Redirect all traffic to http

Similar Messages

• Redirecting all HTTP traffic to HTTPS that will reverse proxy specific URI

  -- Requirement --
  I have a Sun web server 6.1 SP4 that sits in a DMZ that must securely reverse proxy traffic to an internal application server listening on 443.
  The web server instance has two listen sockets, 80 and 443.
  The web server instance must accept traffic on port 80 but re-direct it to 443 so all subsequent traffic with the client happens over HTTPS.
  HTTPS traffic for "www.mydomain.com/myapp/" must be reverse proxied to the internal app server, "https://myapp.mydomain.com/myapp/".
  -- Current set-up --
  The server reverse proxies both HTTP and HTTPS traffic with the indicated URI.
  How can I constrain the reverse proxying to HTTPS traffic?
  Thanks for your help,
  Jez

  Thanks Chris that worked perfectly.
  Aside
  Before your solution I had (unsuccessfully) tried the following obj.conf directive
  <Client security="false">
  NameTrans fn="redirect" from="/" url-prefix="https://www.mydomain.com/"
  </Client>However, it didn't work - is it not possible to use the <Client security="false"> in this manner?

• Is it possible to redirect https traffic to http in CSM?

  Hello,
  I have a requirement to redirect https traffic to http. Is it possible to do that in the CSM?
  In the CSM documentation all redirect examples/config etc refer only to http traffic so I am wondering if the other way around is supported as well.
  BTW I have already tried it on the CSM and it is not working. Everytime I try to reach the https url I get "ERROR_INTERNET_SECURITY_CHANNEL_ERROR" on http watch.
  Thanks for any help offered.
  Murtaza

  I don't have a config in hands for this.
  I have done it before and know this is feasible.
  The redirect is here :
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00802877f6.shtml
  Just change the vip to be only accessible by the SSLM.
  Create the appropriate redirect vserver.
  On the SSLM, send the decrypted traffic to the vip address and port.
  Just as if the Vip was a server.
  Gilles.

• ACE 4710: Config Allows all traffic except large HTTP downloads

  Hi Folks,
  Got an ACE 4710 with a basic config that seems to work for all traffic except large downloads.
  I've attached the current config
  As I mentioned I can do normal HTTP to a standard destination like google or SSH through the ACE or ICMP
  If i try to get a large file from the server side of ACE, then a trace shows that the first and subsequent 1460Byte packets dont go through ACE
  I've thought of parse lengths, but i cannot see any that seem to affect the generic L4 maps that I am trying to use
  Cheers
  Alan

  I've seen a similar fault. I suppose a lower MSS was sent in the TCP SYN handshake packets (1300 or 1380?) and the packets exceeding that value were dropped by the ACE. This is the default behavior which can be switched to a less strict mode by either
  exceed-mss allow
  or
  no normalization
  commands.
  In our case, a linux web server was whose replies wouldn't keep to the MSS limit.

• How to redirect all Tomcat request to a servlet

  How can I set up Tomcat to redirect all request to a certain sevlets which sends the user to the right web-application.
  What ever the user type in the URL, i.e.:
  http://customer01.myDomain.dk
  or
  http://customer02.myDomain.dk
  or
  http://customer01.myDomain.dk/myApp/login.jsp
  - I want tomcat to redirect to a servlet class. Is that possible?
  Thanks

  Yes but pretend each customer has more than one web-application. Then it is not possible for the customer to use only this URL:
  http://customer01.myDomain.dk
  Each customer need a seperate url for each application, something like this:
  http://customer01.myDomain.dk/myApp01/login.jsp
  http://customer01.myDomain.dk/myApp02/login.jsp
  ( easy URL�s they can remember )
  And I don�t think it is possible to make an alias to the exact URL to the web application. That�s why I need Tomcat to redirect all request to i.e. Index.jsp which then redirect to the correct application.
  Here is an example:
  Customer01 type in:
  http://customer01.myDomain.dk/myApp01/login.jsp
  Tomcat calls Index.jsp which redirect to this URL:
  http://www.myDomain.dk/myApp01_ID0921/login.jsp
  Can you help me with this problem?

