HTTPS to HTTPS redirect
If we are doing SSL offloading for a particular VIP with a URL value of "/*" is it possible to create a content rule to redirect for the same VIP but a different URL value, i.e. "/test"? I've tried various redirect scenarios: redirect in the content rule and using a service with a redirect-string. It seems that every HTTPS request for the VIP will only match the content rule with URL "/*".
I'm trying to get the below to work.
content test-rule
vip address x.x.x.x
protocol tcp
port 443
application ssl
add service ssl_service
url "/*"
active
content test-rule-redirect
vip address x.x.x.x
protocol tcp
port 443
application ssl
redirect "https://test.domain.com/test/"
url "/test"
active
content test-rule-redirect2
vip address x.x.x.x
protocol tcp
port 443
application ssl
redirect "https://test.domain.com/test/"
url "/"
active
Note: The two redirect rules purposely don't have wildcards in the url lines.
This will never work with this setup, reason:
You are supplying a url to an ssl content rule the content is at that time still encrypted so the css can not read the url.
Solution:
Create an ssl content rule that gives traffic to an ssl server and in the ssl server refer back to an http conten rule where you then specify the redirect because at that time the ssl is unencrypted.
content test-rule
vip address x.x.x.x
protocol tcp
port 443
application ssl
add service ssl_service
active
content test-rule-redirect
vip address x.x.x.x
protocol tcp
port 80
redirect "https://test.domain.com/test/"
url "/test"
active
Similar Messages
-
Redirect service from http to https, session is lost
I have setup two web sites using NT 4.0 IIS so that both
"http://nossl/mybeanbeans" and "https://ssltest/mybeanbeans"
can execute the commerce server mybuybeans example.
Then I modify the shoppingCartDetail.jsp and commandAssembler.jsp
(files attached) hoping that when I click the "Checkout" button
on the Shopping Cart screen, it will redirect the service from
http to https.
The URL is redirected to "https" but it depicts the welcome page
instead of showing the Order Check Out page.
Previous session information is lost.
Can anyone help me?
Thanks
<!-- Copyright (c) 2000 by BEA Systems, Inc. All Rights Reserved. -->
<%@ page errorPage="../error.jsp" %>
<%@ page import="java.lang.reflect.*" %>
<%@ page import="theory.smartx.command.*" %>
<%@ page import="examples.buybeans.client.*" %>
<%@ page extends="com.beasys.commerce.portal.admin.PortalJspBase" %>
<%@ page implements="BuyBeansJspConstants" %>
<pt:monitorsession />
<%@ include file="monitorSessionTracker.jsp" %>
<%
// Get the Command class name to instantiate
String commandClassName = request.getParameter(COMMAND_CLASS_NAME_PARAM);
System.out.println("COMMAND_CLASS_NAME_PARAM : " + commandClassName);
if (commandClassName != null) {
// Get the BuyBeansSessionTracker
BuyBeansSessionTracker sessionTracker = (BuyBeansSessionTracker)session.getValue(com.beasys.commerce.portal.admin.PortalAdminHelper.qualifiedName(BUYBEANS_SESSION_TRACKER_KEY ,request));
// Construct an array of 1 element to hold the BuyBeansSessionTracker
// parameter type that the constructor takes.
Class constructorParamTypes[] = new Class[1];
constructorParamTypes[0] = sessionTracker.getClass();
try {
// Get the Class for the concrete Command
Class commandClass = Class.forName(commandClassName);
// Get constructor that takes the BuyBeansSessionTracker as argument
Constructor commandClassCtor = commandClass.getConstructor(constructorParamTypes);
// Set the BuyBeansSessionTracker argument for the constructor
Object ctorParams[] = new Object[1];
ctorParams[0] = sessionTracker;
// Create the instance of the concrete Command
Command command = (Command) commandClassCtor.newInstance(ctorParams);
// Pass the HttpRequest to the command so that it can
// read the parameter and then execute it.
command.assemble(request);
// Store the outstanding command in the session tracker so that
// the main portal page can execute it.
sessionTracker.setCommand(command);
setOverrideDestination(request, getHomePage(request));
%>
<%-- Added by Warren --%>
<%
String queryString = request.getQueryString();
String encodeURL=response.encodeURL(getTrafficURI(request));
String redirectURL=response.encodeRedirectURL("https://ssltest"+encodeURL);
System.out.println("====================");
System.out.println("queryString:" + queryString);
System.out.println("encodeURL:" + encodeURL);
System.out.println("redirectURL:" + redirectURL);
System.out.println("========before sendRedirect============");
response.sendRedirect(redirectURL);
System.out.println("========after sendRedirect============");
%>
<%
System.out.println("======== end commandAssemblerSSL ============");
catch (ClassNotFoundException cnfe) {
throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, cnfe);
catch (NoSuchMethodException nsme) {
throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, nsme);
catch (IllegalAccessException illegalAccessEx) {
throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, illegalAccessEx);
catch (IllegalArgumentException illegalArgEx) {
throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, illegalArgEx);
catch (InstantiationException ie) {
throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, ie);
catch (InvocationTargetException ite) {
throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, ite);
%>
<!-- Copyright (c) 2000 by BEA Systems, Inc. All Rights Reserved. -->
<%@ taglib uri="lib/wljsp.jar" prefix="wl" %>
<%@ taglib uri="lib/esportal.jar" prefix="pt" %>
<%@ page errorPage="../error.jsp" %>
<%@ page import="com.beasys.commerce.portal.Portlet" %>
<%@ page import="examples.buybeans.client.*" %>
<%@ page import="theory.smart.ebusiness.item.*" %>
<%@ page import="theory.smart.ebusiness.order.*" %>
<%@ page import="theory.smart.axiom.units.*" %>
<%@ page import="com.beasys.commerce.portal.tags.PortalTagConstants" %>
<%@ page extends="com.beasys.commerce.portal.admin.PortalJspBase"%>
<%@ page implements="BuyBeansJspConstants"%>
<pt:monitorsession />
<%@ include file="monitorSessionTracker.jsp" %>
