Inbound Allow ACL when http headers inspection is true.
Hello,
I have a request to make the following work on an asa 5515 deployment and I'm receiving a lot of conflicting information about how to implement the solution.
I have an external provider that requires access to an internal non-ssl webpage. They are unable to provide IP address details to lock down the ACL. They have asked if we can allow access based on http-header-inspection within the request.
I believe this is possible using a class map to run the regex search for whatever he header string might be some form of AND rule such as;
(In english)
if outside->inside ACL ANY to HOST TCP 80 is true
if classmap regex is true
Then allow access.
Can you advise what type of technology would be required to get this working? If it is possible with the current 5515 technology what would you advise the answer is (or can you point me in the right direction to read the answer)?
I will give this another test as soon as I can, I'm not sure I need to make the class CDN_REGEX_MAP, I think I could simply place the 'match not request header regex CDNHEADER' in the inspect policy. I will let you know how it goes. For sake of completeness I've included my code.
Thanks,
regex CDNHEADER "someheader"
class-map type regex match-any CDN_REGEX_MAP
match regex CDNHEADER
class-map type inspect http match-all DENYCDNCLASS
match not request header regex class CDN_REGEX_MAP
policy-map type inspect http CDNPOLICYMAP
class DENYCDNCLASS
reset log
access-list OUTSIDE_MPF extended permit tcp any 1.1.1.1 eq 80
class-map OUTSIDEMPF-CMAP
match access-list OUTSIDE_MPF
policy-map outside_policy
class OUTSIDEMPF-CMAP
inspect http CDNPOLICYMAP
service-policy outside_policy interface outside
Similar Messages
-
Acrobat Reader X stores PDFs in Temp-folder even when HTTP-headers say no-cache no-store
After updating from Acrobat Reader 9 to 10 we have noticed that PDFs viewed in the browser are left behind in the Temp-folder even after the browser has been closed.
Http-headers in the response from the server
Cache-Controls: no-cache,no-store,max-age=0,post-check=0,pre-check=0
Content-Type: application/pdf
Content-Disposition: inline; filename="xxxxxxxx.pdf"
Expires: 0
Pragma: no-cache
Folder: [User-folder]\AppData\Local\Temp
Filename-format: PDFxxx.tmp
Browsers: Firefox 3.6, Opera 11, Safari 5
Plugin: Acrobat Reader 10
Simply add a .pdf extension to the file and open again in Acrobat Reader. Since the server has set headers indicating that this PDF should not be stored locally, it is a severe security hole leaving traces of this PDF on the filesystem.
Is this a problem Adobe is aware of? When can we expect this to be fixed?
Regards,
GustavHi Michael,
Thank you for you quick response!
In Acrobat 9, I cannot find the PDFs in the Temp-folder after the browser has been closed.
In Acrobat 10, PDFs are left behind in the Temp-folder even after browser close.
To me, this looks like a bug in Acrobat 10. Would you not agree?
Regards,
Gustav -
Hi.
I discovered my Firefox v26 was SOMETIMES trying to send multiple requests on port 7070 (ukrainian ip-address) independently on what websites were opened at the moment.
The problem remains after v27 update.
I have an addon "live http headers" installed.
As I manually allow the request by firewall nothing appears in the headers window.
Does my firefox seem to be modified with adware/spyware?Have you tried Opening your Firefox in Safe Mode
[[Troubleshoot Firefox issues using Safe Mode]]
please report back to us -
Setting HTTP headers when using xrpcc
I am using xrpcc to compile my WSDL and am using the resulting code to access my web service. When accessing a web service this way, is there any way that I can set HTTP headers before the method is invoked? If not, is the only option to build all of the SOAP requests by hand and ditch all of the nice things xrpcc does for me?
Along those same lines, is there any way to get a dump of the SOAP envelope that is being sent when the xrpcc generated methods are invoked?
Thanks.Damn, I need to read the HTTP headers that came in along with the SOAP JAXRPC message. So it looks like a similar problem. And noone answers this question. Damn.
-
I have a scenario where my osb messages are rejected by the target server, while the same messages are accepted when sent by wget. The only difference between the two requests is represented by the http headers.
The first thing to notice was that most of the http headers are not showing neither in the outbound, nor in the business server traces.
