Https redirect for SGD 4.4

Similar Messages

• Enable WebAuth on WLC to intercept https (or https redirection) for authentication

  Hi all
  My company is using WLC with Guest access feature, and use Layer 3 security authentication to permit only Guests who provided valid user/password to access.
  But we met a issue that, when guests connect to Guest SSID successful, on PC they have to open web browser and access to 1 website by http, after that WLC will intercept and redirect to authentication page.
  If customer access to https (as google, gmail, ...) WLC cannot intercept and redirect to authentication. Because almost customers access to https://google.com at first by their habit.
  On my firewall, I can do intercept by both http and https, so I wonder on WLC I can enable intercepting and redirecting to authentication of https also
  If possible, please advice us how to enable this feature.
  Regards
  Hai Dao Tuan

  Thanks all
  I also just found a link that mentions about this case clearly and commands to enable it
  https://supportforums.cisco.com/document/12398536/understanding-https-redirect-over-web-auth
  (WLC)> config wlan security web-auth enable <wlan-id>
  (WLC)> config network web-auth https-redirect enable

• Renewed Cert, now http redirect for OWA no longer works

  From this previouse thread, where I was discussing cert issues, I renewed my cert (to expire in a few days) from my third party (GoDaddy).  I installed the new Cert via teh GoDaddy instructions:
  http://support.godaddy.com/help/article/4877/installing-an-ssl-certificate-in-microsoft-exchange-server-2007
  now, when attempting to connect to http://mail.MyDomain.com, I get the dreaded "403: Forbidden: Access is denied" message
  If I put in https://mail.MyDomian.com, it opens OWA normally.  I do have (and have had) redirect of http enabled as shown in this Miscrosoft Article:
  http://technet.microsoft.com/en-us/library/aa998359(EXCHG.80).aspx, so that's not hte issue.
  Any ideas please...
  James

  Well, solved it myself.  Not sure what was differnt before now however, I went to this document from Microsoft (note: this says for Exchange 2010, but also applies to 2007, which is what I am running):
  http://technet.microsoft.com/en-us/library/aa998359.aspx
  And there at the yellow box, it says:
  In the Default Web Site Home pane, click SSL Settings.
  In SSL Settings, clear Require SSL.
  If you don’t clear Require SSL, users won’t be redirected when they enter an unsecured URL. Instead, they’ll get an access denied error.      
  After that, if someone goes to http://mail.MyDomain.com it redirects to
  https://mail.MyDomain.com as needed.  Why did the cert update bring this problem to the surface, not sure.
  Thanks,
  James

• Lighttpd https redirect for only certain directories

  This works great for redirecting all traffic to https on my home server:
  # Redirect all http requests to https
  $SERVER["socket"] == ":80" {
  $HTTP["host"] =~ "(.*)" {
  url.redirect = ( "^/(.*)" => "https://%1/$1" )
  However, I'm trying to exclude one directory from this (other people using it, self-signed ssl messages...you get the idea ) and I can't quite wrap my brain around it. Server Fault and Stackoverflow had some examples that were close, but I couldn't manipulate them into doing what I wanted. A gentle shove in the right direction would be much appreciated.
  Very simple layout: /srv/http/<dir1> /srv/http/<dir2> /srv/http<dir3> etc. Call it 'foo-dir' that I want to exclude. The server sits behind a consumer router with all port 80 and 443 traffic directed to the server's static IP.  External IP via dyndns.
  Thanks!
  Scott

  SFTP is a subset of SSH. Currently Apple uses OpenSSH which does not have any kind of chroot jail for SFTP as it does for FTP. If you want to have an SFTP chroot jail, you will need to do some alterations. Currently there are two methods which are documented here:
  http://www.schwie.com/brad/macosxsftpchroot/
    Mac OS X (10.4.4)  

• HTTP redirects

  Hi,
  I want to configure http to https redirects on CCS 11501. Could someone guide me on how to implemet HTTPS redirect for a sub-directory.
  Say I have www.xyz.com by default it goes to http, which is fine. But if someone types in http://www.xyz.com/login or http://www.xyz.com/login/secure/index.html then it should be redirected to httpS://www.xyz.com/login or http://www.xyz.com/login/secure/index.html. Basically anything in and under login directory should be HTTPS.
  I have setup following but I am getting redirect loop
  content DEFAULT
  vip address 10.1.1.1
  protocol tcp
  port 80
  url "/*"
  add service Server1
  add service Server2
  advanced-balance arrowpoint-cookie
  active
  content SSL_RULE
  protocol tcp
  vip address 10.1.1.1
  port 443
  add service SSL_SERVICE
  active
  content LOGIN
  vip address 10.1.1.1
  protocol tcp
  port 80
  url "//www.xyz.com/login/*"
  add service LOGIN_RD
  active
  ==========================
  service LOGIN_RD
  ip address 2.2.2.2
  keepalive type none
  type redirect
  domain https://www.xyz.com
  active
  service SSL_SERVICE
  type ssl-accel
  slot 2
  add ssl-proxy-list SSL_LIST1
  keepalive type none
  active
  I would greatly appreciate any help.

