Https proxy logs

folks
i have a query on https proxy logs
i'm piloting a https proxy configruation and i have a question on the logs generated
i'm decrypting and then encrypting traffic but i'm curious about what the appliance does with the logs showing the unencrypted content, i.e. passwords, credit card number etc
i'm curious cos i want to make sure this content is not available to anyone and is secured or overwritten
thanks to anyone taking the time to reply

The https proxy logs don't contain any of that data.

Similar Messages

Proxy Log On failed(Error Code 12154)

Hello There!
Can someone P'se help on this
Installation
WIN2K-Pro
Oracle8iEE-1.7..
Oracle9iAS
Two different Oracle homes
Problem
I am trying to test for the first time my portal but i am receiving the following error messages
1)when I type in <http://mysever/pls/dad> this is the result:
Proxy log On failed.
Please verify that you have specified correct connectivity information i.e.username, password & connect-string in the Database Access Descriptor
Error-Code:12640
Error TimeStamp:Mon, 06 Aug 2001 04:25:15 GMT
Database Log In Failed
TNS is unable to connect to destination. Invalid TNS address supplied or destination is not listening. This error can also occur because of underlying network transport problems.
Verify that the TNS name in the connectstring entry of the DAD for this URL is valid and the database listener is running.
2)Also when I try this <http://myserver/pls/admin/gateway.htm>the result is as follows:
Mon, 06 Aug 2001 20:01:28 GMT
No DAD configuration Found
DAD name:
PROCEDURE : gateway.htm
URL : http://nt2kserver.learning.local:80/pls/admin/gateway.htm
PARAMETERS :
===========
ENVIRONMENT:
============
PLSQL_GATEWAY=WebDb
GATEWAY_IVERSION=2
SERVER_SOFTWARE=Oracle HTTP Server Powered by Apache/1.3.12 (Win32) ApacheJServ/1.1 mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.24
GATEWAY_INTERFACE=CGI/1.1
SERVER_PORT=80
SERVER_NAME=nt2kserver.learning.local
REQUEST_METHOD=GET
QUERY_STRING=
PATH_INFO=/admin/gateway.htm
SCRIPT_NAME=/pls
REMOTE_HOST=
REMOTE_ADDR=127.0.0.1
SERVER_PROTOCOL=HTTP/1.1
REQUEST_PROTOCOL=HTTP
REMOTE_USER=
HTTP_CONTENT_LENGTH=
HTTP_CONTENT_TYPE=
HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
HTTP_HOST=nt2kserver.learning.local
HTTP_ACCEPT=*/*
HTTP_ACCEPT_ENCODING=gzip, deflate
HTTP_ACCEPT_LANGUAGE=en-us
HTTP_ACCEPT_CHARSET=
HTTP_COOKIE=
Authorization=
HTTP_IF_MODIFIED_SINCE=
HTTP_REFERER=

Hello Teijo
sorry about this, but I have checked on both of my two standalone servers(Running similar softwares and settings(host name...etc) independently) I can't see any service registerd by APACHE LISTENER.The only listener service available is for ORACLE8i under the oracle8iHome.
The only running service under the 9iASHome is HTTPServer.During both installations I didn't encounter any problems,everything ended succefully.Can you p'se let me know if this sounds Ok to you?
Hashim
<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by Teijo Lallukka ([email protected]):
This looks like a tnsnames.ora issue. I copied a reply from a similar post:
Since you have multiple Oracle homes, you are probably looking at the wrong tnsnames.ora. The reason why SQL*Plus is working is because it is being picked up from an Oracle Home where the correct tnsnames.ora resides. Here is a quick way to confirm this
- Stop the Apache Listener service
- Open a "Console prompt window"
- Go to $IAS_HOME/Apache/Apache
- Set TNS_ADMIN=Directory_with_correct_tnsnames.ora
- Issue "tnsping your_dbalias_name" to verify that you can ping the database. If this does not work, then your tnsnames.ora is incorrect
- If it works, startup Apache by issuing "start Apache -k start"
- Try connecting to Portal thru your browser
- This should work.
- Post a reply if this does not work<HR></BLOCKQUOTE>
null