<SCRIPT LANGUAGE="JavaScript">
<!--
function submitShoppingCartDetailsForm(commandClassName, bbContent)
document.ShoppingCartDetailForm.<%= COMMAND_CLASS_NAME_PARAM %>.value = commandClassName;
document.ShoppingCartDetailForm.<%= BUYBEANS_CONTENT_PARAM %>.value = bbContent;
document.ShoppingCartDetailForm.submit();
//-->
</SCRIPT>
<%
BuyBeansSessionTracker sessionTracker = (BuyBeansSessionTracker)getSessionValue( BUYBEANS_SESSION_TRACKER_KEY, request );
// Get the current Order
Order currOrder = sessionTracker.getEBusinessSession().getOrder();
// Get all the items in the cart as a Vector of orderlines from the session tracker
java.util.Vector orderLines = sessionTracker.getCartOrderLines();
%>
<!-- Display the items from the shopping cart -->
<table width="99%" border="0" cellspacing="0" cellpadding="0" align="center">
<tr bgcolor=FFFFFF>
<td> </td>
<tr bgcolor="#FFFFFF">
<td>
<table width="95%" border="0" cellspacing="0" cellpadding="3" align="center" dwcopytype="CopyTableRow">
<tr>
<td colspan="6"><font face="Arial, Helvetica, Verdana, sans-serif"><%@ include file="contentMessages.jsp" %></font></td>
</tr>
<tr>
<td colspan="6"> <%= JspHelperBase.formatAsTitle("Shopping Cart - SSL*** ") %> </td>
</tr>
<tr>
<td><font face="Arial,Helvetica,sans-serif" color="#666600" size="2"><b>Product ID</b></font></td>
<td><font face="Arial,Helvetica,sans-serif" color="#666600" size="2"><b>Description</b></font></td>
<td><font face="Arial,Helvetica,sans-serif" color="#666600" size="2"><b>Quantity</b></font></td>
<td align="right"><font face="Arial,Helvetica,sans-serif" color="#666600" size="2"><b>Price</b></font></td>
<td align="right"><font face="Arial,Helvetica,sans-serif" color="#666600" size="2"><b>Subtotal</b></font></td>
<td></td>
</tr>
<form method="get" name="ShoppingCartDetailForm" action="<%= response.encodeURL(getTrafficURI(request)) %>" >
<%
// Declare a currency format type
Quantity one = QuantityHome.create();
one.setCount(1);
// Print out all the items in the cart
for(int i = 0; i<orderLines.size(); i++ ) {
OrderLine currOrderLine = (OrderLine)orderLines.elementAt(i);
Item myItem = currOrderLine.getItem();
ItemValue iv = myItem.getItemByValue();
String desc = iv.description;
String id = iv.identifier;
// Specify the color of the row
String rowColor = (i%2 == 0) ? ROW_BACKGROUND_COLOR_1 : ROW_BACKGROUND_COLOR_2 ;
// Specify the name of the quantity text field - name it as qty+i
String qtyInputName = ORDER_QUANTITY + i;
// Specify the name of the remove checkbox
String removeInputName = REMOVE_CHECKED + i;
%>
<!-- print out the details of each item -->
<tr bgcolor="<%= rowColor %>">
<td><%= id %></td>
<td><%= desc %></td>
<td>
<input type="text" name="<%= qtyInputName %>" size=3 maxlength=3 value= "<%= JspHelperBase.formatQuantityAsInteger(currOrderLine.getQuantity()) %>" >
</td>
<td align="right"><%= JspHelperBase.formatPriceAsCurrency(myItem.calculatePrice(one, null)) %></td>
<td align="right"><%= JspHelperBase.formatPriceAsCurrency(currOrderLine.getLinePrice(null)) %></td>
<td><input type="checkbox" name="<%= removeInputName %>" value="<%=REMOVE_CHECKED %>" > Remove </td>
</tr>
<%
%>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td align="right"> <font face="Arial,Helvetica,sans-serif" size="3" color="#666600"><b>Total:</b></font></td>
<td>
<div align="right"><font face="Arial, Helvetica, sans-serif" size="3" color="#990000"><b><%= JspHelperBase.formatPriceAsCurrency(currOrder.getTotalPrice()) %>
</b> </font> </div>
</td>
<td>
<input type="button" name="<%=UPDATE_CART_BUTTON %>"
onClick="submitShoppingCartDetailsForm('examples.buybeans.client.UpdateShoppingCartCommand', '<%= SHOPPING_CART_DETAILS_JSP %>')"
value="Update">
</td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td>
<input type="button" name="<%=CHECKOUT_BUTTON %>"
onClick="submitShoppingCartDetailsForm('examples.buybeans.client.CheckOutCommand', '<%= CHECKOUT_JSP %>')"
value="Checkout">
</td>
</tr>
<tr colspan="6">
<td> </td>
</tr>
<%-- DESTINATION_TAG is required because the form action goes to getTrafficURI() --%>
<%-- In this case, the destination is the command assembler --%>
<%-- <input type=hidden name="<%= DESTINATION_TAG %>" value="<%= COMMAND_ASSEMBLER_JSP %>"> --%>
<%-- The following line is used for testing SSL redirect --%>
<input type=hidden name="<%= DESTINATION_TAG %>" value="/portals/buybeans/portlets/commandAssemblerSSL.jsp" >
<%-- The following two parameters are set by the JavaScript function based --%>
<%-- on the button that the user presses (default value are provided ) --%>
<input type=hidden name="<%= BUYBEANS_CONTENT_PARAM %>" value="<%= SHOPPING_CART_DETAILS_JSP %>">
<input type=hidden name="<%= COMMAND_CLASS_NAME_PARAM %>" value="examples.buybeans.client.UpdateShoppingCartCommand">
</form>
</table>
</td>
</tr>
<tr>
<td> </td>
</tr>
</table>
the problem is when the cookie is exchanged between the browser
and the app server IE treats request coming from http://bc.com:7001
and http://bc.com:7002 as one and the same : so the browser maintains
the same session but netscape treats this as responses coming from two
different servers and hence u lost the session.
I assume u are having this problem with netscape and not IE.
the solution is set this property in the weblogic.properties file
weblogic.httpd.session.cookie.domain=.bc.com
-Sumanth
"senthil ramiah" <[email protected]> wrote in message
news:[email protected]...
>
> Hi,
> Did you receive any replies for this question.
> thanx
> senthil
>
> Warren Li <[email protected]> wrote:
> >
> >I have setup two web sites using NT 4.0 IIS so that both
> > "http://nossl/mybeanbeans" and "https://ssltest/mybeanbeans"
> >can execute the commerce server mybuybeans example.
> >
> > Then I modify the shoppingCartDetail.jsp and commandAssembler.jsp
> > (files attached) hoping that when I click the "Checkout" button
> > on the Shopping Cart screen, it will redirect the service from
> > http to https.
> >
> >The URL is redirected to "https" but it depicts the welcome page
> > instead of showing the Order Check Out page.
> > Previous session information is lost.
> >
> >Can anyone help me?