  Your getting a redirect loop because you do not have an alternate port were the redirected traffic can be processed. The inbound request that contains "/login" will get redirected to the HTTPS equivalent however with your current configuration the connection will simply fall under the same redirect content rule and you will never resolve content correctly(redirect loop).
  The following configuration will work:
  content DEFAULT
  vip address 10.1.1.1
  protocol tcp
  port 80
  url "/*"
  add service Server1
  add service Server2
  advanced-balance arrowpoint-cookie
  active
  content DEFAULT
  vip address 10.1.1.1
  protocol tcp
  port 81
  url "/*"
  add service Server1
  add service Server2
  advanced-balance arrowpoint-cookie
  active
  content SSL_RULE
  protocol tcp
  vip address 10.1.1.1
  port 443
  add service SSL_SERVICE
  active
  content LOGIN
  vip address 10.1.1.1
  protocol tcp
  port 80
  url "/login*"
  add service LOGIN_RD
  active
  ==========================
  service LOGIN_RD
  type redirect
  no prepend-http
  keepalive type none
  domain https://www.xyz.com
  active
  service SSL_SERVICE
  type ssl-accel
  slot 2
  add ssl-proxy-list SSL_LIST1
  keepalive type none
  active
  Update the ssl-proxy-list with an alternate port to send the decrypted traffic too.
  ssl-server 1 cipher all-cipher-suites 10.1.1.1 81
  I chose port 81 as the alternate decrypted port, however you can choose any other port. Please be sure that your servers are setup to accept traffic on that alternate port as well. If not, you can simply setup a NAT rule and hardset the destination port on the services to port 80. This will allow the CSS to re-write the destination port to port 80 when the decrypted traffic gets sent to the alternate port 81 content rule.
  Hope this info helps.
  - Jason

• TS1702 I purchased 2 packages of gems for skylanders and only received 1 package. Got email receipts and tried to report problem on ipad2 and it keeps coming up with to many https redirects. Can anyone help? Just want my gems :).

  I purchased 2 packages of gems for skylanders and only received 1 package. Got email receipts and tried to report problem with link in email on my ipad2 and it keeps coming up with to many https redirects. Can anyone help? Just want my gems :).

  Contact iTunes Customer Service and request assistance
  Use this Link  >  Apple  Support  iTunes Store  Contact

• Https redirection issue for Wireless Guest CWA - ISE 1.3

  Our Setup is
  ISE 1.3 (Patch level 2) running on ACS 1121
  2 nodes clustered with Admin, monitoring, policy service enabled ( Primary and Secondary ).
  Configured SSID Guest for Centralized web authentication with ISE.
  We have issues in web redirection with chrome . It is not redirecting to the ISE page but rather showing " Page cannot be displayed".
  By default chrome is pointing to https. For example if we type https://google.com it is not redirecting to ISE page. But when I specify the same as http://google.com it works.
  There is no issue with IE, Firefox as it is redirecting to ISE page with default https and i can see it is hitting our rule.
  Please advice.

  Hi Neno
  They are using a third party certificate (digi cert) for client auth. They have confirmed even if they use a self-signed-cert the result is same.
  So basically none of the https page is not loading. If we manually browse some https site from Firefox, IE the result is same showing " page cannot be displayed".
  Redirection to https is the problem which i have never faced with my other customer. This is the upgraded version of ISE from 1.2 to 1.3.

