Maintaining Sessions between http and https

Similar Messages

• JSF / Switch between HTTP and HTTPS

  Hello!
  I want to switch between HTTP and HTTPS using JSF.
  Under Apache Struts framework I can use struts extension "sslext.jar" to configure switching between http and https in one web application.
  e.g. Login-jsp should be secured, all other jsp's should run unsecured.
  Any ideas?
  regards
  Harald.

  Thanks,
  I made the necessary enhancement for the second phase, password confirmation required when return to SSL zone after leaving it after a succesful login.
  I did the following:
  1) create a class in the application scope and/or singleton class with the servlet paths that require SSL
  2) create a plugin that reads ActionConfigs from the ModuleConfig
  3) create a filter that sets a request scope flag that says that password must re-entered.
  Code Extracts:
  1) MainshopContainer application level parameter singleton class:
  private static HashMap sslZoneMap = new HashMap(50); // key = servlet path of request, example /login.do
  public boolean isInSSLZone(String servletPath)
  return this.sslZoneMap.containsKey(servletPath);
  public void addToSSLZone(String servletPath)
  this.sslZoneMap.put(servletPath,null);
  public int getNumberOfActionsInSSLZone()
  return this.sslZoneMap.size();
  2) Struts plugin
  add a call to loadSSLZoneMap in plugin init method:
  loadSSLZoneMap(config, mainshopContainer);
  private void loadSSLZoneMap(ModuleConfig config, MainshopContainer mainshopContainer)
  throws ServletException
  try {       
  ActionConfig[] actionConfigs = config.findActionConfigs();
  for (int i = 0; i < actionConfigs.length; i++)
  if (actionConfigs.getParameter().indexOf("/jsp/account/") < 0) // /account/* = URL path for SSL zone
  // not found = not ssl zone
  System.out.println("loadSSLZoneMap, following actionConfigs excluded from SSL Zone: "+actionConfigs[i].getPath());
  else
  // found = ssl zone
  String servletPath = actionConfigs[i].getPath()+".do";
  mainshopContainer.addToSSLZone(servletPath);
  System.out.println("loadSSLZoneMap, following servletPath added to SSL Zone: "+servletPath);
  System.out.println("loadSSLZoneMap, number of actions in SSL Zone: "+mainshopContainer.getNumberOfActionsInSSLZone());
  catch (Exception ex)
  ex.printStackTrace();
  throw new ServletException("Exception caught in loadSSLZoneMap: "+ex.toString()+" Initialization aborted.",ex);
  3)
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
  throws IOException, ServletException {
  HttpServletRequest req = (HttpServletRequest) request;
  HttpServletResponse res = (HttpServletResponse) response;
  String servletPath = req.getServletPath();
  boolean secure= this.mainshopContainer.isInSSLZone(servletPath);
  The wole picture:
  The filter adds a RequestDTO object that includes all request parameters, one of them is the secure flag.
  I have a session scope class UserContainer that includes all the session parameters, one of them is the lastRequestDTO.(last made request)
  At the end of all my jsp's I set the lastRequestDTO variable.
  In that method I set the passwordConfirmationRequired flag if needed:
  public void setLastRequestDTO(RequestDTO _lastRequestDTO)
  if (this.lastRequestDTO != null && this.lastRequestDTO.isSecure() != _lastRequestDTO.isSecure())
  this.setPasswordConfirmationRequired(true);
  this.lastRequestDTO = _lastRequestDTO;
  I read the passwordConfirmationRequired in all my jsp's in the SSL zone that allow editing or deleting and if that flag is true, a valid password must be re-entered in order to make the updates.
  When the password is OK I reset the passwordConfirmationRequired to false.
  I need some help for the first phase, that is SSL setup for all actions related to jsp's with url path /account/*
  I tought I could define it in the web.xml:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>All Account Related Pages</web-resource-name>
  <url-pattern>/account/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  but that doesn't work and finnaly understood why:
  Example: /WEB-INF/jsp/account/login.jsp corresponds to /login.do
  The url pattern /account/* at the container level is never encountered.
  Is it allowed to declare the following action path: /account/login instead of /login?
  If yes I could add following prefix /account to all my action paths and forward paths and this could resolve my problem.
  What's your opinion?
  If no, would your library resolve this?
  Will all the Struts/JSP/JSTL url generating tags pick-up the required protocol (http/https) according to your configuration file?
  Regards
  Fred

