How do i temporarily disable TLS/SSL port 443 going to server on CSS
We are having issues with truncating packets that go through the CSS
I did a capture after the CSS and there is truncation............however i cant read it before the since everything is encrypted.
They hit vip address 172.20.120.16. on the CSS and get redirected to 2 servers depening on what the url says
They server team would like to turn it off just to test..i tried removing
"add service ARR-public-ssl" from the contetn below and we lost http and https to the server
so in essence i want to try and turn the 443 connection to a port 80---than it goes to port 7777 backend to 172.20.212.6
content BYE-WEB-SSL
vip address 172.20.120.16
protocol tcp
port 443
advanced-balance ssl
application ssl
add service ARR-public-ssl
active
ssl-server 40
ssl-server 40 rsacert byetest
ssl-server 40 vip address 172.20.120.16
ssl-server 40 cipher rsa-with-rc4-128-sha 172.20.120.17 80
ssl-server 40 cipher rsa-with-rc4-128-md5 172.20.120.17 80
ssl-server 40 urlrewrite 1 *
ssl-server 40 cipher rsa-with-3des-ede-cbc-sha 172.20.120.17 80
ssl-server 40 rsakey byekey
backend-server 50
backend-server 50 type initiation
backend-server 50 server-ip 69.xxx.xxx.xxx
backend-server 50 ip address 69.xxx.181.xxx
backend-server 50 rsacert byetest
backend-server 50 rsakey byekey
active
!************************** SERVICE **************************
service TIE-SSLINIT
protocol tcp
ip address 69.xxx.xxx.xxx
keepalive type tcp
keepalive port 443
slot 2
type ssl-init
add ssl-proxy-list HR-SSL
active
owner PublicBYE
content BYE-WEB-ARRR
vip address 172.20.120.17
protocol tcp
port 80
url "/arr*"
advanced-balance arrowpoint-cookie
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web1
active
content BY-WEB-TIX
protocol tcp
port 80
url "/tix*"
advanced-balance arrowpoint-cookie
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web2
vip address 172.20.120.17
active
content BYE-WEB-TIX-CLEARTEXT
add service TIX-SSLINIT
vip address 172.20.120.19
protocol tcp
port 80
active
content BYE-WEB-Nav
vip address 172.20.120.17
protocol tcp
port 80
url "/na*"
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web1
active
content BYE-WEB-SSL
vip address 172.20.120.16
protocol tcp
port 443
advanced-balance ssl
application ssl
add service ARR-public-ssl
active
service BYE-ds-web1-ssl
ip address 172.20.212.5
port 443
keepalive type ssl
active
service BYE-ds-web2
ip address 172.20.212.6
port 7777
keepalive port 7777
keepalive type tcp
active
service BYE-ds-web2
ip address 172.20.212.6
port 7777
keepalive port 7777
keepalive type tcp
active
service BYEos-web2-ssl
ip address 172.20.212.6
port 443
keepalive type ssl
active
CSS11506# sh ver
Version: sg0810205 (08.10.2.05)
Flash (Locked): 08.10.1.06
Flash (Operational): 08.10.2.05
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
Secure Management
Yeah..if done a packet trace before it hits the CSS and after......the only issue is that everything is engrypted before it hits the LB so i cant really read anythign....i did a pacet trace after the LB and on the Server itself its seems we get this
I thought i saw some bug info from cisco but i cant tell if its related
CSCsx05640—When you configure the CSS for a Layer 5 (L5) content rule and it receives an HTTP method POST with the HTTP header in one packet that is quickly followed by many packets of POST data or payload, it could fail to deliver all the data to the back-end server. The CSS Flow Manager (FM) application could incorrectly handle the POST and the data packet as a spanned content request and could cause the data to be mishandled. Workaround: Use less than 1-Gb connections in the network; a 100-Mb link does not exhibit this issue.
As you can see after the content-length..........nothing comes across........sometimes addtional stuff will come in ...but usually nothing
Is there a bug related to this on the CSS?