The outbound http headers:
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>"urn:Services#DeleteUser"</http:SOAPAction>
</tran:headers>
The http headers received by the server:
Host
localhost:7021
Content-Length
448
SOAPAction
"urn:Services#DeleteUser"
User-Agent
Java1.6.0_29
Content-Type
text/xml; charset=utf-8
Accept
text/html, image/gif, image/jpeg, */*; q=.2
Connection
Keep-Alive
Why is OSB not showing all the headers? How about removing any of the headers currently received by the server, before sending the message? Can it be done in OSB?Would this work ?
$inbound/ctx:transport/ctx:request/tp:headers/tp:user-header[lower-case(@name)="x-ab-normal"][1]/@value -
HTTP Headers - enabling caching and compression with the portal?
Has anyone configured their web server (IIS or Apache) or use a commercial product to flawlessly cache and compress all content generated by the portal?
Compression and caching is critical for making our portal based applictions work for overseas users. It should be doable, just taking advantage of standard HTTP protocols, but implementing this a complex system like the portal is tricky, we seem to be generating different values in the HTTP Headers for the same types of files (such as CSS).
We are running Apache so can't take advantage of the built in compression capabilities of the .net portal. We are running the java vervion. 6.1 mp1, sql server 2000 (portal, search, collab, publisher, studio, analytics, custom .net and java portlets on remote server).
Basically our strategy is to compress all outgoing static and dynamic text content (html, CSS, javascript), and to cache all static files (CSS, javascript, images) for 6 months to a year depending on file type.
Here are some links on the subjects of caching and compression that I have compiled:
Caching & Compression info and tools
http://www.webreference.com/internet/software/servers/http/compression/
http://www.ibm.com/developerworks/web/library/wa-httpcomp/
http://www.mnot.net/cache_docs/
http://www.codeproject.com/aspnet/HttpCompressionQnD.asp?df=100&forumid=322472&exp=0&select=1722189#xx1722189xx
http://en.wikipedia.org/wiki/Http_compression
http://perl.apache.org/docs/tutorials/client/compression/compression.html
https://secure.xcache.com/Page.aspx?c=60&p=590
http://www.codinghorror.com/blog/archives/000807.html
http://www.howtoforge.com/apache2_mod_deflate
http://www.ircache.net/cgi-bin/cacheability.py
http://betterexplained.com/articles/how-to-optimize-your-site-with-http-caching/
http://betterexplained.com/articles/speed-up-your-javascript-load-time/
http://betterexplained.com/articles/speed-up-your-javascript-load-time/
http://www.rubyrobot.org/article/5-tips-for-faster-loading-web-sites
http://betterexplained.com/articles/how-to-optimize-your-site-with-gzip-compression/
http://www.gidnetwork.com/tools/gzip-test.php
http://www.pipeboost.com/
http://www.schroepl.net/cgi-bin/http_trace.pl
http://leknor.com/code/gziped.php?url=http%3A%2F%2Fwww.google.com
http://www.port80software.com/surveys/top1000compression/
http://www.rexswain.com/httpview.html
http://www.15seconds.com/issue/020314.htm
http://www.devwebpro.com/devwebpro-39-20041117DevelopingYourSiteforPerformanceCompressionandOtherServerSideEnhancements.html
http://www.webpronews.com/topnews/2004/11/17/developing-your-site-for-performance-optimal-cache-control
http://www.sitepoint.com/print/effective-website-acceleration
http://nazish.blog.com/1007523/
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/IETechCol/dnwebgen/IE_Fiddler2.asp?frame=true
http://www.fiddlertool.com/fiddler/version.asp
http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html
http://www.web-caching.com/cacheability.html
http://www.edginet.org/techie/website/http.html
http://www.cmlenz.net/blog/2005/05/on_http_lastmod.html
http://www.websiteoptimization.com/speed/tweak/cache/
http://www.webperformance.org/caching//caching_for_performance.html
http://betterexplained.com/articles/how-to-debug-web-applications-with-firefox/
Edited by tkoenings at 06/18/2007 6:26 AMHi Scott,
Does Weblogic platform 8.1 supports netscape? We have developed a portal which
works perfectly on IE but it dies in netscape. Is netUI tags not supported in
Netscape?