• Policy agent using https redirect to AM for authentication

  We are using Access Manager 6 2005Q1.
  Access Manager is running on box A & box B using the Sun Web Server as its front end web server. Box A & B both have a complete install of Sun Web Server, Access Manager, and Directory Server. The Directory servers are set up to replicate changes between each other. Our Policy Agents are running on box C & box D under the Apache web servers.
  Users will access applications on box C/D via https. The policy agents on box C/D should redirect the user to box A/B (via a load balancer VIP)for authentication. The redirect will be https. Once authenticated the user should be redirected back to box C/D.
  All subsequent communications between the Agents on box C/D to AM on box A/B (via load balancer VIP) are http.
  Our load balancer is currently setup as active/failover because it does not support ssl with cookies.
  In our AMAgent.properties file if I set 'com.sun.am.policy.am.loginURL = http://<lb-vip>:80/amserver/UI/Login' and access box C/D as https://<webserver>/<url> I am redirected to AM on box A/B for authentication. Once authenticated I am redirected back to box C/D and allowed access to <url>.
  However, if I set 'com.sun.am.policy.am.loginURL = https://<lb-vip>:443/amserver/UI/Login' and access box C/D as https://<webserver>/<url> I am NOT redirected to AM and receive 'Forbidden You don't have permission to access /<url> on this server. Also in the agent log file I see:
       2006-01-30 12:42:30.792 Debug 28126:203470 PolicyAgent: in_not_enforced_list():enforcing access control for https://<webserver>:443/<url>
       2006-01-30 12:42:30.792 Debug 28126:203470 PolicyAgent: am_web_is_access_allowed https://<webserver>:443/<url>S, GET) no sso token, setting status to invalid session.
       2006-01-30 12:42:30.792 Debug 28126:203470 PolicyAgent: Policy Agent: am_web_is_access_allowed returned status=invalid session
       2006-01-30 12:42:32.800 Warning 28126:203470 PolicyAgent: am_web_get_redirect_url() unable to find active Identity Server Auth server.
       2006-01-30 12:42:32.800 Info 28126:203470 PolicyAgent: do_redirect(): Status Code= invalid session.
  Interestingly if I set 'com.sun.am.policy.am.loginURL = https://<am-server>:443/amserver/UI/Login' and access box C/D as https://<webserver>/<url> I am redirected to AM on box A/B for authentication. Once authenticated I am redirected back to box C/D and allowed access to <url>. In this scenario the only difference is I am bypassing the load balancer.
  Our networking people have monitored the load balancer in front of our AM boxes A/B and see the traffic going to AM in all cases.
  From my standpoint it appears the agent is not able to successfully connect to AM via https when going through the load balancer.
  Any help with this configuration issue is appreciated.

  Bernhard,
  From our AMAgent.properties... com.sun.am.policy.agents.version=2.1. Is there a way for me to tell if this is truely only 2.1 or 2.1-xx?
  Because our LB does not support SSL with cookies we are currently configured as active/failover so all requests are going to the same AM server until it goes down, at which time I know users have to re-authenticate. Also we have set "com.sun.am.loadBalancer_enable = true" in AMAgent.properties.
  We understand your point about loginURL. Infact there are two properties dealing with loginURL, com.sun.am.policy.am.loginURL and com.sun.am.policy.am.library.loginURL. Based on the comments in AMAgent.properties my understanding is that com.sun.am.policy.am.loginURL is where the user is redirected for login when no valid SSO token is found and com.sun.am.policy.am.library.loginURL is what the agent uses to authenticate itself "If the previously specified login URL must be exclusively used for redirecting users..." The interesting part is that if we set com.sun.am.policy.am.loginURL to use http everything works just fine, however if we set it to use https the user never gets redirected. Its almost like the agent is trying to connect there first before doing the redirect and can not.
  Craig

• HT1689 Can't get iTunes .ipad says "too many http redirects " what's that anyone help please? been charged twice for double down chips.

  What does "Too Many HTTP redirects" please? I am trying too report a purchasing problem, but keep getting that message. I'm trying to connect too ITunes.

  Susiebwb wrote:
  Can any one please assist me.... I paid twice for an app by mistake.... ...
  To Contact iTunes Customer Service and request assistance
  Use this Link  >  Apple  Support  iTunes Store  Contact

• TS1702 I have tried to submit a dissatisfaction report following your instructions from my invoice for the recent purchase of smart office 2.  I can get no further as a report code keeps appearing saying too many http redirects so I can not get any furthe

  I have tried to submit a dissatisfaction report following your instructions from my invoice for the recent purchase of smart office 2.  I can get no further as a report code keeps appearing saying too many http redirects so I can not get any further.
  I have also sent 3 emails to the company if Smart Office 2 with no response.
  How do I report my dissatisfaction which is growing with the frustration of not being able to contact any one!
  Zena Parton

  I have tried to submit a dissatisfaction report following your instructions from my invoice for the recent purchase of smart office 2.  I can get no further as a report code keeps appearing saying too many http redirects so I can not get any further.
  I have also sent 3 emails to the company if Smart Office 2 with no response.
  How do I report my dissatisfaction which is growing with the frustration of not being able to contact any one!
  Zena Parton

• When I tap on Top 25 button for the app store I get a window that says "to many HTTP redirects" it also happens when I tap on the categories button

  When I tap on Top 25 button for the app store I get a window that says "to many HTTP redirects" it also happens when I tap on the categories button

  Restart your device
  Reset All Settings (Settings > General > Reset)
  Backup and Restore
  Do all of those in order - although I almost guarantee you won't need to perform the last step.
  Sounds like your phone is just getting a resource error.