Sending files via File Adapter through FTP having a HTTP proxy as firewall

Dear experts,
I am having a issue trying to send a file via FTP with the File Adapter. My client has a HTTP proxy with authentification required as firewall in order to send files via FTP.
I've tried several solutions but I cannot find a way to add the proxy name, user and password in the communication channel.
Any ideas?
Thanks in advance.
Best Regards

Hi,
Unfortunately those changes didn't work. The adapter is not able to establish a connection within the FTP server. These are the parameters I added:
-Dhttp.proxy.user=<usename>
-Dhttp.proxy.password=<userpassword>
-Dhttp.proxyHost=<proxy.domain...>
-Dhttp.proxyPort=80
-Dhttp.nonProxyHost="*domain1.com domain2com"
-Dhttps.proxy.user=<usename>
-Dhttps.proxy.password=<userpassword>
-Dhttps.proxyHost=<proxy.domain...>
-Dhttps.proxyPort=80
-Dhttps.nonProxyHost="*domain1.com domain2com"
And just in case, we tried with these other parameters at the same time.
-Dftp.proxy.user=<usename>
-Dftp.proxy.password=<userpassword>
-Dftp.proxyHost=<proxy.domain...>
-Ddftp.proxyPort=80
-Dftp.nonProxyHost="*domain1.com domain2com"
The errors in the adapter engine's log are:
Error MP: Exception caught with cause com.sap.aii.af.ra.ms.api.RecoverableException: Error when getting an FTP connection from connection pool: com.sap.aii.af.service.util.concurrent.ResourcePoolException: Unable to create new pooled resource: ConnectException: Socket connection timed out: <ftp ip address>
Error Exception caught by adapter framework: Error when getting an FTP connection from connection pool: com.sap.aii.af.service.util.concurrent.ResourcePoolException: Unable to create new pooled resource: ConnectException: Socket connection timed out: <ftp ip address>
Error Delivery of the message to the application using connection File_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Error when getting an FTP connection from connection pool: com.sap.aii.af.service.util.concurrent.ResourcePoolException: Unable to create new pooled resource: ConnectException: Socket connection timed out: <ftp ip address>
By the way, we are using PI 7.0.
Thanks in advance
Edited by: SAPIMSA . on Apr 20, 2011 4:08 PM

Http proxy authentication for JDev 10.1.3

Hi,
I found the http proxy settings in the "tools->preferences->Web Browser and Proxy" but there are no settings for the username and password. Is there some other way that I can add these.
The problem is that whenver JDeveloper wants to do some http stuff it (or something else is doing it) asks me for the proxy user name & password - this happens over and over again. If JDev is doing this then surely it should remember the username & password.
I sometimes get a JDeveloper dialog "waiting for the connection" come up over the proxy auth dialog and I have to cancel the function so I can authenticate, then re-request the function.
I wish I didn't have the proxy authentication but I have no choice in this dev environment. I do get to choose JDeveloper at least.
Regards,
Simon.