> >
> >Thanks
> >
> >
> >
> ><!-- Copyright (c) 2000 by BEA Systems, Inc. All Rights Reserved. -->
> >
> ><%@ page errorPage="../error.jsp" %>
> ><%@ page import="java.lang.reflect.*" %>
> ><%@ page import="theory.smartx.command.*" %>
> ><%@ page import="examples.buybeans.client.*" %>
> >
> ><%@ page extends="com.beasys.commerce.portal.admin.PortalJspBase" %>
> ><%@ page implements="BuyBeansJspConstants" %>
> >
> ><pt:monitorsession />
> >
> ><%@ include file="monitorSessionTracker.jsp" %>
> >
> ><%
> > // Get the Command class name to instantiate
> > String commandClassName =
request.getParameter(COMMAND_CLASS_NAME_PARAM);
> > System.out.println("COMMAND_CLASS_NAME_PARAM : " + commandClassName);
> > if (commandClassName != null) {
> >
> > // Get the BuyBeansSessionTracker
> > BuyBeansSessionTracker sessionTracker =
(BuyBeansSessionTracker)session.getValue(com.beasys.commerce.portal.admin.Po
rtalAdminHelper.qualifiedName(BUYBEANS_SESSION_TRACKER_KEY ,request));
> >
> > // Construct an array of 1 element to hold the
BuyBeansSessionTracker
> > // parameter type that the constructor takes.
> > Class constructorParamTypes[] = new Class[1];
> > constructorParamTypes[0] = sessionTracker.getClass();
> >
> > try {
> > // Get the Class for the concrete Command
> > Class commandClass = Class.forName(commandClassName);
> >
> > // Get constructor that takes the BuyBeansSessionTracker as
argument
> > Constructor commandClassCtor =
commandClass.getConstructor(constructorParamTypes);
> >
> > // Set the BuyBeansSessionTracker argument for the constructor
> > Object ctorParams[] = new Object[1];
> > ctorParams[0] = sessionTracker;
> >
> > // Create the instance of the concrete Command
> > Command command = (Command)
commandClassCtor.newInstance(ctorParams);
> >
> > // Pass the HttpRequest to the command so that it can
> > // read the parameter and then execute it.
> > command.assemble(request);
> >
> > // Store the outstanding command in the session tracker so that
> > // the main portal page can execute it.
> > sessionTracker.setCommand(command);
> > setOverrideDestination(request, getHomePage(request));
> >%>
> >
> ><%-- Added by Warren --%>
> ><%
> > String queryString = request.getQueryString();
> > String encodeURL=response.encodeURL(getTrafficURI(request));
> > String
redirectURL=response.encodeRedirectURL("https://ssltest"+encodeURL);
> > System.out.println("====================");
> > System.out.println("queryString:" + queryString);
> > System.out.println("encodeURL:" + encodeURL);
> > System.out.println("redirectURL:" + redirectURL);
> > System.out.println("========before sendRedirect============");
> > response.sendRedirect(redirectURL);
> > System.out.println("========after sendRedirect============");
> >%>
> >
> ><%
> > System.out.println("======== end commandAssemblerSSL ============");
> > }
> > catch (ClassNotFoundException cnfe) {
> > throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, cnfe);
> > }
> > catch (NoSuchMethodException nsme) {
> > throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, nsme);
> > }
> > catch (IllegalAccessException illegalAccessEx) {
> > throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600,
illegalAccessEx);
> > }
> > catch (IllegalArgumentException illegalArgEx) {
> > throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600,
illegalArgEx);
> > }
> > catch (InstantiationException ie) {
> > throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, ie);
> > }
> > catch (InvocationTargetException ite) {
> > throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, ite);
> > }
> > }
> >
> >%>
> >
> >
> ><!-- Copyright (c) 2000 by BEA Systems, Inc. All Rights Reserved. -->
> >
> ><%@ taglib uri="lib/wljsp.jar" prefix="wl" %>
> ><%@ taglib uri="lib/esportal.jar" prefix="pt" %>
> >
> ><%@ page errorPage="../error.jsp" %>
> ><%@ page import="com.beasys.commerce.portal.Portlet" %>
> ><%@ page import="examples.buybeans.client.*" %>
> ><%@ page import="theory.smart.ebusiness.item.*" %>
> ><%@ page import="theory.smart.ebusiness.order.*" %>
> ><%@ page import="theory.smart.axiom.units.*" %>
> ><%@ page import="com.beasys.commerce.portal.tags.PortalTagConstants" %>
> >
> ><%@ page extends="com.beasys.commerce.portal.admin.PortalJspBase"%>
> ><%@ page implements="BuyBeansJspConstants"%>
> >
> >
> ><pt:monitorsession />
> >
> ><%@ include file="monitorSessionTracker.jsp" %>
> >
> ><SCRIPT LANGUAGE="JavaScript">
> ><!--
> >function submitShoppingCartDetailsForm(commandClassName, bbContent)
> >{
> > document.ShoppingCartDetailForm.<%= COMMAND_CLASS_NAME_PARAM %>.value
= commandClassName;
> > document.ShoppingCartDetailForm.<%= BUYBEANS_CONTENT_PARAM %>.value =
bbContent;
> > document.ShoppingCartDetailForm.submit();
> >}
> >//-->
> ></SCRIPT>
> >
> ><%
> > BuyBeansSessionTracker sessionTracker =
(BuyBeansSessionTracker)getSessionValue( BUYBEANS_SESSION_TRACKER_KEY,
request );
> >
> > // Get the current Order
> > Order currOrder = sessionTracker.getEBusinessSession().getOrder();
> >
> > // Get all the items in the cart as a Vector of orderlines from the
session tracker
> > java.util.Vector orderLines = sessionTracker.getCartOrderLines();
> >%>
> >
> >
> ><!-- Display the items from the shopping cart -->
> > <table width="99%" border="0" cellspacing="0" cellpadding="0"
align="center">
> > <tr bgcolor=FFFFFF>
> > <td> </td>
> > <tr bgcolor="#FFFFFF">
> > <td>
> > <table width="95%" border="0" cellspacing="0" cellpadding="3"
align="center" dwcopytype="CopyTableRow">
> > <tr>
> > <td colspan="6"><font face="Arial, Helvetica, Verdana,
sans-serif"><%@ include file="contentMessages.jsp" %></font></td>
> > </tr>
> > <tr>
> > <td colspan="6"> <%= JspHelperBase.formatAsTitle("Shopping