• Webdispathcer redirection for HTTPS/ Block certain URL in HTTPS

  Hi All,
  I've a Webdispatcher connected to EP7.0. I've implemented End to End SSL for the portal.
  The portal URL works with both http and https.
  I've redirected certain links like /index.html to /irj/portal/anonymous
  I also have permissions.txt file in webdispatcher which blocks certain links like /sld and /nwa etc.
  But these redirection and wdisp/permission_table parameter works only for HTTP.
  For HTTPS these redirection and blocking doesnt work.
  How to block these sensitive links /sld, /nwa for HTTPS also?
  Regards,
  Karthik Vembu
  Edited by: Michael Nicholls on Apr 7, 2009 9:39 AM

  Now I understand. I don't believe this can be done by the web dispatcher with E2E SSL as the web dispatcher doesn't look at the URL . I think you will need a real reverse proxy to hide these URLs.
  I suppose the question is why you are worried about people starting those applications through the web dispatcher. The user's Java permissions are a more reliable way of stopping them running them, not hiding the URL. You need to be aware that apps like /nwa can also be started with a longer URL that starts the web dynpro app directly...
  Edited by: Michael Nicholls on Apr 7, 2009 12:55 PM

• Too many http redirects in App Store for last week now why?!?!

  What's up with this problem?

  See:
  AppStore Show "too many HTTP redirects"...: Apple Support Communities
  Likely a network problem beyond your control.

• I have an iPhone 4S I have done the recent update 6.1 and now my App Store is not working when I go into the feature tab I get an error " too many HTTP redirects" how do I fix this ? The other tabs are working and it is working on my iPad also

  I am having a problem getting into the App Store on my iPhone since the recent update, I have a 4s and it appears the feature tab is not working. When I try to go into the feature tab in the App Store I get a message "too many HTTP redirects" ?... Does anyone now hoe to fix this issue, the other tabs are working okay and everything is working on my iPad ?

  Look at iOS Troubleshooting Wi-Fi networks and connections  http://support.apple.com/kb/TS1398
  iPad: Issues connecting to Wi-Fi networks  http://support.apple.com/kb/ts3304
  iOS: Recommended settings for Wi-Fi routers and access points  http://support.apple.com/kb/HT4199
  Additional things to try.
  Try this first. Turn Off your iPad. Then turn Off (disconnect power cord for 30 seconds or longer) the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
  Go to Settings>Wi-Fi and turn Off. Then while at Settings>Wi-Fi, turn back On and chose a Network.
  Change the channel on your wireless router (Auto is best). Instructions at http://macintoshhowto.com/advanced/how-to-get-a-good-range-on-your-wireless-netw ork.html
  Another thing to try - Go into your router security settings and change from WEP to WPA with AES.
  How to Quickly Fix iPad 3 Wi-Fi Reception Problems
  http://osxdaily.com/2012/03/21/fix-new-ipad-3-wi-fi-reception-problems/
  If none of the above suggestions work, look at this link.
  iPad Wi-Fi Problems: Comprehensive List of Fixes
  http://appletoolbox.com/2010/04/ipad-wi-fi-problems-comprehensive-list-of-fixes/
  Fix iPad Wifi Connection and Signal Issues  http://www.youtube.com/watch?v=uwWtIG5jUxE
  Fix Slow WiFi Issue https://discussions.apple.com/thread/2398063?start=60&tstart=0
  Unable to Connect After iOS Update - saw this solution on another post.
  https://discussions.apple.com/thread/4010130
  Note - When troubleshooting wifi connection problems, don't hold your iPad by hand. There have been a few reports that holding the iPad by hand, seems to attenuate the wifi signal.
  ~~~~~~~~~~~~~~~
  If any of the above solutions work, please post back what solved your problem. It will help others with the same problem.
   Cheers, Tom

• HT1933 How are you supposed to do this when it DOESN'T EVEN WORK!!!! you press report problem and it comes up saying " too many http redirects". Total useless !

  How are you supposed to REPORT THE PROBLEM when it DOESN'T EVEN WORK!!
  I clicked it as I got a receipt for something that HAS NOT EVEN BEEN BOUGHT ! (It's funny how apple try to charge me twice for something when I work nightshift and my phones switched off!)
  and all that happened was it came up saying "too many HTTP redirects" .
  And it won't let me report it ! X

  Go here:
  http://www.apple.com/support/itunes/contact/
  and follow the instructions to report your issue to the iTunes Store.
  Regards.