• Switching between https and http requests

  Hi,
  Our application is built using ADF 10.1.3
  This application need to be integrated with an in house built single sign on system. ( SSO system is built in C# and .NET)
  This single sign on system only understand https request. Once user is validated against single sign on system, our application's authorization page is called in HTTPS mode. Once the user is authorized, he is forwarded to home page. While forwarding to home page, we want to convert the HTTPS request to HTTP.
  Currently once the user is authenticated, all requests are happening in HTTPS mode.
  We do not know how to make http request from existing https requested page.
  Any help is appreciated.
  Thanks
  Ranajit

  Hi,
  the way to do this is by redirecting the call from a PhaseListener or command button. The solution Avrom refers to is a PhaseListener that uses XML configuration file to determine whether or not the page you are navigating to requires https or http. The code that handles the protocol switch is printed below
    * Determines if the requested page requires SSL and if the current protocol
    * meets this need. If not the protocol is switched between http and https
    * @param viewId
    * @param pageRequiresSSL
    public void handleProtocolSwitch(String viewId, boolean pageRequiresSSL)
      ExternalContext exctx = FacesContext.getCurrentInstance().getExternalContext();
      boolean isSecureSSLChannel = ((HttpServletRequest)exctx.getRequest()).isSecure();
      // pages that require SSL and SSL is on, or pages that don't require
      // SSL but SSL is on and should be kept
      if (pageRequiresSSL && isSecureSSLChannel || !pageRequiresSSL && isSecureSSLChannel && isKeepSSLMode) {
      printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel+", is keep SSL = "+isKeepSSLMode);
      printDebugMessage("No protocol change required");
      // page requires SSL and SSL is not active. Switch to SSL.
      if (pageRequiresSSL && !isSecureSSLChannel) {
        printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel);
        printDebugMessage("Protocol change required to use https");
        switchToHttps(viewId);
      // switch to HTTP is page doesn't require SSL and channel isn't secure
      // and isKeepSSLMode is false
      if (!pageRequiresSSL && !isKeepSSLMode && isSecureSSLChannel) {
        printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel+", is keep SSL = "+isKeepSSLMode);
        printDebugMessage("Protocol change required to use http");
        switchToHttp(viewId);
      if (!pageRequiresSSL && !isSecureSSLChannel) {
        printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel);
        printDebugMessage("No protocol change required");
    * Switches from https to http using a redirect call
    * @param viewId
    private void switchToHttp(String viewId) {
        FacesContext facesContext = FacesContext.getCurrentInstance();
        ExternalContext exctx = facesContext.getExternalContext();
        ViewHandler vh = facesContext.getApplication().getViewHandler();
        String pageURI = vh.getActionURL(FacesContext.getCurrentInstance(), viewId);
        //redirect to http URL
        String remoteHost = getHostNameFromRequest();
        printDebugMessage("Switch to http on host "+ remoteHost);
        try {
            String port = httpPort.equalsIgnoreCase("80") ? "" : ":" + httpPort;
            String url = "http://" + remoteHost + port + pageURI;
            printDebugMessage("Redirecting to http URL "+ url); 
            //TODO check request Map
             this.printDebugMessage(" Content size of RequestMap before redirect "+exctx.getRequestMap().size());
            exctx.redirect(url);         
        } catch (IOException e) {
            printDebugMessage("Redirect to http port failed "+ e.getMessage());
    * switches to https using a redirect call
    * @param viewId
    private void switchToHttps(String viewId) {
        FacesContext facesContext = FacesContext.getCurrentInstance();
        ExternalContext exctx = facesContext.getExternalContext();
        ViewHandler vh = facesContext.getApplication().getViewHandler();
        String pageURI = vh.getActionURL(FacesContext.getCurrentInstance(), viewId);
        //redirect to https URL
        String remoteHost = getHostNameFromRequest();
        printDebugMessage("Switch to SLL/https on host "+ remoteHost);
        try {
            String port = httpsPort.equalsIgnoreCase("443") ? "" : ":" + httpsPort;
            String url = "https://" + remoteHost + port + pageURI;
            printDebugMessage("Redirecting to https URL "+ url);       
            //TODO check request Map
            this.printDebugMessage(" Content of RequestMap before redirect "+exctx.getRequestMap().size());
            exctx.redirect(url);         
        } catch (Exception e) {
            printDebugMessage("Redirect to http port failed "+ e.getMessage());
    * @return the hostname of the page request
    private String getHostNameFromRequest() {
        ExternalContext exctx = FacesContext.getCurrentInstance().getExternalContext();
        String requestUrlString = ((HttpServletRequest)exctx.getRequest()).getRequestURL().toString();
        URL requestUrl = null;
        try {
            requestUrl = new URL(requestUrlString);
        } catch (MalformedURLException e) {
            e.printStackTrace();
        String remoteHost = requestUrl.getHost();
        return remoteHost;
    }If your container doesn't support session sharing between http and https then the session is renewed. In OC4J you will have to configure this.
  Frank

