Redirecting all HTTP traffic to HTTPS that will reverse proxy specific URI

-- Requirement --
I have a Sun web server 6.1 SP4 that sits in a DMZ that must securely reverse proxy traffic to an internal application server listening on 443.
The web server instance has two listen sockets, 80 and 443.
The web server instance must accept traffic on port 80 but re-direct it to 443 so all subsequent traffic with the client happens over HTTPS.
HTTPS traffic for "www.mydomain.com/myapp/" must be reverse proxied to the internal app server, "https://myapp.mydomain.com/myapp/".
-- Current set-up --
The server reverse proxies both HTTP and HTTPS traffic with the indicated URI.
How can I constrain the reverse proxying to HTTPS traffic?
Thanks for your help,
Jez

Thanks Chris that worked perfectly.
Aside
Before your solution I had (unsuccessfully) tried the following obj.conf directive
<Client security="false">
NameTrans fn="redirect" from="/" url-prefix="https://www.mydomain.com/"
</Client>However, it didn't work - is it not possible to use the <Client security="false"> in this manner?

Similar Messages

  • Is it possible to redirect https traffic to http in CSM?

    Hello,
    I have a requirement to redirect https traffic to http. Is it possible to do that in the CSM?
    In the CSM documentation all redirect examples/config etc refer only to http traffic so I am wondering if the other way around is supported as well.
    BTW I have already tried it on the CSM and it is not working. Everytime I try to reach the https url I get "ERROR_INTERNET_SECURITY_CHANNEL_ERROR" on http watch.
    Thanks for any help offered.
    Murtaza

    I don't have a config in hands for this.
    I have done it before and know this is feasible.
    The redirect is here :
    http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00802877f6.shtml
    Just change the vip to be only accessible by the SSLM.
    Create the appropriate redirect vserver.
    On the SSLM, send the decrypted traffic to the vip address and port.
    Just as if the Vip was a server.
    Gilles.

  • I am looking for an iPad App that will play a specific iTunes song, at a specific time, on a specific day?  Thank you all!

    i am looking for an iPad App that will play a specific iTunes song, at a specific time, on a specific day?  Thank you all!

    Sorry, i did not say that i need to go out further than 1 week.  This is for a church Bell Tower Music System.  So we don't want to have to re program the music every week.  We are looking for more of a Calender App that will play iTunes Songs for alarms...different songs, on different days.  IDEAS ANYONE ???

  • Is there an all in one printer/scanner that will work stand alone with the ipad?  Thanks

    I'm looking for an all in one scanner/printer that will work stand alone with the ipad,I'm scanning some family photos and no longer use a laptop,thanks for any help.

    Use an AirPrint printer.
    They are listed here (along with instructions for communicating with iPad):
    AirPrint Basics

  • Looking for an app that will alarm on specific text messages.

    Looking for an app that will alarm on specific text messages. The idea is to use the message as a pager without a monthly subscription. There is a similar app for andriod called firealert.

    I could not find any app that would do this. There are different types of message apps but nothing that I could find to do what I am looking for. For a specific contact I would like the message to have a notification that will not go away until I acknowledge it. Just like you would do if it was a pager.

  • Wish to purchase a printer that will reverse print for transfer app and also has 4 seperata ink well

    Wish to purchase a printer that will reverse print for transfer app and also has 4 seperata ink well

    There are severall units out there with 4 ink cartridges, not sure about the option to revesre image in the printer, however mirroring an image is possible in most software programs. Even in paint i think.
    Say "Thanks" by clicking the Kudos Star in the post that helped you.
    Although I work for HP my posts and replies are my own
    Please mark the post that solves your problem as "Accepted Solution"

  • "The page isn't redirecting properly, Firefox has detected that the server is redirecting the request for this address that will never complete" has anyone come across this staement?

    This statement pops up on some occasions when I am sending an Email, but the Emails are usually received by the recipient! who are mostly Family so I have been able to check that that have been read.