POST /TIXX/DocumentRepository_Service HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/soap+xml;charset=UTF-8;action="urn:ihe:iti:2007:ProvideAndRegisterDocumentSet-b"
User-Agent: Jakarta Commons-HttpClient/3.1
Host: www.xxxxxxxxxxxx.net
Content-Length: 9044
Similar Messages
-
How can I temporarily disable dashboard client
I want to install an updated version of Adobe Flash. i am being instructed to close Safari (no problem) and Dashboard Client. How can I temporarily disable Dashboard Client so that I can install the update? I am currently using MacBook Pro with OS X 10.8.2.
Use Terminal to disable the Dashboard. Go to Applications>Utilities>Terminal
Once you have the window open in Terminal copy & paste this command to disable it:
defaults write com.apple.dashboard mcx-disabled -boolean YES
Then, restart the Dock using the following command:
killall Dock
If you want to enable your Dashboard again simply replaceYES with NO in the top command and repeat the process. -
How do I temporarily disable the pop-up function?
How do I temporarily disable the pop-up function on my Mac desktop?
Do you mean "tooltips" ?
Similar to this?
http://www.macworld.com/article/55202/2007/02/termtooltips.html -
Error with default SSL port (443) on Solaris
Hi all
I would like to config default SSL port 443 on Solaris but I found this error. What is the problem?
I use WebLogic 8.1 sp3
SSL port : 443
Unable to create a server socket on Channel Default for port: 443. java.net.BindException: Permission denied Perhaps another process is using port 443
I dont sure about permission. How can I do?Oh I can use root start weblogic and I can use 443 port, but when I use other users. I can't use 443 port
-
I keep getting this message when trying to navigate in myverizon:
The problems you are experiencing are most likely the result of Web filtering software, firewalls, popup blockers or ad blocking software.
You may resolve this issue by visiting your browser's website and searching for instructions on temporarily disabling Web filtering software, firewalls, popup blockers, and/or ad blocking software. You may also use another computer.Which problems are you experiencing if you visit that website?
Clear the cache and the cookies from sites that cause problems.
"Clear the Cache":
* Firefox > Preferences > Advanced > Network > Offline Storage (Cache): "Clear Now"
"Remove Cookies" from sites causing problems:
* Firefox > Preferences > Privacy > Cookies: "Show Cookies" -
The problems you are experiencing are most likely the result of Web filtering software, firewalls, popup blockers or ad blocking software.
You may resolve this issue by visiting your browser's website and searching for instructions on temporarily disabling Web filtering software, firewalls, popup blockers, and/or ad blocking software. You may also use another computer.
For Internet Explorer http://support.microsoft.com
For Firefox http://support.mozilla.com/en-US/kb/
For Safari http://www.apple.com/support/
Important
These actions may increase your security risk. Your computer or your network may be more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend that you address any concerns with your browser's support team.The problems you are experiencing are most likely the result of Web filtering software, firewalls, popup blockers or ad blocking software.
You may resolve this issue by visiting your browser's website and searching for instructions on temporarily disabling Web filtering software, firewalls, popup blockers, and/or ad blocking software. You may also use another computer.
For Internet Explorer http://support.microsoft.com
For Firefox http://support.mozilla.com/en-US/kb/
For Safari http://www.apple.com/support/
Important
These actions may increase your security risk. Your computer or your network may be more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend that you address any concerns with your browser's support team. -
Sievefilter over SSL (port 443)
Does anybody know how i can get sievefilter to work if i use SSL? I have installed the sievefilter function and it works fine over http but the server will not display the sievefilters when i'm using https. Why?
Sieve filters settings work through iDA, not webmail. You have to turn ssl on for that web server, too.
-
Port 443 content rule, can the CSS see inside the cookie ?
Hi Gilles/everyone,
With a content rule using port 443, can we use cookie based stickiness or is the cookie also encrpyted ?
cheers,
Mikealso encrypted.
No way to see it without an SSL module to decrypt.
Gilles. -
How can I TEMPORARILY disable built-in microphone?
I like to record music from the web on my Touchsmart 310-1145UK (BTW this is 3 months old but HP don't recognise this model number so I can't contact customer support on-line!!! It is a 20 inch screen all-in-one PC).
I use Audacity to record, this worked fine EXCEPT that it also recorded all the noise that the built-in microphone picked up.
I found a way of disabling it, but this turned out to be permanent and there was no way of getting it back apart from a system restore.