• Could someone help me to clearly distinguish between SOAP and HTTP adapter?

  In which scenarios we can go for HTTP adapter and when to go for SOAP adapter?

  Hi Lekshmi !!
  A SOAP message will be bundled inside the soap envelope.HTTP is not an adapter in adapter engine whereas soap is an adapter i.e, HTTP doesn't require a communication channel where as SOAP requires.You can send soap messages using some SOAP client.
  SOAP Adapter is used to xchange SOAP messages bw remote clients and webservices....
  check this link for more differences..
  SOAP and HTTP adapter
  When you need to Send Data to XI from a Webservice , your SOAP adapter is used.
  HTTP adapter is used when you want to post a HTTP request message from a web application to XI.
  How can i make use of SOAP Sender Adapter without using any tools like XML Spy etc....
  XML SPy is used as a TEST tool when you are sending SOAP information to XI. TO actually send data , you need to configure a webservice and construct a SOAP request message and post the data .
  we use SOAP adapter when we need to connect to remote system or use Webservices in these cases we use SOAP adapter.
  HTTP Adapter is used by extenal systems to connect to Intergartin server using native HTTP Interface.
  the http adapter is a service which is directly connected to integration engine. Adapter Framework (Java) isnt involved. It is much more performant than SOAP adapter.
  The SOAP adapter is written in Java and is responsible for the SOAP envelope around the real XML message. You can build/remove that envelope as well in the mapping and use instead http adapter. But standard for webservices is using SOAP adapter.
  Check this thread....
  Difference between SOAP and Http Sender
  HTTP Adatpter Vs Soap Adapter
  HTPP Adatpter Vs Soap Adapter ????
  Difference between SOAP and Http Sender
  Difference between SOAP and Http Sender
  Plain HTTP Adapter vs SOAP Adapter with regards to SSL
  Plain HTTP Adapter vs SOAP Adapter with regards to SSL
  Hope it clears your doubt !!!!
  Questions are welcome here!!
  <b>Also mark helpful answers by rewarding points </b>
  Thanks,
  Abhishek Agrahari

• Difference Between SOAP And HTTP Adapters

  Hi,
  Any body give me some information Abt Differences between SOAP And HTTP Adapters i know both are in use of Webservises. Any one come with more specific differences like in what case we go for SOAP And in what case we go for HTTP. thanks in advance.
  Thanks
  kiran.B

  Hi,
  In addition to the above
  The SOAP Adapter enables u to exchange SOAP messages between the remote clients or web servers and the integration server
  The HTTP Adapter is used to receive the arbitrary XML in the body of an HTTP-Post request.The HTTP adapter uses HTTP version 1.0 and does not support returning fault messages  to the sender.
  The HTTP adapter is used by the external systems  to connect to the integration engine using the native HTTP interface.The plain HTTP adapter is a part of integration engine.
  Regards,
  Gunasree.