Hi,
I get it when I 'check for updates' and I get it again when I 'go to JavaDoc' - and this is the one where the "waiting for connection dialog" pops on top of the proxy log in and I have to cancel it to log in. Then all subsequent 'go to JavaDoc' requests go straight through.
I would prefer it if I could just configure (in proxy preferences) the username and password so it never asks me. I dont care if it less secure storing the password since I think authenticating proxies are a dumb idea anyway. If the password is not supplied then JDev can ask for it like it does now to keep the security-paranoid people happy.
Also, this morning I got this Exception which appeared at the same time I got a proxy auth window. When JDev finally started all my previously open windows were lost. No real problem but unexpected. Here is the stack dump:
java.lang.NullPointerException
     at oracle.jdevimpl.webdav.api.DAVAuthenticator.getPasswordAuthentication(DAVAuthenticator.java:79)
     at java.net.Authenticator.requestPasswordAuthentication(Authenticator.java:300)
     at sun.net.www.protocol.http.HttpURLConnection$1.run(HttpURLConnection.java:267)
     at java.security.AccessController.doPrivileged(Native Method)
     at sun.net.www.protocol.http.HttpURLConnection.privilegedRequestPasswordAuthentication(HttpURLConnection.java:263)
     at sun.net.www.protocol.http.HttpURLConnection.getHttpProxyAuthentication(HttpURLConnection.java:1427)
     at sun.net.www.protocol.http.HttpURLConnection.resetProxyAuthentication(HttpURLConnection.java:1246)
     at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:950)
     at oracle.ide.net.HttpURLFileSystemHelper.exists(HttpURLFileSystemHelper.java:191)
     at oracle.jdevimpl.webdav.net.WebDAVURLFileSystemHelper.exists(WebDAVURLFileSystemHelper.java:423)
     at oracle.ide.net.URLFileSystem.exists(URLFileSystem.java:498)
     at oracle.ideimpl.editor.EditorUtil.getNode(EditorUtil.java:126)
     at oracle.ideimpl.editor.EditorUtil.loadContext(EditorUtil.java:91)
     at oracle.ideimpl.editor.TabGroupState.loadStateInfo(TabGroupState.java:950)
     at oracle.ideimpl.editor.TabGroup.loadLayout(TabGroup.java:1758)
     at oracle.ideimpl.editor.TabGroupXMLLayoutPersistence.loadComponent(TabGroupXMLLayoutPersistence.java:31)
     at oracle.ideimpl.controls.dockLayout.DockLayoutInfoLeaf.loadLayout(DockLayoutInfoLeaf.java:123)
     at oracle.ideimpl.controls.dockLayout.AbstractDockLayoutInfoNode.loadLayout(AbstractDockLayoutInfoNode.java:631)
     at oracle.ideimpl.controls.dockLayout.AbstractDockLayoutInfoNode.loadLayout(AbstractDockLayoutInfoNode.java:628)
     at oracle.ideimpl.controls.dockLayout.AbstractDockLayoutInfoNode.loadLayout(AbstractDockLayoutInfoNode.java:614)
     at oracle.ideimpl.controls.dockLayout.DockLayout.loadLayout(DockLayout.java:302)
     at oracle.ideimpl.controls.dockLayout.DockLayoutPanel.loadLayout(DockLayoutPanel.java:128)
     at oracle.ideimpl.editor.Desktop.loadLayout(Desktop.java:353)
     at oracle.ideimpl.editor.EditorManagerImpl.init(EditorManagerImpl.java:1824)
     at oracle.ide.layout.Layouts.activate(Layouts.java:758)
     at oracle.ide.layout.Layouts.activateLayout(Layouts.java:179)
     at oracle.ideimpl.MainWindowImpl$2.runImpl(MainWindowImpl.java:734)
     at oracle.javatools.util.SwingClosure$1Closure.run(SwingClosure.java:50)
     at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:199)
     at java.awt.EventQueue.dispatchEvent(EventQueue.java:461)
     at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
     at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
     at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:157)
     at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:149)
     at java.awt.EventDispatchThread.run(EventDispatchThread.java:110)

IronPort C670 AsyncOS Upgrade over http proxy

Good day.
I try to upgrade my IronPort C670 AsyncOS over http proxy.
Proxy is working fine when i try to get featured keys for example. But whe when i try to ugprade AsyncOS i get "Error — Error fetching manifest: Failed to connect to manifest server" message.
Proxy server is work and ironport have network acess to it. Even for telnet to 80 port.
Squid proxy log:
1373973019.051     57 {{IP_ADDRESS}} TCP_IMS_HIT/304 368 GET http://downloads.ironport.com/vtl/vof_history_year.tgz - NONE/- application/x-gzip
1373973079.194    117 {{IP_ADDRESS}} TCP_IMS_HIT/304 368 GET http://downloads.ironport.com/vtl/vof_history_year.tgz - NONE/- application/x-gzip
1373973119.168    497 {{IP_ADDRESS}} TCP_MISS/200 715 GET http://downloads.ironport.com/asyncos/fkey? - DIRECT/217.212.252.179 text/plain
What can be the problem?