Cart - SSL*** ") %> </td>
> > </tr>
> > <tr>
> > <td><font face="Arial,Helvetica,sans-serif" color="#666600"
size="2"><b>Product ID</b></font></td>
> > <td><font face="Arial,Helvetica,sans-serif" color="#666600"
size="2"><b>Description</b></font></td>
> > <td><font face="Arial,Helvetica,sans-serif" color="#666600"
size="2"><b>Quantity</b></font></td>
> > <td align="right"><font face="Arial,Helvetica,sans-serif"
color="#666600" size="2"><b>Price</b></font></td>
> > <td align="right"><font face="Arial,Helvetica,sans-serif"
color="#666600" size="2"><b>Subtotal</b></font></td>
> > <td></td>
> > </tr>
> >
> > <form method="get" name="ShoppingCartDetailForm" action="<%=
response.encodeURL(getTrafficURI(request)) %>" >
> > <%
> > // Declare a currency format type
> > Quantity one = QuantityHome.create();
> > one.setCount(1);
> >
> > // Print out all the items in the cart
> > for(int i = 0; i<orderLines.size(); i++ ) {
> > OrderLine currOrderLine =
(OrderLine)orderLines.elementAt(i);
> > Item myItem = currOrderLine.getItem();
> > ItemValue iv = myItem.getItemByValue();
> > String desc = iv.description;
> > String id = iv.identifier;
> >
> > // Specify the color of the row
> > String rowColor = (i%2 == 0) ? ROW_BACKGROUND_COLOR_1 :
ROW_BACKGROUND_COLOR_2 ;
> >
> > // Specify the name of the quantity text field - name
it as qty+i
> > String qtyInputName = ORDER_QUANTITY + i;
> >
> > // Specify the name of the remove checkbox
> > String removeInputName = REMOVE_CHECKED + i;
> >
> >
> > %>
> > <!-- print out the details of each item -->
> > <tr bgcolor="<%= rowColor %>">
> > <td><%= id %></td>
> > <td><%= desc %></td>
> > <td>
> > <input type="text" name="<%= qtyInputName %>" size=3
maxlength=3 value= "<%=
JspHelperBase.formatQuantityAsInteger(currOrderLine.getQuantity()) %>" >
> > </td>
> > <td align="right"><%=
JspHelperBase.formatPriceAsCurrency(myItem.calculatePrice(one, null))
%></td>
> > <td align="right"><%=
JspHelperBase.formatPriceAsCurrency(currOrderLine.getLinePrice(null))
%></td>
> > <td><input type="checkbox" name="<%= removeInputName %>"
value="<%=REMOVE_CHECKED %>" > Remove </td>
> > </tr>
> > <%
> > }
> > %>
> > <tr>
> > <td> </td>
> > <td> </td>
> > <td> </td>
> > <td align="right"> <font face="Arial,Helvetica,sans-serif"
size="3" color="#666600"><b>Total:</b></font></td>
> > <td>
> > <div align="right"><font face="Arial, Helvetica,
sans-serif" size="3" color="#990000"><b><%=
JspHelperBase.formatPriceAsCurrency(currOrder.getTotalPrice()) %>
> > </b> </font> </div>
> > </td>
> > <td>
> > <input type="button" name="<%=UPDATE_CART_BUTTON %>"
> >
onClick="submitShoppingCartDetailsForm('examples.buybeans.client.UpdateShopp
ingCartCommand', '<%= SHOPPING_CART_DETAILS_JSP %>')"
> > value="Update">
> > </td>
> > </tr>
> > <tr>
> > <td> </td>
> > <td> </td>
> > <td> </td>
> > <td> </td>
> > <td> </td>
> > <td>
> > <input type="button" name="<%=CHECKOUT_BUTTON %>"
> >
onClick="submitShoppingCartDetailsForm('examples.buybeans.client.CheckOutCom
mand', '<%= CHECKOUT_JSP %>')"
> > value="Checkout">
> > </td>
> > </tr>
> > <tr colspan="6">
> > <td> </td>
> > </tr>
> >
> > <%-- DESTINATION_TAG is required because the form action goes
to getTrafficURI() --%>
> > <%-- In this case, the destination is the command
--%>
> ><%-- <input type=hidden name="<%= DESTINATION_TAG %>" value="<%=
COMMAND_ASSEMBLER_JSP %>"> --%>
> >
> > <%-- The following line is used for testing SSL redirect --%>
> > <input type=hidden name="<%= DESTINATION_TAG %>"
value="/portals/buybeans/portlets/commandAssemblerSSL.jsp" >
> >
> > <%-- The following two parameters are set by the JavaScript
function based --%>
> > <%-- on the button that the user presses (default value are
provided ) --%>
> > <input type=hidden name="<%= BUYBEANS_CONTENT_PARAM %>"
value="<%= SHOPPING_CART_DETAILS_JSP %>">
> > <input type=hidden name="<%= COMMAND_CLASS_NAME_PARAM %>"
value="examples.buybeans.client.UpdateShoppingCartCommand">
> >
> > </form>
> > </table>
> > </td>
> > </tr>
> > <tr>
> > <td> </td>
> > </tr>
> ></table>
> >
>
-
How to redirect users of a certain SSID to a webserver http or https URL ???
I am not a wifi expert , but a vendor has just demonstrated that choosing 1 of the x number of ssid , a user can be redirected a lan machine on http or https from the browser !!!!!!!!!!!!!!!!!!!!!!!!!!!!1 I WANT TO DO THE SAME using CISCO WLC , Pls advice .
Calling out experts.You don't have to post more than once on this site... many of use look at each of the forums. Just follow your original post here:
https://supportforums.cisco.com/thread/2267127?tstart=0
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"***** -
Unable to use HTTPS proxy when redirecting HTTP/HTTPS via NAT
I'm trying to get the WSA to work when redirecting HTTP and HTTPS traffic along the lines of the following:
object network WSA-HOST
host 10.0.210.2
object network obj-10.0.1.0 subnet 10.0.1.0 255.255.255.0
object service ORIG-HTTP-PORT
service tcp destination eq www
object service WSA-HTTP-DEST-PORT
service tcp destination eq 8080
object service ORIG-HTTPS-PORT
service tcp destination eq https
object service WSA-HTTPS-DEST-PORT
service tcp destination eq https << also tried 8080 etc.
nat (inside,outside) source dynamic obj-10.0.1.0 interface destination static obj_any WSA-HOST service ORIG-HTTP-PORT WSA-HTTP-DEST-PORT
nat (inside,outside) source dynamic obj-10.0.1.0 interface destination static obj_any WSA-PROXY-HOST service ORIG-HTTPS-PORT WSA-HTTPS-DEST-PORT
This works just fine for HTTP, but with HTTPS I get the following response from the Ironport WSA:
Based on your corporate access policies, access to this web site ( https://www.rbsdigital.com/ ) has been blocked.