How can I stop the micrphone, or turn it down so it doesn't work, and then easily turn it back on again?stratobuddy wrote:
I like to record music from the web on my Touchsmart 310-1145UK (BTW this is 3 months old but HP don't recognise this model number so I can't contact customer support on-line!!! It is a 20 inch screen all-in-one PC).
I use Audacity to record, this worked fine EXCEPT that it also recorded all the noise that the built-in microphone picked up.
I found a way of disabling it, but this turned out to be permanent and there was no way of getting it back apart from a system restore.
How can I stop the micrphone, or turn it down so it doesn't work, and then easily turn it back on again?
Here is a link to your notebook's support portal. That is indeed a recognized HP product name. I searched the HP server for the link.
In the systray, right-click on the volume icon. Select Recording devices. Right-click on the microphone icone and select Disable and select OK To enable the microphone, just go back into the very same Windows that you disabled it in.
You can also access the sound Window by typing sound in the start search box. Select sound and then select the Recording tab.
Best regards,
erico
****Please click on Accept As Solution if a suggestion solves your problem. It helps others facing the same problem to find a solution easily****
2015 Microsoft MVP - Windows Experience Consumer -
I have a Hallmark Card Studio Special Edition. I have been unable to install it. I asked Hallmark and they told me how to do it, but I need to disable both the virus scanning software and firewall software to start the installation over.
Which problems are you experiencing if you visit that website?
Clear the cache and the cookies from sites that cause problems.
"Clear the Cache":
* Firefox > Preferences > Advanced > Network > Offline Storage (Cache): "Clear Now"
"Remove Cookies" from sites causing problems:
* Firefox > Preferences > Privacy > Cookies: "Show Cookies" -
How can I temporarily disable dashboard
While trying to install new version of Adobe Flash the installation process gets halted and displays "Disable Dashboard" to continue.
How do I accomplish that?Use Terminal to disable the Dashboard. Go to Applications>Utilities>Terminal
Once you have the window open in Terminal copy & paste this command to disable it:
defaults write com.apple.dashboard mcx-disabled -boolean YES
Then, restart the Dock using the following command:
killall Dock
If you want to enable your Dashboard again simply replaceYES with NO in the top command and repeat the process. -
I ask this because I need to create pages that will be relevant at a later time, but I don't want to have to remember the page range everytime I export a pdf because the order of my document is changing constantly. Is ther a way to tag pages as disabled and then reactivate at a later time? Thanks for any help.
Perhaps you should be doing separate documents, and combining them into a Book (.indb). Add or remove the docs and update the book as required.
-
How to Get Host Name Domain Name : Port No. for App Server From Forms
Forms 10g r2
I am looking to run various forms and reports from within a form. I am using web_show_document. I am passing the URL which includes "http://{host name . domain name : port number}/forms/frmservlet?config=schema1_schema2 form=ab0001 p_param1=151 p_param2=1409 p_x=X". My schema1_schema2 config section in formsweb.cfg contains user name, password, connection information.
All works well when the actual host_name.domain_name:port_no are hard-coded within a string that is used for the URL with web_show_document, but I need to be able to distribute the form without hard-coding the host_name, domain_name, and port_no.
I have looked in forms help for application properties, system variables, and within this forum for the built-in or system variable that returns this information, but have not found it.
Can someone please tell me how I can get this information (host_name, domain_name, and port_number for the application server on which the form is currently running) so that I can build this working URL dynamically?
I appologize if I have overlooked it within this forum.
Thanks greatly,
JamesThanks, Rosario.
As it turns out, I don't need the IAS Host_Name, Domain_name, and Port_No. Instead, I can do what I described by stripping off precisely THAT information leaving a URL that looks like:
v_url := "/forms/frmservlet?config=schema1_schema2 form=ab0001 p_param1=151 p_param2=1409 p_x=X";
WEB.SHOW_DOCUMENT(v_url,'_blank');
The original IAS Host_Name, Domain_Name, and Port_No. are assumed and the named config -- schema1_schema2 is still properly referenced so as to use the username/password and connect string to the 2nd schema. This is done by use of the relative path. -
How do i "re-trust" the SSL certificate sent from a server I previously marked as untrusted?