    Hi mawhitehead,
    try these
    * '''The page is not redirecting properly''' - MozillaZine Knowledge Base<br>http://kb.mozillazine.org/The_page_is_not_redirecting_properly
    * '''Network.http.redirection-limit''' - MozillaZine Knowledge Base<br>http://kb.mozillazine.org/Network.http.redirection-limit
    * I am unable to access my gmail calender. It states that refused because of cookies being blocked.<br>https://support.mozilla.com/en-US/questions/786049
    * tried posting new thread on sourceforge shareaza forums, firefox gives problem loading page, <br>https://support.mozilla.com/en-US/questions/757368
    * Firefox has issues redirecting, cookies are all on, I think I voided my warranty. <br>https://support.mozilla.com/en-US/questions/755435
    * firefox message: &quot;The page isn't redirecting properly&quot; Firefox has detected that the server is redirecting the request for this address in a way that will never complete.<br>https://support.mozilla.com/en-US/questions/695393

  • How to configure DNS server to redirect all web traffic to one external website?

    I'd like to use the DNS service on my OS X Server as a way to force all all web traffic to one specific, external website. Not quite sure how to go about configuring it, though - any recommendations?
    (BTW, this is, obviously, not our primary DNS server; I intend to silently update the preferred DNS server for users who fail to complete their timesheets in order to force the issue)

    Web clients don't generate uniquely-identifiable DNS queries; there's no SRV request or related traffic that you could select on and spoof.  So if you do implement this, everything querying the spoofing DNS server will get the spoofed host, or you'll have to spot specific queries that are likely web queries; Facebook, Google, Bing, etc. 
    If you still want to implement this, then I'd probably replace the DNS server with a runt DNS server (maybe hack dnsmasq or maraDNS, or create yourself a trivial DNS server) and have that always return the specified IP address.  This avoids having to hack BIND to be universally authoritative, which is probably on par with hacking a simpler DNS server to always return a fixed IP address, and the latter is probably easier to undo.
    A firewall can spot TCP port 80 and port 443 traffic, unlike a DNS server.   Firewalling outbound port 80 traffic is more typical of these requests, and either trap that traffic to a specific web page based on the capabilities of the firewall, or the web proxy approach that Camelot suggests.  There are folks that tie access into the web proxies into external authentication and related; that'd be able to do what you want.   Web proxies are usually combined with firewall blocks, as most sites want only the web proxy to have external access, too.  But this is also rather more pieces than a DNS redirect, too.

  • WSA blocking HTTPS traffic -allowing HTTP

    We have two S170 WSA appliances configured as Guest Wi-Fi Internet proxy servers.  The local network design is as follows:
    WLC5508 (Foreign)     >>     WLC5508 (Anchor)     >>     ACE20 Context     >>     WSA 170     >>     FWSM     >>     Internet
    Guest traffic is authenticated via WCS using RADIUS but is disabled for now.
    Clients associate to SSID, receive IP address via local DHCP scope on anchor WLC and forward all traffic to DFWG which is ACE20 interface.
    ACE20 has specific class-maps for public DNS use and loadbalance policy-map which forwards all other traffic (excluding DNS) to WSA.
    HTTP traffic works fine, HTTPS traffic fails.  The HTTPS proxy service uses a local self-signed certificate for initial decryption of the session. The browser and WSA negotiates to use TLSv1 then the error below is shown.
    Fails
    57666018.658 32 192.168.244.1 NONE_SSL/200 0 TCP_CONNECT 10.153.9.6:443 - NONE/- - OTHER-NONE-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-"> - s-ip= 255.255.255.255 s-port= 443 webcat-code= - cs-version= 0 cs-auth-group= - c-port= 54930 cs-bytes= 0 wbrs-score= - wbrs-threat-reason= - wbrs-threat-type= - cs-user-agent= - cs-referer= - cs-cookie= -
    1357666018.760 32 192.168.244.1 NONE_SSL/200 0 TCP_CONNECT 10.153.9.6:443 - NONE/- - OTHER-NONE-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-"> - s-ip= 255.255.255.255 s-port= 443 webcat-code= - cs-version= 0 cs-auth-group= - c-port= 54931 cs-bytes= 0 wbrs-score= - wbrs-threat-reason= - wbrs-threat-type= - cs-user-agent= - cs-referer= - cs-cookie= -
    1357666018.799 0 192.168.244.1 TCP_DENIED_SSL/403 0 GET https://post.packetconsulting.com:443/owa - NONE/- - BLOCK_ADMIN-HTTPS-NonLocalDestination-NONE-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-"> - s-ip= 255.255.255.255 s-port= 443 webcat-code= - cs-version= 1 cs-auth-group= - c-port= 54931 cs-bytes= 598 wbrs-score= - wbrs-threat-reason= - wbrs-threat-type= - cs-user-agent= "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; InfoPath.2; Tablet PC 2.0; MS-RTC LM 8)" cs-referer= - cs-cookie= -
    I have seen this error posted before but no resolution.  I'm sure this is a config problem, but cannot figure why or where!
    Any ideas, thoughts or help would be great...
    Cheers