• Forwarding all traffic to a new IP

  I've got a machine with two NICs in it which is currently acting as a transparent firewall (i.e. just bridge the two NICs and watch traffic). I've added a third NIC and want to send a copy of all traffic that goes through the bridge out through the new NIC to a separate box so I can run an IDS or packet logger on it. How can I do it?
  I've tried fighting with various iptables rules but not gotten anywhere.
  I've got the daemonlogger script (http://www.snort.org/users/roesch/Site/ … ogger.html) which copies all the traffic on the bridge to the new NIC but I'm stuck with actually sending it out from there.

  To move SQL to New IP:
  To assign a TCP/IP port number to the SQL Server Database Engine
  In SQL Server Configuration Manager, in the console pane, expand SQL Server Network Configuration, expand Protocols for <instance name>, and then double-clickTCP/IP.
  In the TCP/IP Properties dialog box, on the IP Addresses tab, several IP addresses appear in the format IP1, IP2,
  up to IPAll. One of these is for the IP address of the loopback adapter, 127.0.0.1. Additional IP addresses appear for each IP Address on the computer. Right-click each address, and then click Properties to
  identify the IP address that you want to configure.
  If the TCP Dynamic Ports dialog box contains 0, indicating the Database Engine is listening on dynamic ports, delete the 0.
  In the IPn Properties area box, in the TCP Port box, type the port number you want this IP address to listen on,
  and then click OK.
  In the console pane, click SQL Server Services.
  In the details pane, right-click SQL Server (<instance name>) and then click Restart, to stop and restart SQL Server.
  https://msdn.microsoft.com/en-IN/library/ms177440.aspx
  Regards, Pradyothana DP. Please Mark This As Answer if it solved your issue. Please Mark This As Helpful if it helps to solve your issue. ========================================================== http://www.dbainhouse.blogspot.in/

• WSA blocking HTTPS traffic -allowing HTTP

  We have two S170 WSA appliances configured as Guest Wi-Fi Internet proxy servers.  The local network design is as follows:
  WLC5508 (Foreign)     >>     WLC5508 (Anchor)     >>     ACE20 Context     >>     WSA 170     >>     FWSM     >>     Internet
  Guest traffic is authenticated via WCS using RADIUS but is disabled for now.
  Clients associate to SSID, receive IP address via local DHCP scope on anchor WLC and forward all traffic to DFWG which is ACE20 interface.
  ACE20 has specific class-maps for public DNS use and loadbalance policy-map which forwards all other traffic (excluding DNS) to WSA.
  HTTP traffic works fine, HTTPS traffic fails.  The HTTPS proxy service uses a local self-signed certificate for initial decryption of the session. The browser and WSA negotiates to use TLSv1 then the error below is shown.
  Fails
  57666018.658 32 192.168.244.1 NONE_SSL/200 0 TCP_CONNECT 10.153.9.6:443 - NONE/- - OTHER-NONE-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-"> - s-ip= 255.255.255.255 s-port= 443 webcat-code= - cs-version= 0 cs-auth-group= - c-port= 54930 cs-bytes= 0 wbrs-score= - wbrs-threat-reason= - wbrs-threat-type= - cs-user-agent= - cs-referer= - cs-cookie= -
  1357666018.760 32 192.168.244.1 NONE_SSL/200 0 TCP_CONNECT 10.153.9.6:443 - NONE/- - OTHER-NONE-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-"> - s-ip= 255.255.255.255 s-port= 443 webcat-code= - cs-version= 0 cs-auth-group= - c-port= 54931 cs-bytes= 0 wbrs-score= - wbrs-threat-reason= - wbrs-threat-type= - cs-user-agent= - cs-referer= - cs-cookie= -
  1357666018.799 0 192.168.244.1 TCP_DENIED_SSL/403 0 GET https://post.packetconsulting.com:443/owa - NONE/- - BLOCK_ADMIN-HTTPS-NonLocalDestination-NONE-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-"> - s-ip= 255.255.255.255 s-port= 443 webcat-code= - cs-version= 1 cs-auth-group= - c-port= 54931 cs-bytes= 598 wbrs-score= - wbrs-threat-reason= - wbrs-threat-type= - cs-user-agent= "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; InfoPath.2; Tablet PC 2.0; MS-RTC LM 8)" cs-referer= - cs-cookie= -
  I have seen this error posted before but no resolution.  I'm sure this is a config problem, but cannot figure why or where!
  Any ideas, thoughts or help would be great...
  Cheers