I use Citrix Receiver to access my workplace Windows environment remotely from home, where I run Firefox 7.01 on Ubuntu 11.10. Two days ago the SSL certificate expired, so when I tried to logon remotely it failed. Now the company have renewed the certificate, but now when I try to logon I get an error from the Citrix ICA Client saying "You have not chosen to trust Verisign Class 3 Public Primary Certification Authority - G5, the issuer of the server's security certificate (SSL error 61)"
I have found a couple of similar queries here, but neither had a solution which worked for me. The entry for Verisign Clas 3... G5 is in /etc/ca-certificates.conf, also there's a link to it in /etc/ssl/certs to an existing ...G5.crt file in /usr/share/ca-certificates - Firefox seems to recognise the issuer as a valid existing certificate issuer. Firefox displays the certificate for the page when I use menu options Tools -> Page Info -> Security -> View Certificate, and the certificate shows as valid for today - for the life of me I can't find a way to make Firefox trust the darn issuer.
I get the same fault with Firefox 3.6.23 on Ubuntu 10.04.
(I'd rather not tell everyone here the URL of my company's remote access website)Thanks for the swift reply, cor-el - unfortunately, no joy with this approach.
A. As my named user (called "greg", surprise, surprise, no secret there...)
Run Firefox; select Edit > Preferences > Advanced : Encryption:
Here I get no option for Certificates, but I do get View Certificates - then tabs for:
- Servers, under which my company's remote logon URL is listed - Edit button is grey
- Authorities, under which the Verisign...G5 entry may be edited; 3 options:
1. may identify websites (ticked)
2. may identify mail users (unticked)
3. may identify software makers (ticked)
I ticked 2, tried again - same failure. Unticked it.
B. As root.
Run Firefox; select Edit > Preferences > Advanced : Encryption:
Here I get no option for Certificates, but I do get View Certificates - then tabs for:
- Servers, under which my company's remote logon URL is NOT listed
- Authorities, under which the Verisign...G5 entry may be edited; 3 options:
1. may identify websites (ticked)
2. may identify mail users (unticked)
3. may identify software makers (unticked)
I ticked 2 and 3, tried again - same failure. Unticked them.
Maybe a solution would be, in some way, to add my company's remote logon URL to the list of Servers while running Firefox as root. The Export and Import buttons may help here. However, when I first declined their certificate I was running Firefox as greg, not as root, so I am a bit suspicious there - what can be done as greg should be undoable as greg.
This is doing my head in. Maybe it's time to step back and think a bit. Maybe try Citrix's online help (already spent a fair amount of time there with no joy either).
So, thanks again for the reply - I've generally tried to provide a good list of what's up, and your reply has given me food for thought. OK, I'll keep trying. -
Turn off SSL site on OS X Server
I am running OS X Server 10.8 and am trying to use my SSL port (443) for a server that. Sadly everytime I run my server I get a resounding error saying that the port is in use. I have turned off my server websites because of this but I noticed that a web page is still being run on both port 80 and my SSL port.
Here is what is on that webpage:
How can I completely turn off websites? Is it possible to run a website on just port 80 and not on my SSL port?Sorry, I meant OS X Server 10.9.
Maybe you are looking for
-
HT201335 how to mirror Mac Pro to t.v.
how to mirror mac-pro with osx mountain lion(10.8.4) to T.V thx.
-
Quiz results not appearing in email body
Using Captivate 2, I set up a quiz that is supposed to send its results to e-mail. In the Quiz Manager, on the Reporting tab, I have the following settings: Enable resporting for this project (checked) LMS: email Report Pass or Fail: report status as
-
Wmi script to find out the time when the user was added to local administration group
Hi Friends, i need a script/query based on wmi/wql that find out the time when the user was added to local administration group on this computer Regards Tanoj OSLM ENGINEER - SCCM 2007 & 2012
-
Hi Guys, before I reimplement Menubar to support Tree, I was wondering if there is a component that will support that somewhere, basically what I want is to have a possibility to show treeControl as one of the menus of menuBar, currently as far as I
-
STOs with split valuation by batches
I have split valuation by batches activated. The system forces me enter a batch number(valuation type) when i am creating the STO. It does not make sense, as the batch is really known at the time of shipping. wE have reviewed all the relevant oss n