    Hi axa,
    This is an access policy blocking the SSL traffic based on the TCP_DENIED_SSL / 403. Also I would suspect that you do not have HTTPS proxy enabled which would be required since your not using port 80 for 443 traffic. I would recommend opening a ticket with the WSA Content Security Team.
    Sincerely,
    Erik Kaiser
    WSA CSE
    WSA Cisco Forums Moderator
    Message was edited by: Erik Kaiser

  • CSG C5(14) alters HTTP traffic if http accounting is enabled

    Hi guys,
    I'm facing an issue with some mobile handsets that connect to the internet to gather information from the vendor website (http tcp 80).
    I have CSG 5.5(14) configured in this way:
    ip csg policy HTTP
    accounting type http customer-string INTERNET
    ip csg content WWW
    ip any tcp 80
    replicate
    vlan CLIENTVLAN
    policy HTTP
    inservice
    Mobile handsets receive an error while trying to connect.
    A trace (attached) shows an HTTP 502 (Bad Gateway).
    If I create a more specific content without policy (and consequently without http accounting) like the following, everything works:
    ip csg content MYCONTENT
    ip 84.0.0.0 255.0.0.0 tcp 80
    replicate
    vlan CLIENTVLAN
    inservice
    My problem is that the DNS resolves that hostname each time with different IP address in different subnets, so I don't have a safe way to map the webserver to this new content.
    My questions:
    Is there any method to safely map that destination without involving an huge amount of IP address that should match WWW content instead?
    Anyone knows what is the behavior of http accounting in CSG?
    Thanks in advance.
    Regards,
    Riccardo

    Each HTTP method must be initiated by the same endpoint that initiated the TCP connection.The CSG supports IP fragmentation for HTTP; Internet Message Application Protocol, version 4 (IMAP4); Post Office Protocol version 3 (POP3); Simple Mail Transfer Protocol (SMTP); Wireless Application Protocol (WAP) 2.0; and WAP 1.x, regardless of the order in which the flows arrive.Refer http://cisco.com/en/US/products/sw/wirelssw/ps779/products_configuration_guide_chapter09186a00806ab79a.html

  • Lync mobility and HTTP authentication test failed. Is reverse proxy required?

    I currently have the following setup.
    1 x 2013 edge server lync1.local.com
    has 3 dmz ips for external names 
    has 1 internal ip
    2 x 2013 std front end servers lync2 & lync3.local.com
    Ive read that in 2013 the mobility service is installed automatically on the front end servers and i do see it running on both.
    All my clients can connect from the windows and mac clients(internally and externally) but not from phone or windows app store client (internally or externally)
    running the exchangeconnectivity test on the website i get the following error
    Testing HTTP authentication methods for URL https://lyncdiscover.external.com/Autodiscover/AutodiscoverService.svc/root/user.
      HTTP authentication test failed.
    Additional Details
    A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
    HTTP Response Headers:
    X-MS-Server-Fqdn: lync1.local.com
    Connection: close
    Content-Length: 64
    Content-Type: text/plain
    Server: RTC/5.0
    Elapsed Time: 427 ms.
    After some reading I notice that many people refer to a reverse proxy when dealing with mobility.
    I do not have a reverse proxy server installed. Is this required for the mobility to work correctly? I cant just use the edge server?
    Thanks in advance for any help.