  Hi axa,
  This is an access policy blocking the SSL traffic based on the TCP_DENIED_SSL / 403. Also I would suspect that you do not have HTTPS proxy enabled which would be required since your not using port 80 for 443 traffic. I would recommend opening a ticket with the WSA Content Security Team.
  Sincerely,
  Erik Kaiser
  WSA CSE
  WSA Cisco Forums Moderator
  Message was edited by: Erik Kaiser

• SonicWall SourceNAT VPN setup as default route for all traffic!

  Hi,OK hope someone can help with this mess.....Our customer has been taken over by a US company who have said all outgoing internet traffic must go via their data centre. They want us to create an IPSEC vpn from our SonicWALL TZ215 to them then route all traffic locally via this VPN.In principle this didn't sound too bad. Then there were some more options:Our local subnet 172.x.x.x has to be NAT'd to a single /32 address. 192.x.x.131They also require our destination network to be set as 0.0.0.0. as they wont specify the range at the datacenter.I have managed to get the VPN up but using the the NAT address as my local subnet and using the option on the SonicWALL "Use this VPN Tunnel as default route for all Internet traffic" on the remote network. Phase 1 and Phase 2 work ok. The problem i now have is i need to route all LAN traffic...
  This topic first appeared in the Spiceworks Community

  Hi Norbert,
  I am sorry to say that configuring routes in Azure Virtual network is not supported. I recommend you to submit your reuqirement on Azure Feedback and hope it would be released soon:
  http://feedback.azure.com/forums/217313-networking-dns-traffic-manager-vpn-vnet
  Best regards,
  Susie
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Automatically redirecting all root home page requests

  How is it possible to automatically re-direct all pages requests for the sites root at http://www.mydomain.com/ to http://www.mydomain.com/myapp/ such that any subsequesnt requests for http://www.mydomain.com/myapp/otherpages.hmtl etc. are not affected?
  Currently all requests to http://www.myhome.com/myapp/ all captured and passed through the reverse proxy plugin to a backend application server:
  NameTrans fn="assign-name" from="/myapp(|/*)" name="passthrough"
  <Object name="passthrough" 2=">">
  ObjectType fn="force-type" type="magnus-internal/passthrough"
  Service type="magnus-internal/passthrough" fn="service-passthrough" servers="http://192.168.1.1:80"
  </Object>Any requests to the root directory are handled by a client-side HTML redirect to http://www.mydomain.com/myapp/ which is then picked up by the web servers reverse-proxy passthrough.
  I would like to remove the client-side re-direct and have all root requests automatically rewitten as the subdirectory and then passed through the reverse proxy.

  Okay, I have dug back through the forums and elving gave the solution back in April '05:
  http://forum.sun.com/jive/thread.jspa?threadID=52552&tstart=850I have added the following lines to the default object in obj.conf - this redirects requests for the root folder to a subfolder, myapp, and these are then reverse proxied to another server:
  <Object name="default">
  <Client uri="/">
  NameTrans fn="redirect" from="/" url-prefix="/myapp"
  </Client>
  NameTrans fn="assign-name" from="/myapp(|/*)" name="passthrough"
  </Object>
  <Object name="passthrough" 2=">">
  ObjectType fn="force-type" type="magnus-internal/passthrough"
  Service type="magnus-internal/passthrough" fn="service-passthrough" servers="https://192.168.1.1:80"
  </Object>This now re-directs without any cient scripting.... which is tidier.