Pls reply
manju
Scott Dunbar <[email protected]> wrote:
From a pure HTML perspective Portal does it's rendering with nested
tables.
Netscape 4.x and below have terrible performance with nested tables.
The
problem is not the Portal server but rather Netscape on the client machine.
If IE and/or a recent version of Netscape/Mozilla is not possible then
there are
really only two options:
1) Faster client hardware - not likely to be an acceptable solution.
2) Minimize the number of portlets and the complexity within the portlets.
Neither of these solutions are a great answer, but the 4.7 series of
Netscape is
getting pretty old. Having said that, we've got customers who want to
continue
to use IE 4 :)
Again, though, this problem is, I'm afraid out of our hands. It is the
client
rendering time that is the issue.
cg wrote:
Does anyone know of any known reasons why the 7.0 (did it also with4.0) portal
pages can take up to almost 30 seconds to load in Netscape 4.7? I knowit is a
very generic question but our customer still uses 4.7 and will notuse the portal
b/c it takes so long to load some of the webapps. What the pages willdo when
loading is that the headers will come up and when it gets to the bodyof the page
it seems to stall and then comes up all of a sudden. For some of thepages it
takes 6 seconds and for others it takes about 24-27 seconds.
We have suggested using IE only but that is not an option with allof the customers
and getting a newer version of Netscape is also out of the question.
Any suggestions would be greatly appreciated.--
scott dunbar
bea systems, inc.
boulder, co, usa -
Using custom http headers in SOAP sender adapter
Hi,
my problem is exactly the same as reported [here|Re: SOAP Sender - Extract Header Values;] and [here|Variable Transport Binding - Soap Sender;
Basically I'd like to send through the soap sender adapter some custom http headers. I check the necessary options in the advanced tab (set adapter-specific message attributes and variable transport binding), and in the variable header one I put x-StoreCode, which is the same http header I send to PI.
But I won't see anything in the dynamic configuration section when the message is persisted in PI.
Very surprised that I've seen this issue is a common problem others have faced before without success.
Thanks!Hi Michal,
the extra info I'm trying to send separated from the message is an http header, not part of the query string.
If I incorporate the extra info as a parameter to the query string like this, for example:
http://host:50000/XISOAPAdapter/MessageServlet?senderParty=&senderService=S1&receiverParty=&receiverService=&interface=Int&interfaceNamespace=urn:test&x-StoreCode=13&nosoap=true
Then I can see the value in the dynamic configuration section:
<SAP:Record namespace="http://sap.com/xi/XI/System/SOAP" name="SQueryString">senderParty=&senderService=S1&receiverParty=&receiverService=&interface=Int&interfaceNamespace=urn:test&x-StoreCode=13&nosoap=true</SAP:Record>
But what I'm trying to do shoould be possible, according to sap help:
http://help.sap.com/saphelp_nwpi71/helpdata/en/fc/5ad93f130f9215e10000000a155106/content.htm (section Define Adapter-Specific Message Attributes) -
Encoding problem (Umlaute) in HTTP-Headers
Hi!
I have a servlet that is being called by another server via a POST request.
The request contains user data in HTTP-headers, and whenever there is a
German Umlaut in the user's name, it ends up garbled. :(
The requests character encoding is set to 'ISO-8859-1', according to the servlet
requests getCharacterEncoding() method.
I try to copy the value of a header variable into a String like this:
headerNameValue = request.getHeader("headerNameKey");Which, unfortunatly, doesn't work. For example, the value "G�nter" becomes "G����nter".
Shouldn't the API take care of the encoding, when the CharacterEncoding is set
right in the servlet call?
It looks like it interprets the ISO88591 data as Unicode?
BTW, I'm on a WebSphere 5 server, with Java 1.4.
I've been tearing my hair out on this one for days, so any help is highly appreciated.
Thanks a lot!
AndreasA header variable with the key 'accept-charset' is not sent.
Only 'accept-encoding', with the value 'gzip, deflate'.
Like I wrote in my first post, the servlet request's character encoding is set to ISO-8859-1,
according to the getCharacterEncoding-method.