• Difference between socket and http in opera mini

  Sir,
                   can any one say in simple language, what is the difference between socket and http connection. Is http connection possible in opera mini? Which is best suited for economy in use and fee
  Solved!
  Go to Solution.

  First thing to do is to make your phone open the web pages. I don't think the phone has low speeds.
  First
  ask your customer care for correct access point.
  1.
  Copy the access point name you received from custome care to-
  Settings-Connectivity-Packet data-Packet data setting,
  edit active access point.
  Give any name to active access point and activate it.
  Now goto settings- configurations - personal config.- add new- web, give any name to web and press back twice.
  Now again add new access point in personal configurations, give any account name to this access point.
  Copy the access point name which you got from ccare to bearer settings- packet data access pt.
  Press back three times and activate this access point.
  Now in default config. Settings activate personal config.
  Now all apps which need internet connection like
  opera mini should work fine.
  2.
  Saved pages of Opera mini 4.x won't open with opera mini 7.x version.
  Saved pages are stored with an extension .obml.
  Connect memory card to your pc using a card reader,
  you can find them by enabling hidden folders and searching .obml.
  Now right click on any obml file of search results and click open file location or move them to any folder you like and
  note down the files location.
  Now goto saved pages of your opera mini, manage, set folder. Set the folder location to where .obml files are stored
  Now your old saved pages can be opened.
  Hope this helps.
  -------------------If this post helped you, click on accept as solution.------------------
  -----------------------------Appreciate by clicking on white star.----------------------------

• Https and http configuration

  Hello All
  Can anyone tell me how to configure a website which contain both https and http pages? I mean for example, if you go to your online banking website, all the pages before you reach the Login page are in http. But once you have login, all the pages are under https.
  For my own project, I have also installed the SSL onto my Tomcat, it works fine. However, all the pages are under https, even the index.html page. Below is my server.xml, hope it may give you more information.
  Many thanks
  Viola
  ============================================================================
  <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8081 -->
  <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
  port="8080" minProcessors="5" maxProcessors="75"
  enableLookups="true" redirectPort="8443"
  acceptCount="100" debug="0" connectionTimeout="20000"
  useURIValidationHack="false" disableUploadTimeout="true" />
  <!-- Note : To disable connection timeouts, set connectionTimeout value
  to -1 -->
  <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
  <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
  port="8443" minProcessors="5" maxProcessors="75"
  enableLookups="true"
  acceptCount="100" debug="0" scheme="https" secure="true"
  useURIValidationHack="false" disableUploadTimeout="true">
  <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
  clientAuth="false" protocol="TLS" />
  </Connector>
  <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
  <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
  port="8009" minProcessors="5" maxProcessors="75"
  enableLookups="true" redirectPort="8443"
  acceptCount="10" debug="0" connectionTimeout="20000"
  useURIValidationHack="false"
  protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>

  True for my version of TOMCAT
  I think that if you check http://localhost:8080
  you will find that you can access your pages
  with out using http also.
  You are applying ssl to the server not the individual
  war files. So you can access the files using both
  https and http.
  What you need todo is set the security parameters of the
  war file that you want to access using https to only allow
  connection using https.
  So now you can access the web pages using http or https
  but you can only access the file with the security settings
  using https.
  Note if you are using sessions becareful you don't jump between
  http & https and leave the session id exposed.

• HTTP and HTTPS (SSL) at the same time?