Hi,
Please take a look to this:
http://tools.cisco.com/squish/c93bE
HTH
Luis Silva
"If you need PDI (Planning, Design, Implement) assistance feel free to reach"
http://www.cisco.com/web/partners/tools/pdihd.html

Osb cluster- HTTP proxy service 404 error

Hi All,
I have a cluster set up with 2 managed servers. I crated a Any SOAP proxy from sbconsole to test If I can reach managed server form an external service. I do not have front load balancer set yet.
osb server1: rdoelapp001011:61703
osb:server2:rdoelapp001013:61703
admin server : rdoelapp001011:61701
when I am trying to access http proxy using any of osb server host and port I am getting 404 error ( From the admin console I could see all the servers are running)
surprisingly I am getting success (200) when I am using admin server host and port.
That means the proxy is not got deployed to the managed server, it deployed to admin server
I looked into few weblogic/OSB document, I could not see anything specific regarding deploying HTTP proxy to osb servers in a cluster
How would I make sure to deploy to the cluster not to admin server
I also tried creating a file poller proxy to see if I get "Managed server" option to set. But I do not see that option here.
Any help will be greatly appreciated.
Edited by: 818591 on Feb 21, 2011 8:52 PM

According to your suggestion, I created a domain from scratch using config wizard with a cluster with two managed server
I started admin server then started managed server
I do not have any JMS stuff created/configured yet
while starting up managed OSB server I am getting below error. I think it is related JMS reporting stuff. In my scenario we do not need any reporting feature.
How would I disable it? while creating domain I did not select the ckeckbox for reporting. Then where did it come from?
Please suggest.
<Feb 22, 2011 9:47:02 AM EST> <Error> <OSB-Reporting> <BEA-473500> <JMS Reporting Data Manager failed to deploy during server start up weblogic.application.ApplicationException: [OSB-Reporting:473517]The JMS Reporting Provider Database tables werent created and the JMS Reporting Data Manager didnt deploy.
weblogic.application.ApplicationException: [OSB-Reporting:473517]The JMS Reporting Provider Database tables werent created and the JMS Reporting Data Manager didnt deploy.
at com.bea.wli.reporting.jmsprovider.init.JmsReportingDBCreate.createDBObjects(JmsReportingDBCreate.java:78)
at com.bea.wli.reporting.jmsprovider.init.JmsReportingStartupAndShutdown$1.run(JmsReportingStartupAndShutdown.java:58)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.security.Security.runAs(Security.java:61)
Truncated. see log file for complete stacktrace
>
<Feb 22, 2011 9:47:02 AM EST> <Error> <Deployer> <BEA-149231> <Unable to set the activation state to true for the application 'JMS Reporting Provider'.

ACE 4710 like Proxy Log?

Hi guys!
I have one question to the ACE.
We using the ACE as Proxy.
Can write the ACE a proxy log? (GET, Post requests)
Like so
192.168.0.1 - - [09/Oct/2010:02:12:40 +0200] "GET / HTTP/1.1" 302 304 "http://www.cisco.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.10) Gecko/20100914 AskTbCDS/3.9.0.12758 Firefox/3.6.10"
192.168.0.1 - - [09/Oct/2010:06:17:14 +0200] "GET /oks/app HTTP/1.1" 200 3861 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)"
192.168.0.1 - - [09/Oct/2010:06:17:15 +0200] "GET /css/default.css HTTP/1.1" 304 - "https://blablbla.at/oks/app" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C
did anybody know that the ACE can do this.
He can also forward the events to a sys Server. Is it posible?
Thanks
regards Markus