• Redirect web traffic on SRP527W router

  Hello,
  Is it possible to redirect all web traffic to a Symantec web filtering address on a particular listening port.
  I had a look at the Srp527w Router and can't find where this could be done.
  Thanks,
  Sent from Cisco Technical Support iPad App

  Can anyone recommend a Small business type router that does provide web proxy functionality on the device.
  Trying to find something that can provide this without the need to go an ASA firewall or equivalent.
  Thanks.
  Sent from Cisco Technical Support iPad App

• Denying all traffic on the inside unless specified

  Hi Is there a way to configure my asa5505 to dent all traffic on the inside so i can specify what ip or host  can access specific protocol or ports via access list? im thinking mabe i ned to set the inside security level to 0 also and then specify any ideas.

  Hi,
  Well it is pretty simple,
  You will have to use ACL and simply only allow the traffic you need to allow. Since the ACL automatically denies any traffic that isnt specifically permitted you dont really need any deny statements even.
  You cant make specific rules with the "security-level" alone and using an interface ACL basically makes the "security-level" useless for the most part.
  As soon as you configure an ACL like this for example
  access-list INSIDE-IN permit tcp any host 1.1.1.1 eq 80
  access-group INSIDE-IN in interface inside
  It will mean that only traffic that is allowed is TCP/80 traffic to destination IP address 1.1.1.1. All other traffic will be blocked because of the Implicit Deny in every ACL. It wont show in the CLI configuration. Naturally if you want you can always add the deny rule to the ACL to see the hitcount of traffic that has not matched the previous rules
  access-list INSIDE-IN permit tcp any host 1.1.1.1 eq 80
  access-list INSIDE-IN deny ip any any
  access-group INSIDE-IN in interface inside
  You will have to make sure that you dont block any essential services your users might need like usually HTTP, HTTPS, DNS for example. It really depends on what you are trying to achieve.
  - Jouni

• Firewall Allow all traffic on lan

  Is there a way to make a firewall rule to allow all traffic on en1? I have my ip ranges set to allow all traffic, but I still have to turn the firewall off for DHCP to give IP addresses to new devices on the network.

  dtich wrote:
  thx dean, yes, i had certainly looked at the log, which shows these entries:
  Nov 11 21:49:25 north-knoll-server ipfw[8789]: 65534 Deny UDP 169.254.14.242:138 169.254.255.255:138 in via en0
  but i have no idea where 169xxx is, nothing on my lan... if the port is 65534, that's an ftp passive port, tried opening that, doesn't solve the problem. if the port is 138, that's netbios, which would be odd, but i tried opening that too. nothing doing. can't figure it out. and the log really isn't helping too much.
  traceroute gives me:
  traceroute to 169.254.14.242 (169.254.14.242), 64 hops max, 40 byte packets
  1 169.254.14.242 (169.254.14.242) 0.593 ms 0.504 ms 0.195 ms
  so, i guess that's some internal address that my router uses or something..?? wacky. i'm out of my depth here.
  if i allow 169.254.x.x, i still get no joy.
  mean anything else to you?
  yeah, 169.254.x.x is part of the zeroconf net address range. (See http://en.wikipedia.org/wiki/Zeroconf for more details)
  Not sure why the device in particular is trying port 138 unless it's Windows box maybe? Is en0 on your local network or external?

• To redirect a page from https to http

  Hi all,
  I am tryin a project where my login page is https..and i want to to redirect the user to http after login without having to loose sesion values.
  can any one suggest me a proper way?
  Thanks & regards.
  Sandip

  This is a browser setting so there's nothing you can do in your app. If a user does not like it, they can turn the warning off.

• How can i use an existing vpn connection without using the option "Send all traffic over vpn connection"?