Notification codes: (1, POLICY, UNKNOWN, 0x00000082, 1329750248.609, QAAAAAAAAAAAAAAAyf8AAP8AAAD/AAAAAAAAAAAAAAE=,
https://www.rbsdigital.com/)
The access log gives me the following:
1329750248.602 404 10.0.4.140 NONE_SSL/200 0 TCP_CONNECT 10.0.210.2:443 - NONE/- - OTHER-NONE-NONE-NONE-NONE-NONE-NONE <-,-,"-","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,[Local],"-","-"> -
1329750248.609 0 10.0.4.140 TCP_DENIED_SSL/403 1840 GET https://www.rbsdigital.com:443/ - NONE/- - BLOCK_ADMIN-HTTPS-NonLocalDestination-NONE-NONE-NONE-NONE-NONE-NONE <-,-,"-","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,[Local],"-","-"> -
If anyone has any idea why the WSA simply denies the connection instead of proxying it then I'd be grateful.
The WSA and the decryption policies work fine in explisit mode.
Thanks in advance!The policy doesn't require authentication. Now here are two tests I did, seconds apart, from the same client on 10.0.4.140:
First one is where I use NAT as shown above:
1329757052.027 118 10.0.4.140 NONE_SSL/200 0 TCP_CONNECT 10.0.210.2:443 - NONE/- - OTHER-NONE-NONE-NONE-NONE-NONE-NONE <-,-,"-","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,[Local],"-","-"> -
1329757052.311 0 10.0.4.140 TCP_DENIED_SSL/403 1840 GET https://www.rbsdigital.com:443/ - NONE/- - BLOCK_ADMIN-HTTPS-NonLocalDestination-NONE-NONE-NONE-NONE-NONE-NONE <-,-,"-","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,[Local],"-","-"> -
Second test case is when I reconfigured the browser to explisitely use the WSA as a proxy on port 8080:
1329757138.274 344 10.0.4.140 TCP_CLIENT_REFRESH_MISS_SSL/200 39 CONNECT tunnel://www.rbsdigital.com:443/ - DIRECT/www.rbsdigital.com - DECRYPT_WBRS_7-DefaultGroup-UK_Office-NONE-NONE-NONE-DefaultGroup -
1329757138.566 200 10.0.4.140 TCP_CLIENT_REFRESH_MISS_SSL/200 39 CONNECT tunnel://www.rbsdigital.com:443/ - DIRECT/www.rbsdigital.com - DECRYPT_WBRS_7-DefaultGroup-UK_Office-NONE-NONE-NONE-DefaultGroup -
Non-categorised stuff should be passed through:
Global Policy
Identity: All
Pass Through: 1
Monitor: 65
Disabled
Pass Through
Any thoughts ? -
Enable WebAuth on WLC to intercept https (or https redirection) for authentication
Hi all
My company is using WLC with Guest access feature, and use Layer 3 security authentication to permit only Guests who provided valid user/password to access.
But we met a issue that, when guests connect to Guest SSID successful, on PC they have to open web browser and access to 1 website by http, after that WLC will intercept and redirect to authentication page.
If customer access to https (as google, gmail, ...) WLC cannot intercept and redirect to authentication. Because almost customers access to https://google.com at first by their habit.
On my firewall, I can do intercept by both http and https, so I wonder on WLC I can enable intercepting and redirecting to authentication of https also
If possible, please advice us how to enable this feature.
Regards
Hai Dao TuanThanks all
I also just found a link that mentions about this case clearly and commands to enable it
https://supportforums.cisco.com/document/12398536/understanding-https-redirect-over-web-auth
(WLC)> config wlan security web-auth enable <wlan-id>
(WLC)> config network web-auth https-redirect enable -
URL redirect - how to switch from https to http
Hi, all.
We have some requirement that the portal session be switched to https on some iviews while the rest of the contents are in http. I am thinking of using url redirect on the web dispatcher.
What I found is that the url redirect from http to https works great. Now if I want to switch back to http, the redirect doesn't work. Note that the http port is 80 and https port is 443 on the web dispatcher. To test, here is the parameter I did to switch from http to https. This works and transforms the url from http://ozonehomeep3.xxxxxxxxx/irj/portal/zsap_xxxxx to https://ozonehomeep3.xxxxxxxxx/irj/portal/zsap_xxxxxxxxxxxx
icm/HTTP/redirect_0 = PREFIX=/, FROM=/irj/portal/zsap_, FOR=ozonehomeep3, FROMPROT=http, PROT=https, HOST=ozonehomeep3.XXXXXX
If I flip it back the other way:
icm/HTTP/redirect_0 = PREFIX=/, FROM=/irj/portal/zsap_, FOR=ozonehomeep3, FROMPROT=https, PROT=http, HOST=ozonehomeep3.XXXXXX
When I connect using the url https://ozonehomeep3.xxxxxxxxx/irj/portal/zsap_xxxxxxxxxxxx, it ignores the parameter and the redirect to http did not happen.
What is wrong?
Thanks,
Jonathan.Hello,
I've had a similar problem for one of my customers.
I've tried to do it on a root level, just Https://FQDN:port_https/ to http://FQDN:Port_http/
I've used this parameter to solve it:
icm/HTTP/redirect_0 = PREFIX=/, FOR=FQDN, FROMPROT=HTTPS, HOST=FQDN, PORT=80, PROT=http
maby you should try:
icm/HTTP/redirect_0 = PREFIX=/, FROM=/irj/portal/zsap_, FOR=FQDN, FROMPROT=HTTPS, HOST=FQDN, PORT=80, PROT=http, TO=/irj/portal/zsap_
You should also verify that the standard http port (80) are open in the firewall from the outside, just take a telnet session to FQDN and port 80
to quickly determined if the firewall policy are right.
Good luck!
Kind Regards
Håvard Fjukstad. -
SolMan 7.1 SPS 11 - deactivate redirect from HTTP to HTTPS
Hi Gurus,
I am currently experiencing the case, that I can't call HTTP pages anymore.
Before I made the check described under SOLMAN_SETUP -> System Preparation -> 2. Check Installation -> Manual Activities -> Check Secure Web Browser Comm. (HTTPS) I was able to call SOLMAN_SETUP with HTTP and SSO worked (starting the Browser by calling transaction SOLMAN_SETUP in GUI).
After I have executed the check, I have changed nothing but to execute the check and make sure there is a working HTTPS service.