Hi Markus,
The short answer is no.
This kind of logging you are looking for is more common in HTTP caching devices. However, the ACE will only proxy connections in order to get enough information to make a load-balancing decision.
Regards
Daniel

Indexing document failed. HTTP-Proxy: ServiceUnavailable (Errorcode 13503)

Hi friends,
I am able to create an index but it is showing red in trex monitor->display queue.It says preparation failed 6 and also To be transmited 5.When i see the log file it says "Indexing document failed. HTTP-Proxy: ServiceUnavailable (Errorcode 13503)".
I had created one index perviously it was showing in the search result but its queue status was red also.but now any more index result is not showing in the search result.I cannot understand why it is happening has i have performed all the post installation steps including the setting of bypass proxy server address in portal services.
Thanks

Hi,
Yes indexing has worked for a word document.But when i put the folder containing number of documents as data source then in display queue status of trex monitor it shows a red status with "processing failed"(equal to the number of documents inside the folder).In the log message i see the error message"Indexing document failed. HTTP-Proxy: ServiceUnavailable (Errorcode 13503)".After some Hours when i stop the index in trex monitor as nothing was happening.When i search the folder(in search command box) with the name it is showing the folder as it is containing the document.But when i try to search the documents as string with * at the end by name then there is no result.
I think as indexing of the documents was not done so documents could not be searched but how come i see the folder containning the document when i but the folder name in the search request.
thanks

Simple http proxy

What I'm trying to do is write an http proxy. It should resend client's requests unaltered to the designated http server (Host parameter in the request) , then stream the content back to the client. For certain responses (text/html) I'll need to alter the streams reaching the client. Can anyone help with some suggestions? I'm a bit stuck here, especially because the same code runs on linux (jdk 6) but with tons of broken pipe exceptions, and it won't send anything to the browser when the proxy runs on windows. Which is the best way to stream/process the response I get from the remote server?
Here's my code:
import java.io.*;
import java.net.*;
import java.util.logging.*;
public class Main {
public static void main(String[] args) throws IOException {
Daemon daemon = new Daemon(80);
Thread t = new Thread(daemon);
t.start();
//Main Listener thread
static class Daemon implements Runnable {
private ServerSocket server;
public Daemon(int port) throws IOException {
this.server = new ServerSocket(port);
public void run() {
System.out.println("LISTENING");
try {
for (;;) {
Socket s = server.accept();
System.out.println("Accepted connection from: " + s.getInetAddress());
Handler handler = new Handler(s);
Thread t = new Thread(handler);
t.start();
} catch (IOException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
//Handles concurrent connections
static class Handler implements Runnable {
private Socket clientSocket;
public Handler(Socket clientSocket) {
this.clientSocket = clientSocket;
public void run() {
InputStream in = null;
try {
in = clientSocket.getInputStream();
int d;
//Read the HTTP request from client
StringBuilder requestBuilder = new StringBuilder();
while (((d = in.read()) != -1) && (in.available() > 0)) {
requestBuilder.append((char) d);
String request = requestBuilder.toString();
//Find to which host the rquest was directed to
InputStream temStream = new ByteArrayInputStream(request.getBytes());
BufferedReader reader = new BufferedReader(new InputStreamReader(temStream));
String line;
String host = "";
while ((line = reader.readLine()).length() > 0) {
if (line.split(": ")[0].toLowerCase().contains("host")) {
host = line.split(": ")[1];
break;
//Open a connection to the remote Http server
Socket remoteConnection = new Socket(host, 80);
//Write the request to the remote host
BufferedWriter serverWriter = new BufferedWriter(new OutputStreamWriter(remoteConnection.getOutputStream()));
serverWriter.write(request);
serverWriter.newLine();
serverWriter.flush();
//From here on problems start
BufferedInputStream serverStream = new BufferedInputStream(remoteConnection.getInputStream());
int i;
//Read data from remote server and stream it to the client
while ((i = serverStream.read()) != -1 && !(remoteConnection.isInputShutdown())) {
//This thing here throws a broken pipe exception on linux JKD 6
//On windows it won't even work
clientSocket.getOutputStream().write(i);
clientSocket.getOutputStream().flush();
clientSocket.close();
} catch (IOException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
} finally {
try {
in.close();
} catch (IOException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
}