    Take a look at Georg Thomas' blog: http://www.lynced.com.au/2014/04/configure-citrix-netscaler-vpx-as.html also the Citrix official documentation: http://www.citrix.com/global-partners/microsoft/netscaler.html 
    Please mark posts as answers/helpful if it answers your question.
    Blog
    Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.

  • HTTP adapter using SSL through a reverse proxy (Apache)

    I've configured SSL on the PI Server (Double_Stack) and it is working fine.  I need to configure an Apache server to act as a reverse proxy which will accept client certificates.  Is there a how to or SDN post on this?  I have been searching but no luck.  I have found info on www.apache.org but it is confusing.  Web Dispatcher is not an option in this case (mandated Apache).  Thanks for the help.

    Didn't need to use Apache.

  • Redirect HTTPS traffic to HTTP in Tomcat

    Hi,
    We are running SAP BI Platform 4.0 SP2 Patch 7, which runs on top of Tomcat 6.
    We have succesfully configured our iPads to connect to our SAP BusinessObjects server using HTTPS in internet. We have an application proxy that handles HTTPS and sends plain HTTP to the SAP BusinessObjects server.
    The problem is that same connection do not work when users are accessing our intranet, because the SAP BusinessObjects server only accepts HTTP requests in port 8080.
    I have seen that Tomcat allows automatic redirections from HTTP to HTTPS ( using redirecPort parameter in HTTP connector definition ).
    But is it possible the opposite, to switch automatically HTTPS to HTTP ?
    Regards,
    Joan

    Hi,
    At last we have activated HTTPS support in Tomcat. The idea was to avoid HTTPS in BOBJ servers to save CPU usage but after some tests we can afford it.
    So no redirections are needed and the question is solved.
    Thanks,
    Joan

  • Best Home use All- in one scanner/printer that will run on linux

    Doestic Use - UK .  What would members recommend as the best all-in-one printer scanner colour, to use on linux with full wireless  capability and photo mainipulation software addons etc.  Runnung Ubuntu based 14.04 - Linux Lite 2.4    Thanks

    I think you will not get a general consensus. Canon is my preference, for both work and at home, but others will tell you they are rubbish, most likely due to a previous bad experience, such as your friend has had.
    What I can say about the Canon products is that they have improved their driver and software functionality compared to the days of 10.2. There are still some shortfalls, but there is definitely more support for OS X than there ever was previously.
    With your friends requirements in mind, I would suggest the MX700. It offers Ethernet and USB connections for printing, faxing and scanning. It also does a reasonable job of photo printing.
    Here is a CNET review
    http://www.cnet.com.au/printers/multifunction/0,239035478,339281337,00.htm

  • I am a subscriber to a web site that no longer allows me to connect. The message I receive is,"Firefox has detected that the server is redirecting the request for this address that will not complete." Why, and what can I do to fix it?

    I am using a new computer with the latest version of FF on it. When the problem began, I was using an older computer that had a virus and malware on it. I have not yet cleaned the files from the old computer and consequently have not transferred any of them. I don't understand why I am having this same problem. I am not experienced with FF and wonder if there is some setting that I need to change.

    Press CTRL+SHIFT+DEL, change the top option to '''Everything '''and in the bottom menu, checkmark '''Cache '''(uncheck all the others). Then click '''Clear Now'''.
    Then go to '''Tools''' | '''Options '''| '''Advanced '''and in the Network tab | Offline Storage menu, click '''Clear Now'''.
    Then go to '''Tools '''| '''Options '''| '''Privacy''', click '''Show Cookies '''button and delete the cookies for lumosity.com.
    Then try again.

Maybe you are looking for