Now I am experiencing the case that if I start transaction SOLMAN_SETUP I get a browser call HTTPS. If I change the protocol and the port to HTTP it jumps directly to HTTPS. This behavior makes me think that some configurations steps have activated a force redirect from HTTP to HTTPS.
This specially gives me some headache because all other (satellite)-systems are not configured to use secured communication and the certificates are not rolled out.
Currently I can't afford the need to roll out certificates all over the landscape.
To buy me some more time:
How can I check if my feeling about the redirect is correct?
If there is a redirect, how can I disable this so that I can work with HTTP-URLs?
I appreciate your help.
Kind regards,
Niklas TheisHi Niklas,
Perhaps this note can give You a little hint how to reverse to the HTTP setting again:
1716999 - Enable HTTPS for Solution Manager web service communications
Also check and adjust if necessary the setting for the webservice “wd_sise_main_app”: Change the setting to “Switch to HTTP”.
In addtion to that You also might look into:
- the ACL file; if any block against HTTP has been setup
Regards,
Kurt -
How to redirect on htttp to https with www redirect of coldfusion mx7?
Hi any one help me - How to redirect on htttp to https with www redirect of coldfusion mx7?
I used below code. its working perfectly. thanks a lot.
<cfif (CGI.SERVER_NAME EQ "site.com") and (CGI.https NEQ "on")>
<cfheader statuscode="301" statustext="Moved permanently">
<cfheader name="Location" value="https://www.site.com#CGI.SCRIPT_NAME#">
</cfif>
<cfif (CGI.SERVER_NAME EQ "www.site.com") and (CGI.https NEQ "on")>
<cfheader statuscode="301" statustext="Moved permanently">
<cfheader name="Location" value="https://www.site.com#CGI.SCRIPT_NAME#">
</cfif>
<cfif CGI.SERVER_NAME EQ "site.com">
<cfheader statuscode="301" statustext="Moved permanently">
<cfheader name="Location" value="http://www.site.com#CGI.SCRIPT_NAME#">
</cfif> -
Hi team,
I have multiple SSID, but want users of a single SSID to be redirected to a HTTP or HTTPS URL (LAN SERVER for authentication)
I am very curious and it is important. I want to see how to achieve this with CISCO WLC !!!http://10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=www.geo.tv/
I wanted if someone connects to WLAN "MO-GUEST" automatically the user should be redirected to http://10.229.3.99/login.html and once authenticated by 10.229.3.99 , he/she should be allowed to access anything as normal. [ actually i just want automatic url redirection for the first time for the user of wlan "MO-GUEST"
waiting expert opinions. -
Redirecting HTTPS to HTTP in IIS 8
Hi,I have a slight problem. We have a web service running on an internal server, using HTTP. This server has a DNS name like internal.domain.com. Externally, we allow access through a reverse proxy server, that also uses HTTPS externally. This server has the external DNS name of service.domain.com. Internally (we're running split horizon DNS), service.domain.com points to internal.domain.com. Now the problem becomes that you need to use https://service.domain.com externally, and http://service.domain.com internally to access the same resource. What I would like to do is to have any incoming internal traffic to service.domain.com using HTTPS redirected to the same URL but using HTTP.I tried the following global rewriter rule in the applicationhost.config file.TextThat doesn't work for some reason.Then I tried;TextDidn't work either.What...
This topic first appeared in the Spiceworks CommunityThanks for your answer Roberto,
I have to say that i have one OC4J instance with 3 processes (virtual machines)[production environment], the problem arises when my application switches from https to http, https runs, let´s say, on process 1 and then http runs on process 3, that´s the reason why any object created on https is lost when switching to http.
I´ve checked some documentation about this subject but they talk about oc4j clusters (multiple oc4j with multiple processes within),*my case is one oc4j with multiple processes* i just need to know if there is some way to keep session between multiple virtual machines or to keep application execution on one virtual machine using https and http.
Greetings.... -
Redirecting from http to https
Hi,
we just installed podcast server and also installed the certificates. Browsing, https://podcast.localhost works fine.
What I want is if someone tries to open, http://podcast.localhost, i want all this traffic to be redirected to https://podcast.localhost
How do i do this at the server level by manipulating apache or whatever files ??I'm trying to redirect from http to https. I have the sites set up, one on port 443 and the other on port 80. I added a redirect on the port 80 site as follows:
Redirect / https://podcasttest.ucmo.edu
This works for http://podcasttest.ucmo.edu, but not for any sub domains, like http://podcasttest.ucmo.edu/groups (this does not get redirected to https).
I also tried:
Redirect .* https://podcasttest.ucmo.edu (nothing redirected)
and
Redirect ^(.*) https://podcasttest.ucmo.edu (nothing redirected)
and
Redirect ^(.*)$ https://podcasttest.ucmo.edu (nothing redirected)
Thanks,
Shannon -
Redirect HTTP to HTTPS with Host Name Site Collections
By using Alternate Access Mapping, its possible to redirect HTTP to HTTPS.
as explained in this thread
http://social.msdn.microsoft.com/Forums/en-US/eaab487a-bc94-4f06-981b-c62711764367/redirect-http-to-https-for-sharepoint-2013
However what if I am using Host name site collections? My understanding is that the AAM will not work then... so how can I sure that
http://intranet.contoso.com is automatically redirected to https://intranet.contoso.com ?
val it: unit=()This is not correct. You can't use URL rewrite with Host Named Site Collections in SharePoint. For URL rewrite to work you need to set bindings on web application which overrides Host Named Site Collection bindings in SharePoint (you have to chose either
web application bindings or let SharePoint handle that).
If you want to use URL Rewrite you need to create new Site in IIS7 which will listen on port 80 and rewrite URLs to port 443. This will create small overhead but you can save on resources by leveraging HNSC and have minimal number of web applications on
the server.
----Edit on 1/16/2014-----
I stand corrected. Above statement is NOT CORRECT. You can indeed perform HTTP to HTTPS URL rewrite with Host Named Site Collections (HNSC) quite elegantly. You do not need any additional web applications. In essence you can
build you whole farm with single web app on IIS (well two, since second one would be used for SharePoint services). Below is the example where I created single URL rewrite rule which handles any new host name provided they use same domain name (i.e. xxxxx.domain.com).
I have 20+ HNSCs in single web application and all of them are using URL rewrite.