You're telnetting and HTTP'ing to the same port, right?
What do you mean no input? From the browser, from the server's point of view?
Or vice-versa?
All the details of how a proxy should work, is spelled out in the HTTP RFC doc. I can't recall the RFC number.
Do a Google on "HTTP RFC" and you'll probably find it.

Auto HTTP Proxy remembers first user credentials to access Safari

Hello
We would like to introduce iPads in the enterprise. The issue we have is after connecting it to the wireless with a static address (which it keeps no problem). We need to enter the HTTP Proxy. This is set to auto and the proxy URL is entered fine and stored.
The problem comes when we then use Safari to browse the first time you open it a box appears asking you to login. Once logged in you get the appropriate access for your login. It is not a single user who will have access to the iPad 2 and for some reason when opening safari for the 2nd time you do not get asked for login credentials. Instead you get the same access as the person who entered their details on first opening safari.
This does not work for us as didnt levels get different site access. I cannot find anywhere on the device that these details are remembered. Can someone please let me know how i get it to ask for credentials everytime safari is opened or a way that i can delete the last persons login details.
The only way i have been able to clear the user details is to 'erase all contecnt and settings' and this is not practical.
Thanks

I have exactly the same problem. After trolling the web for the last 2 hours this is the first post i have seen about the issue i can't beleive it! You can "Forget" the connection and reconnect but that's just not practical. Have you had any luck on this problem? I updated an iPad to 5.1......same problem!

HTTP Proxy - Allowed Subnet

I'm trying to create a rule that will allow web traffic to a class B
subnet.
First rule:
I have Action - Allow, Source - Any, Access - HTTP Proxy, Desitanation -
Specified IP list; The Destination List correctly lists the subnet (e.g.
192.168.0.0/255.255.0.0). I currently have origin server port 80 to 9998
for testing.
Second rule:
I allow some specific URLs. Action - Allow, Source - Any, Access - URL,
Destination - Secified URL list.
Third rule:
Dropping all other web traffic for a test user. Action - Deny, Source -
user.ou, Access HTTP proxy, Destination - Any
Last rule:
Allow all other web traffic. Action - Allow, Source - ou, Access - HTTP
Proxy
Behavior - Logging on as test user (user.ou). User can browse specified
URLs in second rule, cannot browse sites with IPs in subnet specified in
first rule. Only websites allowed seem to be sites specified in URL list in
rule 2.
I'm using craig's proxy.cfg... Seems like this used to work in the past. Am
I missing a setting or completely missing the boat on how these rules are
supposed to work.

Larry P wrote:
> mysterious <[email protected]> wrote in news:bi3ch.5958$jS4.5244@prv-
> forum2.provo.novell.com:
>
>> Larry P wrote:
>>
>>
>>> It seems as though it is only checking by URLs and that none of the IP
>>> based rules are functioning properly.
>>
>> In addion to Cat request, can you post your proxy.cfg as well?
>>
>> Thanks
>>
>> Gonzalo
>>
>>
>
> You got me on the right track...
>
> From my proxy.cfg:
> ; From the BM38FP3C/BM37FP4D patch, fixes 403 forbidden errors
> ; randomly generated after installing bm37sp3
> DonotSendIPToACL =1
>
> Remarking it out fixed the problem.
>
> Thanks Cat and Gonzalo
not really. This was my suspicion and i've checked and when this setting
is set to 1, destination subnets are not being computed by aclcheck.
When set to 0 or rem it out, it will do but then you can run into issues
with multihoming servers and get 403 forbidden on sites that they should
be allowed.
The issue with the switch is only computing destination subnets but not
with ip address so my advice would be to set the switch to 1 and change
your rule to "type" "URL" and then enter as destiantion
http://xx.xx.xx.xx, the ip address of one of the host. Then on the same
rule, enter again http://yy.yy.yy.yy for the second host and
successively all other hosts on the subnet. This will work and even is a
little more work to enter one by one, it will be better than turn the
switch on the proxy.cfg out
Gonzalo