  Hi
  In our company we will use SAP Portal as a external facing portal and as portal  that uses authorisation and authentication (logon) . The question for us is: Is it possible to run the EFP without SSL and the “securede  portal” with SSL? Where do I find documentation?
  Thanks
  Christian Thulstrup

  Hi Christian,
  yes, you can run the portal with HTTP and HTTPS at the same time - it's just a question of the URL you are entering in the browser...
  <b>BUT:</b>
  If you access your portal with HTTPS <b>all</b> content provided by the portal should be accessed with HTTPS too - otherwise you will get security warnings in IE and maybe some strange behavior of the integrated content. Session Management to SAP backend systems will not work also...
  Vice-versa: if you access you portal with HTTP all content should be accessed with HTTP... obviously...
  So if your content for the external facing portal is completely seperated from the internal content - yes you can access the portal with differen protocolls.
  If it is not seperated - and that includes KM objects also - then better use one protocoll for both only!!
  Hth,
  Michael

• When we Use HTTPS and HTTP

  Hi Frnds,
  when we Use HTTP's and HTTP.
  Can anyone explain...
  Regards,
  Raj

  Hi
  A general defination of HTTP and HTTPS would be :
  HTTP
  HTTP is the protocol that a web browser such as Internet Explorer uses to request a web page from a web server.
  It can be "implemented on top of any other protocol on the Internet, or on other networks. HTTP only presumes a reliable transport; any protocol that provides such guarantees can be used."
  HTTPS
  HTTPS is an encrypted form of HTTP used for sending sensitive data like credit card numbers between the browser and the web server. This is also sometimes called Secure HTTP or SSL (which stands for Secure Sockets Layer).
  All XI runtime components using the HTTP protocol support the encryption of the HTTP data stream by means of the SSL protocol, also known as HTTPS. HTTPS data streams are completely transparent to the Exchange Infrastructure.
  To enable an HTTPS connection, two steps are required:
         1.      Both parties of an HTTP connection (that is, the HTTPS client and the HTTPS server) must be technically enabled.
         2.      The internal XI communications and the messaging communications must be configured in XI to use these HTTP connections.
  In addition, for certain adapters you can enforce HTTP security for incoming messages.
  Technically Enabling SSL
  Whenever a hardware or software component is to be enabled for SSL, the client and the server part of an HTTP connection have to be enabled differently. Moreover, the technical configuration for HTTPS is different for XI ABAP and J2EE components. For more information, see Transport Layer Security.
  HTTPS comes in two flavors, both ensuring the confidentiality of data sent over the network
  ●      Server authentication
  Only the HTTP server identifies itself with a certificate that is to be verified by the client.
  ●      Client authentication
  Additionally, the HTTP client identifies itself with a certificate that is to be verified by the server.
  Hope this clears your doubts
  Thanks
  Saiyog

• PORTAL ACCESS  THROUGH HTTP and HTTPS BOTH

  Hi,
  Is it possible to make the portal listen on both http and https ports at the same time? What is the required configuration for the same?
  Please let me know for any other details.
  Any input is highly appreciated.
  regards,
  Chandra

  Hello Chandra,
  you can activate SSL in the J2EE engine and then you have both Protocolls avaliable. The documentaiton can be found at <a href="http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm">Configuring the Use of SSL on the SAP J2EE Engine</a>.
  Regards
  Gregor

• How to protect both access (http and https) with a Policy Agent

  Hi,
  During the installation of a web Policy Agent (i.e. Policy Agent for IIS) we have to choose the protocol (and port) of the web server we want to protect.
  If we have an IIS with secure (https) and non secure (http) applications, how we manage this scenario with the policy agent?
  Regards,