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{SERVER_PORT}" pattern="443" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}.domain.com/{R:1}" />
</rule>
</rules>
</rewrite>
You need to install URL rewrite plugin and configure binding the following way on your web app in IIS. This will allow rewrite to work and SharePoint will be able to handle hoast header bindings internally. -
URL Rewrite Rule: HTTP to HTTPS Not Working
Here is my problem. I cannot get HTTP to HTTPS redirect to work using the URL Rewrite module. I am using version 2, by the way, which I understand is the latest version. I've also enabled the "Proxy Server" and Application Request Routing"
features.
I've trolled through the Internet for 2 days now for solutions to my problem, including the ones provided by the TechNet forums and by MVP Scott Forsyth. I've tried over 30 solutions, and none have resolved my issue. Granted some of the solutions I've tried
may have been repeats of others. After trying so many, I have had a hard time discerning the differences. Does it really matter, for instance if the pattern match for the {HTTPS} input is specified as
"^off$" or just "off"? I see this discrepancy (among others) everywhere. It seems like there are so many variations out there. It is quite confusing for the uninitiated and the newbies like myself to the
URL Rewrite technology. I have enabled and consulted my "Failed Request Tracing Rules" logs but cannot make any sense of the cryptic information it is providing.
I just cannot get my reverse proxy server to redirect http requests from the Internet to https to my internal web server. When a user specifies "https://server1.xxxxx.com". he is able to access the internal server via the reverse proxy (IIS) server.
But when he specifies "http://server1.xxxxx.com" he receives "Server Error 500 - Internal server error.There is a problem with the resource you are looking for, and it cannot be displayed."
At this point I am at my wits end, and am even considering configuring the protocol translation on our firewall. But this not my preference as it presents another layer of complexity, and device to troubleshoot later on. Below I've pasted my entire web.config
file with my most current version of the rule in question (in bold) for your review. I started to paste just the specific rule, but thought you might need to see the entire file in case something else may be conflicting with the rule.
Thank you in advance for your help.
Dave Robinson
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="HTTP to HTTPS Redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}" redirectType="Found" />
</rule>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
<action type="Rewrite" url="{C:1}://server1.xxxxx.com/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
<match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
<action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
</rule>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A, Form, Img" pattern="^http(s)?://server1.xxxxx.com/(.*)" />
<action type="Rewrite" value="http{R:1}://server1.xxxxx.local/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
<preCondition name="NeedsRestoringAcceptEncoding">
<add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
<tracing>
<traceFailedRequests>
<add path="*">
<traceAreas>
<add provider="ASP" verbosity="Verbose" />
<add provider="ISAPI Extension" verbosity="Verbose" />
<add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module,FastCGI,WebSocket"
verbosity="Verbose" />
</traceAreas>
<failureDefinitions timeTaken="00:00:00" statusCodes="404" />
</add>
</traceFailedRequests>
</tracing>
<httpErrors errorMode="Custom" />
<httpRedirect enabled="false" destination="" exactDestination="false" childOnly="false" httpResponseStatus="Permanent" />
</system.webServer>
</configuration>On Wed, 28 Jan 2015 17:53:41 +0000, dwrobins2000 wrote:
Here is my problem. I cannot get HTTP to HTTPS redirect to work using the URL Rewrite module. I am using version 2, by the way, which I understand is the latest version. I've also enabled the "Proxy Server" and Application Request Routing"
features.
Web/IIS related issues are better posted where the IIS experts are:
http://forums.iis.net
Paul Adare - FIM CM MVP
"The equivalent of treating dandruff by decapitation"
-- Frank Zappa on the Parents Music Resource Center' censorship plans -
Jax-WS Client - Change Endpoint Address "https" to "http" - Cause HTTP 302
Hi,
I don't know it is a bug or not, but i couldn't find any answer for this.
I try to write a client for an SSL Secured and Basic Authenticated web service. To access the WSDL url, i have a VPN connection to that network. Also i registered their certificate to the JVM that i used to run the Client.
To create Jax-WS Client codes, i used "......\jaxws-ri\bin\wsimport.bat -s src -d bin -p model https://xxxx.com/xxxxxx.asmx?WSDL" as explained.
After successfully generated sources, i added my "SecurityEnvironmentHandler.java" to catch Username and Password callbacks, and also added "SecurityHandler.java" to register my handler and surrund with necessary SOAP Header Security tags. I register them as explained too.
Everything looks fine, but when i try to run Client test which basically call one of the services, i get
com.sun.xml.ws.client.ClientTransportException: The server sent HTTP status code 302: Found
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.checkStatusCode(HttpTransportPipe.java:203)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:177)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:93)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:439)
at com.sun.xml.ws.client.Stub.process(Stub.java:222)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:135)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:118)
at $Proxy36.xxxxxxxxxxx(Unknown Source)
at xxxxxxxxServisImpl.xxxxxxxxxxxxx(xxxxServisImpl.java:69)
at xxxxxxxxxServisTest.testxxxxxxx(xxxxxxServisTest.java:57)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at junit.framework.TestCase.runTest(TestCase.java:154)
at junit.framework.TestCase.runBare(TestCase.java:127)
at org.springframework.test.ConditionalTestCase.runBare(ConditionalTestCase.java:69)
at junit.framework.TestResult$1.protect(TestResult.java:106)
at junit.framework.TestResult.runProtected(TestResult.java:124)
at junit.framework.TestResult.run(TestResult.java:109)
at junit.framework.TestCase.run(TestCase.java:118)
at org.eclipse.jdt.internal.junit.runner.junit3.JUnit3TestReference.run(JUnit3TestReference.java:130)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:460)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:673)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:386)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)( i have changed some unnecessary parts with "xxxxxx" )
The basic of it i get an "*HTTP 302*" which means it tries to redirect the request.
Also i had an working copy of a sample Client which was written with Jax-RPC. I looked the generated SOAP Messages for both of clients, they was almostly the same.
After lots of tries, i found the problem, somehow after the client application starts, it changes the Endpoint Address "https://xxxxxxxx.com/xxxx.asmx" to "http://xxxxxxxxx.com/xxx.asmx", ( it drops the "s" wich means it changes the protocol HTTPS to HTTP ).
If i set the Endpoint Address to "https://xxxxxxxx.com/xxxx.asmx" before calling any service on port, it works as it should be.
On the "generated" main WebServiceClient class the WSDL address and also Endpoint Address were set correctly ( with https ).
Also do i missing any logical part of it? Because i didnt changed it, it generated from WSDL by using "wsimport", it couldnt be a mistake, of if it would be, somebody could see that.
Thanks for any advice.
Umut KUNDUKANWelcome to the forum. Please don't post in threads that are long dead. When you have a question, start your own topic. Feel free to provide a link to an old post that may be relevant to your problem.