WSA certificate options for https proxy

Should an L1K intermediate cert from Entrust be recognized by the WSA? When I try to go to a website that is using an L1K Entrust cert the WSA is blocking the site.
Date: Wed, 18 Feb 2015 02:36:23 GMT
Username: <removed>
Source IP: 192.168.201.70
URL: GET https://<removed>/
Category: Government and Law
Reason: UNRECOGNIZED_ROOT_CERT
Notification: CERT_INVALID

WSA does has Entrust cert however not for L1K.
You might want to export that certificate to your local machine and imported to the WSA HTTPS proxy Custom Trusted Certificates.
Normally i used Firefox and not using WSA as proxy as initial connection then get the cert from the remote site and save it locally then import it to the WSA HTTPS cert.
You might want to review the HTTPS log as well in WSA and set the log level to debug to get more details as why is failing.
Hope this helps

Https proxy in CSM

Hi,
I would like to know if is possible configure https proxy in Cisco security manager for manage remote routers...
Thsnk you

Cisco Security Manager (Security Manager) enables you to manage security policies on Cisco security devices. Security Manager supports integrated provisioning of firewall, IPS, and VPN (site-to-site, remote access, and SSL) services across. I think you can configure authentican proxy rules in CSM. AAA/Authentication Proxy rules-Filter traffic based on authentication and authorization for users who log into the network or access the Internet through HTTP, HTTPS, FTP, or Telnet sessions.

Visual Composer - access Web Services using http proxy

Hi,
I want to use an external web service in the Visual Composer. I set up the service in NWA -> SOA Management -> Destination Template Management.
I defined the http proxy in System Global Settings. The proxy requires authentication so I provided username and password.
When I want to access the web service in the Visual Composer the log file shows this:
com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (407) Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. ). The requested URL was:"myWSURL"
It seems that authentication is not performed although I provided the correct credentials. Using (internal) web services without the proxy works fine with the visual composer.
Any ideas? Thanks, Kevin

Hi Kevin
I have used the cglobal weather,get cities by country and Currency converter webservices in VC for CE 7.1
The pdf in the link below was of immense help..
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/90f8a753-f03d-2a10-5fb0-f14b085b4cb2
Hope this helps.

AnyConnect on Apple iOS - VPN-Connect via HTTP-Proxy

Hi,
is it possible, that the AnyConnect-Client for Apple iOS (i.e. iPAD) automatically uses the configured HTTP-Proxy in the WLAN properties for the establishment of the VPN-Connection (via SSL/TLS)?
I've tested it, but it does not work. In the documentation is stated, that VPN establishment via HTTP-Proxy works only in Windows (AnyConnect uses the IE Proxy settings to connect to the ASA for VPN establishment).
Thanks

As per w2k3 sniffer trace, 2851 requesting with user=vpnfamily and encrypted password. The password "Password1" which is VPN group's key sending to IAS?
->I have "vpnfamily" with password "Password1" but no luck
Event log shows "Fully-Qualified-User-Name = INFRA\vpnfamily". INFRA is AD NetBIOS name. 2851 router's domain name is "family.com"
->Is this something wrong?

Https proxy logs

Similar Messages

Maybe you are looking for