  Hi,
  Finally, i have installed the agent in IIS5 in the non secure port (http) and in fact it detects both access (http and https) fine.
  The problem now is that if i try to access to a non secure url ( http://mynonsecureapp.com ) all works fine, the agent redirects to https://myaccessmanager.com:443/amserver/UI/Login?goto=http://mynonsecureapp.com but when i try to access to a secure url ( https://mysecureapp.com ) the agent try to redirects me to: https://myaccessmanager.com:443/amserver/UI/Login?goto=http://mysecureapp.com (notice that the agent removes the 's' in the url).
  The amAgent log file shows:
  +2008-07-17 09:44:08.296MaxDebug 656:d8f6b0 PolicyAgent: am_web_is_notification(), https://sigcit.agp.gva.es:443/fullcitriweb is not notification url http://sigcit.agp.gva.es:80/amagent/UpdateAgentCacheServlet?shortcircuit=false.+
  +2008-07-17 09:44:08.296 Warning 656:d8f6b0 PolicyAgent: OnPreprocHeaders(): Access Manager Cookie not found.+
  +2008-07-17 09:44:08.296 Debug 656:d8f6b0 PolicyAgent: am_web_is_access_allowed(): url 'https://sigcit.agp.gva.es:443/fullcitriweb' path_info ''.+
  +2008-07-17 09:44:08.296MaxDebug 656:d8f6b0 PolicyAgent: am_web_is_access_allowed(): processing url http://sigcit.agp.gva.es:80/fullcitriweb.+
  +2008-07-17 09:44:08.296 Debug 656:d8f6b0 PolicyAgent: am_web_is_access_allowed(): client_ip 172.27.65.62 not found in client ip not enforced list+
  Any ideas?
  Regards,
  Edited by: idm_oceanic on Jul 17, 2008 1:33 AM

• WCCP Configuration HTTP and HTTPS

  Looking for anyone that might have a clue in on this, im attempting to configure a pair of routers to use WCCP to redirect HTTP and HTTPS traffic to two content keeper devices. The network im building is going to be used for a guest internet connection where defining proxies on end devices would be unusable.
  I'll drop the configs in below but for now what i have are 2 cisco 3925 routers configured for HSRP. 2 content keeps running squid for the cache engine. with my current configurations, I have wccp web-cache and wccp service 70 configured (all 4 devices are available/usable in both services). this is a layer 2 setup. HTTP traffic is picked up and redirected to the content keepers without issue. https traffic does not appear to be detected by the routers. I have chosen not to use ACLS for WCCP and use the redirect in because we want to capture http(s) traffic from all hosts.
  for HTTP, I see hits counters rise on the router under show ip wccp, i see hit counters for the content keepers increase, i see http traffic on the firewall from the content keepers and I get the web page on the device
  For HTTPS I do not see hit counters under wccp increase, I do not see any traffic on the content keepers bridge, and i see traffic on the firewall from the hosts orginal ip address.
  interface0/2 internal LAN
  interface 0/0 content keepers (no WCCP commands)
  interface 0/1 gateway firewalls. (no WCCP commands
  ip wccp check services all
  ip wccp web-cache
  ip wccp 70
  interface GigabitEthernet0/2
  description To Lan
  ip address x.x.x.x
  ip wccp web-cache redirect in
  ip wccp 70 redirect in
  standby 1 ip x.x.x.x
  standby 1 priority 150
  standby 1 preempt
  duplex auto
  speed auto
  Global WCCP information:
      Router information:
          Router Identifier:                   x.x.x.2
      Service Identifier: web-cache
          Protocol Version:                    2.00
          Number of Service Group Clients:     2
          Number of Service Group Routers:     2
          Total Packets Redirected:            17999
            Process:                           0
            CEF:                               17999
          Service mode:                        Open
          Service Access-list:                 -none-
          Total Packets Dropped Closed:        0
          Redirect access-list:                110
          Total Packets Denied Redirect:       0
          Total Packets Unassigned:            0
          Group access-list:                   -none-
          Total Messages Denied to Group:      0
          Total Authentication failures:       0
          Total GRE Bypassed Packets Received: 0
            Process:                           0
            CEF:                               0
      Service Identifier: 70
          Protocol Version:                    2.00
          Number of Service Group Clients:     2
          Number of Service Group Routers:     2
          Total Packets Redirected:            0
            Process:                           0
            CEF:                               0
          Service mode:                        Open
          Service Access-list:                 -none-
          Total Packets Dropped Closed:        0
          Redirect access-list:                -none-
          Total Packets Denied Redirect:       0
          Total Packets Unassigned:            0
          Group access-list:                   -none-
          Total Messages Denied to Group:      0
          Total Authentication failures:       0
          Total GRE Bypassed Packets Received: 0
            Process:                           0
            CEF:                               0
  Show details and show service attached.