I'm locking this thread now. -
How to protect both access (http and https) with a Policy Agent
Hi,
During the installation of a web Policy Agent (i.e. Policy Agent for IIS) we have to choose the protocol (and port) of the web server we want to protect.
If we have an IIS with secure (https) and non secure (http) applications, how we manage this scenario with the policy agent?
Regards,Hi,
Finally, i have installed the agent in IIS5 in the non secure port (http) and in fact it detects both access (http and https) fine.
The problem now is that if i try to access to a non secure url ( http://mynonsecureapp.com ) all works fine, the agent redirects to https://myaccessmanager.com:443/amserver/UI/Login?goto=http://mynonsecureapp.com but when i try to access to a secure url ( https://mysecureapp.com ) the agent try to redirects me to: https://myaccessmanager.com:443/amserver/UI/Login?goto=http://mysecureapp.com (notice that the agent removes the 's' in the url).
The amAgent log file shows:
+2008-07-17 09:44:08.296MaxDebug 656:d8f6b0 PolicyAgent: am_web_is_notification(), https://sigcit.agp.gva.es:443/fullcitriweb is not notification url http://sigcit.agp.gva.es:80/amagent/UpdateAgentCacheServlet?shortcircuit=false.+
+2008-07-17 09:44:08.296 Warning 656:d8f6b0 PolicyAgent: OnPreprocHeaders(): Access Manager Cookie not found.+
+2008-07-17 09:44:08.296 Debug 656:d8f6b0 PolicyAgent: am_web_is_access_allowed(): url 'https://sigcit.agp.gva.es:443/fullcitriweb' path_info ''.+
+2008-07-17 09:44:08.296MaxDebug 656:d8f6b0 PolicyAgent: am_web_is_access_allowed(): processing url http://sigcit.agp.gva.es:80/fullcitriweb.+
+2008-07-17 09:44:08.296 Debug 656:d8f6b0 PolicyAgent: am_web_is_access_allowed(): client_ip 172.27.65.62 not found in client ip not enforced list+
Any ideas?
Regards,
Edited by: idm_oceanic on Jul 17, 2008 1:33 AM -
WCCP Configuration HTTP and HTTPS
Looking for anyone that might have a clue in on this, im attempting to configure a pair of routers to use WCCP to redirect HTTP and HTTPS traffic to two content keeper devices. The network im building is going to be used for a guest internet connection where defining proxies on end devices would be unusable.
I'll drop the configs in below but for now what i have are 2 cisco 3925 routers configured for HSRP. 2 content keeps running squid for the cache engine. with my current configurations, I have wccp web-cache and wccp service 70 configured (all 4 devices are available/usable in both services). this is a layer 2 setup. HTTP traffic is picked up and redirected to the content keepers without issue. https traffic does not appear to be detected by the routers. I have chosen not to use ACLS for WCCP and use the redirect in because we want to capture http(s) traffic from all hosts.
for HTTP, I see hits counters rise on the router under show ip wccp, i see hit counters for the content keepers increase, i see http traffic on the firewall from the content keepers and I get the web page on the device
For HTTPS I do not see hit counters under wccp increase, I do not see any traffic on the content keepers bridge, and i see traffic on the firewall from the hosts orginal ip address.
interface0/2 internal LAN
interface 0/0 content keepers (no WCCP commands)
interface 0/1 gateway firewalls. (no WCCP commands
ip wccp check services all
ip wccp web-cache
ip wccp 70
interface GigabitEthernet0/2
description To Lan
ip address x.x.x.x
ip wccp web-cache redirect in
ip wccp 70 redirect in
standby 1 ip x.x.x.x
standby 1 priority 150
standby 1 preempt
duplex auto
speed auto
Global WCCP information:
Router information:
Router Identifier: x.x.x.2
Service Identifier: web-cache
Protocol Version: 2.00
Number of Service Group Clients: 2
Number of Service Group Routers: 2
Total Packets Redirected: 17999
Process: 0
CEF: 17999
Service mode: Open
Service Access-list: -none-
Total Packets Dropped Closed: 0
Redirect access-list: 110
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total GRE Bypassed Packets Received: 0
Process: 0
CEF: 0
Service Identifier: 70
Protocol Version: 2.00
Number of Service Group Clients: 2
Number of Service Group Routers: 2
Total Packets Redirected: 0
Process: 0
CEF: 0
Service mode: Open
Service Access-list: -none-
Total Packets Dropped Closed: 0
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total GRE Bypassed Packets Received: 0
Process: 0
CEF: 0
Show details and show service attached.Hello Josh,
1. Yes, port-specific ACL is not supported. But it is not a big problem. Usually on WCCP server you can configure very specific bypass (Cisco WSA supports that - do not know about Sophos). For bypassed traffic WCCP server will reinject that packet in GRE and send back to ASA which will decapsulate it and send as normal packets.
It's a good design, because you can have very granural bypass policy on WCCP server.
2. Yes, configuration is correct, although it's better to be more specific (not send all traffic to WCCP if there is no need for that).
3. Yes, you can use deny in redirect-list to exclude traffic.
4. WCCP keepalives are being send by WCCP server by default every 10 seconds. If ASA does not see that replies for some time it marks server as dead and uses other ones.
Michal
Maybe you are looking for
-
Photo Merge using RAW files - does white balance matter?
I'm using a Canon 5dII and create RAW files to be merged - both stitched and for HDR. In other words, if I bracket 3 (0, +2, -2) I'll do the bracket 3 times, once for the left, middle and right parts of the scene and will have 9 RAW images. I'm as
-
Background Job BICCMS_111_20100526* (program RSBATCH_EXECUTE_PROZESS)
Dear Friends, We are using BI 7 system. We have restarted the system few days back. After the restart we have observed that there is a job running for every hour. The job name starts with BICCMS_111_20100526* (It is executing a program called program
-
Uploading Material and Plant Masterdata
Hi BW experts, I am trying to upload master data from R/3 Prod for 0Material & 0MAT_PLANT. My upload failed as some of the materials and plants created in R/3 have been created with a space character at the end of the name (i,e '1000 ' as a plant, n
-
How to load the external outlines .otl
i have hyperion essbase 9.3.1.i had received external outlines.how to load the external outlines
-
Looking to build a pc to use premiere pro cs5
i'm looking to have a pc built so that i can use to edit in premiere pro cs5. here are some specs i received. i wanted to post these to see what folks thought. MOTHERBOARD - GIGABYTE GA-890XA-UD3 Socket AM3/ AMD 790X/ SATA3 PROCESSOR - AMD Phenom I