP proxy.
  From the menu bar, select
   ▹ System Preferences ▹ Network
  If the preference pane is locked, click the lock icon in the lower left corner and enter your password to unlock it. Then click the Advanced button and select the Proxies tab. Enter the proxy settings given to you by the network administrator. Click OK and then Apply.
  You may wish to create separate network locations for home and school. See the built-in help for instructions.

• Can one portal 11g middletier listen on both https and http simultaneously?

  Specifically behind a reverse proxy?
  I know in 10G I was able to do this but in 11G there is a configuration item in the weblogic enterprise manager (Portal Farm) where you configure the:
  Portal Wire Congiguration
  - Portal Middle Tier
  Specify the Middle Tier settings that Portal should use.
       Published Host     
  Listening Port     
  SSL Protocol     (is a checkbox whose hover over text is: "Specifies the protocol of the Portal URL. It can be either HTTP (NONSSL) or HTTPS (SSL)")
  These setting would indicate to me that for a given portal middle tier you can not have it listen and respond to requests on http and https at the same time.
  IE...
  https://myhost/portal/pls/portal/
  http://myhost/portal/pls/portal/
  Can someone verify if this is indeed true?
  D

  Have you tired using wlw-runtime-config.xml?
  http://e-docs.bea.com/workshop/docs81/doc/en/workshop/reference/configfiles/con_wlw-runtime-config_xml_ConfigurationFile.html?skipReload=true
  -D

• How do you change categories in both transactions and budget report in the personal budget template in Numbers?

  How do you change categories in both transactions and budget report in the personal budget template in Numbers?
  I am working on both an iPad mini and a MacBook Air. 
  Whenever I change the category name in the budget report, it does not actually show up in the transactions tab when I am using the Personal Budget Template. 
  I have already tried copying and pasting a category in the budget report to add another row but it still does not show up in the transactions tab. 

  Hi golmeda,
  Check out this answer here:
  Using Numbers Personal Budget template I can't figure out how to change the categories in both tabs (budget and transact…
  If it is unclear let me know.
  quinn

• Separate Tomcat http and https access

  Hi
  I got tomcat running both http and https.
  However, http://localhost:8080 and https://localhost:8433 are accessing the same page.
  I need to separate them, to prevent from entering data using http://localhost:8080 by mistake.
  Please help.
  Cheer
  T

  there are 2 ways to only allow https access to your webapp
  1:
  stop tomcat listening on all ports except https port
  2:
  configure your webapp to only allow https access
  http://marc.theaimsgroup.com/?l=tomcat-user&m=104951559722619&w=2

• JSF / Switch between HTTP and HTTPS

  Hello!
  I want to switch between HTTP and HTTPS using JSF.
  Under Apache Struts framework I can use struts extension "sslext.jar" to configure switching between http and https in one web application.
  e.g. Login-jsp should be secured, all other jsp's should run unsecured.
  Any ideas?
  regards
  Harald.

  Thanks,
  I made the necessary enhancement for the second phase, password confirmation required when return to SSL zone after leaving it after a succesful login.
  I did the following:
  1) create a class in the application scope and/or singleton class with the servlet paths that require SSL
  2) create a plugin that reads ActionConfigs from the ModuleConfig
  3) create a filter that sets a request scope flag that says that password must re-entered.
  Code Extracts:
  1) MainshopContainer application level parameter singleton class:
  private static HashMap sslZoneMap = new HashMap(50); // key = servlet path of request, example /login.do
  public boolean isInSSLZone(String servletPath)
  return this.sslZoneMap.containsKey(servletPath);
  public void addToSSLZone(String servletPath)
  this.sslZoneMap.put(servletPath,null);
  public int getNumberOfActionsInSSLZone()
  return this.sslZoneMap.size();
  2) Struts plugin
  add a call to loadSSLZoneMap in plugin init method:
  loadSSLZoneMap(config, mainshopContainer);
  private void loadSSLZoneMap(ModuleConfig config, MainshopContainer mainshopContainer)
  throws ServletException
  try {       
  ActionConfig[] actionConfigs = config.findActionConfigs();
  for (int i = 0; i < actionConfigs.length; i++)
  if (actionConfigs.getParameter().indexOf("/jsp/account/") < 0) // /account/* = URL path for SSL zone
  // not found = not ssl zone
  System.out.println("loadSSLZoneMap, following actionConfigs excluded from SSL Zone: "+actionConfigs[i].getPath());
  else
  // found = ssl zone
  String servletPath = actionConfigs[i].getPath()+".do";
  mainshopContainer.addToSSLZone(servletPath);
  System.out.println("loadSSLZoneMap, following servletPath added to SSL Zone: "+servletPath);
  System.out.println("loadSSLZoneMap, number of actions in SSL Zone: "+mainshopContainer.getNumberOfActionsInSSLZone());
  catch (Exception ex)
  ex.printStackTrace();
  throw new ServletException("Exception caught in loadSSLZoneMap: "+ex.toString()+" Initialization aborted.",ex);
  3)
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
  throws IOException, ServletException {
  HttpServletRequest req = (HttpServletRequest) request;
  HttpServletResponse res = (HttpServletResponse) response;
  String servletPath = req.getServletPath();
  boolean secure= this.mainshopContainer.isInSSLZone(servletPath);
  The wole picture:
  The filter adds a RequestDTO object that includes all request parameters, one of them is the secure flag.
  I have a session scope class UserContainer that includes all the session parameters, one of them is the lastRequestDTO.(last made request)
  At the end of all my jsp's I set the lastRequestDTO variable.
  In that method I set the passwordConfirmationRequired flag if needed:
  public void setLastRequestDTO(RequestDTO _lastRequestDTO)
  if (this.lastRequestDTO != null && this.lastRequestDTO.isSecure() != _lastRequestDTO.isSecure())
  this.setPasswordConfirmationRequired(true);
  this.lastRequestDTO = _lastRequestDTO;
  I read the passwordConfirmationRequired in all my jsp's in the SSL zone that allow editing or deleting and if that flag is true, a valid password must be re-entered in order to make the updates.
  When the password is OK I reset the passwordConfirmationRequired to false.
  I need some help for the first phase, that is SSL setup for all actions related to jsp's with url path /account/*
  I tought I could define it in the web.xml:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>All Account Related Pages</web-resource-name>
  <url-pattern>/account/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  but that doesn't work and finnaly understood why:
  Example: /WEB-INF/jsp/account/login.jsp corresponds to /login.do
  The url pattern /account/* at the container level is never encountered.
  Is it allowed to declare the following action path: /account/login instead of /login?
  If yes I could add following prefix /account to all my action paths and forward paths and this could resolve my problem.
  What's your opinion?
  If no, would your library resolve this?
  Will all the Struts/JSP/JSTL url generating tags pick-up the required protocol (http/https) according to your configuration file?
  Regards
  Fred

• In OS 10.6 and Safari 6, http: and https: are no longer displayed.

  In OS 10.6 and Safari 6, http: and https: are no longer displayed.
  Can this behaviour be restored??
  In 10.5.8 with Safari 5.x some sites will show up as https: while the same
  site in Safari 6 may, or may not, show the grey or green box https: box.
  Is this this a certificate problem?
  Can I set the address bar to for the URL prefix?
  I have both systems on separate disks and consistantly see this behaviour on some sites.
  How can I feel assured that a site is or is not secure using Safari 6??
  A relative also shares this same issue
  Thanks for your Help!

  Safari 6 : http is not shown in the URL (& Search combined) bar, but https is always shown, often with a symbol lock. The URL address font is black, after the / it is grey.
  All as expected.
  Best.