  I have been trying to get my computer (os x.7) to astablish a remote desktop connection to my work computer via a vpn tunnel. In fact I have just discovered that it works fine if i select to "send all traffic over vpn connection" from the options in the advanced setup of the vpn.
  If the option is selected microsofts "Remote desktop connection for mac" works just fine. However without selecting the option it is not taking advantage of the tunnel but tries to connect as if the tunnel would not exist.
  Now the question is how do I get program to use the vpn tunnel without checking the above option?
  Thanks for any hints and pointers.

  Then can her computer be authorized to both accounts?
  Absolutely. You can authorize any given computer to up to five iTunes Store accounts.
  If purchases are made on her account, to a computer authorized to my account, can I put those songs on my iPod?
  If you connect your iPod to her computer, yes. Tracks download only to the computer from which they're purchased, regardless of which iTunes Store account is used for the purchase. Or you could copy the tracks from her computer to yours and then authorize your computer to her iTunes Store account. But that's sort of defeating the original purpose, it would seem to me.
  is it better to buy music through Amazon downloads and/or actually purchasing CDs to avoid the security features iTunes puts on its music?
  That's certainly an option. If it's an entire album I want, I buy CDs. That way I can import them at the quality I want and to whichever of my systems I want. Amazon or one of the other download stores that offer tracks as MP3 are also an option, though for me download stores are best when you just want a couple of tracks off a given CD.

• How can I redirect all messages to 2 another mail servers?

  Hi all
  ./imsimta version
  Sun Java(tm) System Messaging Server 7.3-11.01 64bit (built Sep 1 2009)
  libimta.so 7.3-11.01 64bit (built 19:54:45, Sep 1 2009)
  I wanted to redirect all messages(in and out) to another mail server, I configured as follows,
  - imta.cnf
  ! tcp_local
  tcp_local smtp mx single_sys ....... sourcefilter file:///backother.filter
  ! tcp_intranet
  tcp_intranet smtp mx single_sys ....... sourcefilter file:///backother.filter
  - backother.filter
  require ["fileinto"];
  if address :all :matches ["From"]["*"]{
  redirect "[email protected]";
  keep;
  stop;
  One e-mail account receives all messgaes and those messages will be kept in sender's or receiver's mail storage.
  I want , however, redirect all messages 2 or 3 mail servers.
  I tried several things to do this include edit backother.filter(this is written in Sieve ), but I failed.
  Is there any way to redirect messages to another mail servers?
  Any way would be good , using sieve script, make antoher channel or channel keyword
  Thanks
  Edited by: leeky41 on Mar 9, 2010 10:58 PM
  Edited by: leeky41 on Mar 9, 2010 11:06 PM
  Edited by: leeky41 on Mar 9, 2010 11:07 PM

  leeky41 wrote:
  Redirecting the message means it will not be delivered to the original recipient.I know so I wrote 'keep' keyword to deliver messages to the original recipient.
  capture "[email protected]";
  I tested it but the capture's behavior was very weird, subject had changed to something like,'deliverd status notice', sender had changed to postmaster and additional notice messgae inserted into mail body.The default sieve capture action encapsulates the email to keep a copy of both the envelope information and the original message. MS7u3 also supports the Exchange journal encapsulation format through the addition of the ":journal" parameter.
  I edited 'capture' like this..
  capture :message "[email protected]";
  The ":message" flag removes the encapsulation -- therefore you will have no idea of who the original sender/recipients were as the envelope information has been discarded.
  It worked fine. It was same as the result of 'redirect'.
  but the following line, sent10 messages to each recipients.(receive_01,receive_02)
  capture :message "[email protected],[email protected]";
  maybe there was some 'loop' actions happened.The email produced by the capture sieve action is being "captured" which is resulting in a loop. You can stop this by adding an envelope test e.g.
  require ["envelope"];
  if not envelope :is ["to"] ["[email protected]","[email protected]"]
          capture :message "[email protected]";
          capture :message "[email protected]";
  }Regards,
  Shane.