I have kind of solved this for now by converting the String 2times back, like this:
try {
headerNameValue = new String((new String(headerNameValue.getBytes(),"UTF-8")).getBytes(),"UTF-8");
} catch (UnsupportedEncodingException e) {
logger.error("Fehler beim Umwandeln der Umlaute im Benutzernamen.",e);
} }This code converts the '����', that my servlet receives, back to '�'.
(The first conversion changes the '����' to '��', the second the remaining '��' to '�').
While this seems to work, I don't think it is the right solution, and I still don't understand what's going on. :)
Regards,
Andreas -
Hello,
I need to set some custom HTTP Header when i send the SOAP message to an endpoint.
I tried this..but doesn't solve my requirement.
SOAPMessage soapmsg = messageFactory.createMessage();
MimeHeaders mime = soapmsg.getMimeHeaders();
mime.addHeader("SOAPAction", "xxxx");
mime.addHeader("Sender", "yyy");
SOAPMessage reply = connection.call(soapmsg, destination);
Can anyone please guide me how to set HTTP headers for SOAP?
Thanks,Hello,
I need to set some custom HTTP Header when i send the SOAP message to an endpoint.
I tried this..but doesn't solve my requirement.
SOAPMessage soapmsg = messageFactory.createMessage();
MimeHeaders mime = soapmsg.getMimeHeaders();
mime.addHeader("SOAPAction", "xxxx");
mime.addHeader("Sender", "yyy");
SOAPMessage reply = connection.call(soapmsg, destination);
Can anyone please guide me how to set HTTP headers for SOAP?
Thanks, -
Mail uses more than 120'% CPU when fetching headers
Hello,
mail uses more than 100% CPU and the system response gets slow, affecting the other processes when mail starts, and the mail activity viewer says: fetching headers.
It happens when I check my mail with mail client directly in the same server, or when I connect from another machine, my mail Version 2.1 (752/752.2), I have 3 IMAP accounts.
I have verified and repaired the disk (no errors), I have set up mail from scratch, the first network connection is ethernet,
I am using mail program on the server trying to check the mail in the same server. when I open the program, and it starts to fetch headers, the 100 % percent or more of CPU is used (128%,etc).
when I try to conect from another mail program to this server the 100% cpu or more is get when fetching headers (I am using a firewire connection, and the another machine is a MAC PRO (4 processors, 2 x 2.66 GhZ Dual Core Intel Xeon, 1GB ram 667 mhz DDR2 fB/Dimm, MAC OSX 10.4.9, with no other programs running), so the problem is on the server.
I have booted the machine in safe mode (the red text "safe mode" appeared), and the same things happened, I have some screen shots available
from the mail forum they told me that I should check this problem in the server forum.
http://discussions.apple.com/thread.jspa?threadID=957222&tstart=0
any idea?
thanks
Alberto
Dual 2 GHz PowerPC G5 Mac OS X (10.4.9) 4GB DDR SDRAM, MAC OS X ServerHello OgelThorpe,
Thank you for the suggestion. I will try that soon. My macbook meets well over the hardware requirements for that package. Also only the cpu usage is high, i have 4GB ram and only 500-700 MB of that gets used by adobe premiere.
I have have run the hardware test in a loop and it passed everytime, so i dont doubt the hardware.
regards
Ankit -
I'm new to Flex. I'm an ASP.Net developer. We have an ASP.Net application that gets information about the user in http headers. Can a Flex app get info from http headers?
Ok, i filed an enhancement CR103654.
I am not sure when this will be fixed.
Please contact support if you need an urgent fix.
regards,
-manoj
"Steve Watson" <[email protected]> wrote in message
news:3e9d765b$[email protected]..
>
This could work, but we want to distinguish between the different codesespecially
500, 502, and 503.
Steve
"manoj cheenath" <[email protected]> wrote:
There is no API in Web service client to get HTTP response
code. This is because, the web service client can be invoked
using other protocols.
If the return code is not 2XX, then the run time will throw
exception. Will that help?
-manoj
"Steve Watson" <[email protected]> wrote in message
news:[email protected]..
I am coding an asycronous web services client and need to check thestatus
code
in the HTTP response. How can I do this?