  Hello Josh,
  1. Yes, port-specific ACL is not supported. But it is not a big problem. Usually on WCCP server you can configure very specific bypass (Cisco WSA supports that - do not know about Sophos). For bypassed traffic WCCP server will reinject that packet in GRE and send back to ASA which will decapsulate it and send as normal packets.
  It's a good design, because you can have very granural bypass policy on WCCP server.
  2. Yes, configuration is correct, although it's better to be more specific (not send all traffic to WCCP if there is no need for that).
  3. Yes, you can use deny in redirect-list to exclude traffic.
  4. WCCP keepalives are being send by WCCP server by default every 10 seconds. If ASA does not see that replies for some time it marks server as dead and uses other ones.
  Michal

• In OS 10.6 and Safari 6, http: and https: are no longer displayed.

  In OS 10.6 and Safari 6, http: and https: are no longer displayed.
  Can this behaviour be restored??
  In 10.5.8 with Safari 5.x some sites will show up as https: while the same
  site in Safari 6 may, or may not, show the grey or green box https: box.
  Is this this a certificate problem?
  Can I set the address bar to for the URL prefix?
  I have both systems on separate disks and consistantly see this behaviour on some sites.
  How can I feel assured that a site is or is not secure using Safari 6??
  A relative also shares this same issue
  Thanks for your Help!

  Safari 6 : http is not shown in the URL (& Search combined) bar, but https is always shown, often with a symbol lock. The URL address font is black, after the / it is grey.
  All as expected.
  Best.

• Clarification for HTTP and HTTPS Sender Adapter

  Hello together,
  after some investigating concering scenarios with HTTP and HTTPS sender there are still some points that are not absolutely clear for me.
  I know that it is not necessary to configure an HTTP sender communication channel. However if I want to enforce HTTPS sender communication I think I need to add an HTTP sender communication channel with security settings enabled as well as a sender agreement.
  To my understanding these settings are activated on the Adapter Engine (Java Stack), HTTP requests however call the ABAP stack directly. How does this work exactly?
  Thank you very much for your additional explanation.

  Hi,
  see below is the format for HTTP URL
  http://<hostname:port>/<path>?<query-string>
  now query straing can only have values as given in the below link
  http://help.sap.com/saphelp_nw2004s/helpdata/en/43/64db4daf9f30b4e10000000a11466f/content.htm
  a way around can be to specify the payload for &party or &agency or &schema(if you are not using them) but then XI should be able to identify them correctly(which i m not sure how it will do),secondly the length can be a constraint coz if you add the whole payload ,the URL will become really long.
  so i would suggest you not to use it but if you really have to,then explore it properly first and then only use
  plz reward points
  thnq

• Configuring WCCP for http and https

  How do I configure wccp on a 6509 to redirect http and https trafic to a S650. I am using the following config and http is working fine:
  ip wccp version 2
  ip wccp web-cache redirect-list aclwccp
  interface Vlan23
  description Rede Firewall
  ip address 10.0.23.20 255.255.255.0
  ip access-group 172 out
  ip wccp web-cache redirect out
  mls rp vtp-domain coc_block1
  mls rp ip
  mls netflow sampling
  end
  Should I config an other service for the https protocol?

  Cecato,
  The WSA can be configured to send 80 and 443 traffic, in the WCCP settings area (5.2.0+). There are some things you will need to be aware of before doing this though:
  1. If you are on 5.2.0-x, you will not be able to inspect HTTPS traffic. Only version 5.5.0+ has the ability to decrypt HTTPS traffic. Because of this, it is not recommended to redirect port 443 on WSA version 5.2.
  2. You will most likely need to specify a service ID other then web-cache. On most Cisco devices, web-cache is reserved for port 80 traffic only and cannot be changed. Any other service ID will work as you want it to.