Steve Watson -
HTTP Headers Added by WS7 not preserving case
I have added the following directive to my obj.conf in WS7u8:
NameTrans fn="set-variable" insert-srvhdrs="True-Client-IP: 127.0.0.1"However, when using the LiveHTTP Headers plugin for Firefox, I see that the header being returned is actually:
True-client-ip: 127.0.0.1Unfortunately, the application that is using that header is looking for the one with mixed case as specified in the configuration.
Is there a way to tell WS7 to send the server header using the exact case I specified?
Thanks,
BillNo. This behaviour is not changable at the moment. Also note that according to RFC 2161 that http headers are case insensitive so your client app shouldn't really be relying on the case of the header.
-
Adding custom http headers for WSRP requests
Hello,
I wonder whether it is possible to insert custom http headers for WSRP
requests?
To give more details:
We are going to have portlets exposed via WSRP (hosted on non-weblogic
server). We need these portlets to work on different portals including
WebLogic Portal. And we need to have working SSO. There needed at least
2 SSO options:
1. Having SiteMinder protected portal. Will WebLogic pass SiteMinder
headers further to WSRP producer?
2. Custom SSO tokens to be passed as http headers. Is it possible to
make weblogic to add custom http headers when calling producer?
2a. Credential mapping shall be used to get username/password for
backend application (accessed from producer side), and than these
username/password shall be passed as http headers when requesting producer.
Best regards,
Sviatoslav SviridovHi,
About how to use Rest API via node.js, please refer to
http://stackoverflow.com/questions/5643321/how-to-make-remote-rest-call-inside-node-js-any-curl for more information. Hope this helps.
Best Regards
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Hi, is there a way to set custom http headers at server or webapplication level
on weblogic 60, instead of programmatically setting them on each page? If so how.
Thanks.Well we need to set a custom header for all http requests to the weblogic server.
If we could set it at the server level, instead of modifying all the pages served
by the webserver that would be best and most efficient. Here is a link that describes
it and how other webservers handle it. http://webmaster.info.aol.com/headers.html.
Currently apache, iis, and netscape webservers allow u to define custom http headers
at the server level. Thanks.
"Mark Griffith" <[email protected]> wrote:
Nope. Can you give me a scenario, use-case? And do other WS handle
this,
if so how?
cheers
mbg
"Diana" <[email protected]> wrote in message
news:3ec01580$[email protected]..
Hi, is there a way to set custom http headers at server or webapplicationlevel
on weblogic 60, instead of programmatically setting them on each page?If
so how.
Thanks. -
FRM-92101 RUNTIME error - No HTTP headers received from runform
Oracle IAS 9.0.4 servers are configured to serve up webforms. The Server is configured to run only forms.Is it possible to run report files from this SERVER.
Iam getting FRM-92101 RUNTIME error - No HTTP headers received from runform.
Iam not able to run any reports.
Thanks
HimabalaHello,
Q: Is it possible to run reports from Oracle IAS 9.0.4 server that is not running the reports server locally ?.
A: Yes
For the error FRM-92101 when using RUN_REPORT_OBJECT, check that the CLASSPATH contains the necessary jar files rwrun.jar and zrclient.jar .
Regards
Maybe you are looking for
-
How I fixed stuttering iTuned video playback
I went into quicktime preferences and unchecked; - enable directdraw on secondary monitors - enable direct3d video acceleration In start, run, I typed; dxdiag and on display tab I disabled direct3d acceleration. For games and things like cyberlink po
-
Hi All, I am executing SP by using JDBC Receiver Adapter. My strcture is follows <STATEMENT2> <SP_CREATE_T_BATCH action="EXECUTE"> <spName type="VARCHAR">SP_CREATE_T_BATCH</spName> <IN_Control_Recipe hasQuot="No" type="Integer">100000000001723850</IN
-
Imac 10.5 and MacBook Pro 10.4.11
Hello, i just bought an imac 10.5 and i try to transfer with the firewire cable all my previous data from my macbook pro (10.4.11) and imac doesn't recognize my lapetop telling that there's no mac OS X on it ! How can i manage that ? Thanks in advanc
-
No Audio File in Premiere Pro CS6
I have a Sony NX30. I use the sony media importer to get the files on my computer and then use the files in Premiere Pro CS6. Everything works fine. I have a new desktop computer. Same windows OS. I installed the exact same sony media importer and th
-
My MacBook Pro will not sync address book changes with my IPhone. Why? It used to.