Redirecting HTTPS to HTTP in IIS 8

Hi,I have a slight problem. We have a web service running on an internal server, using HTTP. This server has a DNS name like internal.domain.com. Externally, we allow access through a reverse proxy server, that also uses HTTPS externally. This server has the external DNS name of service.domain.com. Internally (we're running split horizon DNS), service.domain.com points to internal.domain.com. Now the problem becomes that you need to use https://service.domain.com externally, and http://service.domain.com internally to access the same resource. What I would like to do is to have any incoming internal traffic to service.domain.com using HTTPS redirected to the same URL but using HTTP.I tried the following global rewriter rule in the applicationhost.config file.TextThat doesn't work for some reason.Then I tried;TextDidn't work either.What...
This topic first appeared in the Spiceworks Community

Thanks for your answer Roberto,
I have to say that i have one OC4J instance with 3 processes (virtual machines)[production environment], the problem arises when my application switches from https to http, https runs, let´s say, on process 1 and then http runs on process 3, that´s the reason why any object created on https is lost when switching to http.
I´ve checked some documentation about this subject but they talk about oc4j clusters (multiple oc4j with multiple processes within),*my case is one oc4j with multiple processes* i just need to know if there is some way to keep session between multiple virtual machines or to keep application execution on one virtual machine using https and http.
Greetings....

Similar Messages

Redirect HTTP to HTTPS with Host Name Site Collections

By using Alternate Access Mapping, its possible to redirect HTTP to HTTPS.
as explained in this thread
http://social.msdn.microsoft.com/Forums/en-US/eaab487a-bc94-4f06-981b-c62711764367/redirect-http-to-https-for-sharepoint-2013
However what if I am using Host name site collections? My understanding is that the AAM will not work then... so how can I sure that
http://intranet.contoso.com is automatically redirected to https://intranet.contoso.com ?
val it: unit=()

This is not correct. You can't use URL rewrite with Host Named Site Collections in SharePoint. For URL rewrite to work you need to set bindings on web application which overrides Host Named Site Collection bindings in SharePoint (you have to chose either
web application bindings or let SharePoint handle that).
If you want to use URL Rewrite you need to create new Site in IIS7 which will listen on port 80 and rewrite URLs to port 443. This will create small overhead but you can save on resources by leveraging HNSC and have minimal number of web applications on
the server.
----Edit on 1/16/2014-----
I stand corrected. Above statement is NOT CORRECT. You can indeed perform HTTP to HTTPS URL rewrite with Host Named Site Collections (HNSC) quite elegantly. You do not need any additional web applications. In essence you can
build you whole farm with single web app on IIS (well two, since second one would be used for SharePoint services). Below is the example where I created single URL rewrite rule which handles any new host name provided they use same domain name (i.e. xxxxx.domain.com).
I have 20+ HNSCs in single web application and all of them are using URL rewrite.
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{SERVER_PORT}" pattern="443" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}.domain.com/{R:1}" />
</rule>
</rules>
</rewrite>
You need to install URL rewrite plugin and configure binding the following way on your web app in IIS. This will allow rewrite to work and SharePoint will be able to handle hoast header bindings internally.

Unable to use HTTPS proxy when redirecting HTTP/HTTPS via NAT

I'm trying to get the WSA to work when redirecting HTTP and HTTPS traffic along the lines of the following:
object network WSA-HOST
 host 10.0.210.2
object network obj-10.0.1.0 subnet 10.0.1.0 255.255.255.0
object service ORIG-HTTP-PORT
 service tcp destination eq www
object service WSA-HTTP-DEST-PORT
 service tcp destination eq 8080
object service ORIG-HTTPS-PORT
 service tcp destination eq https
object service WSA-HTTPS-DEST-PORT
 service tcp destination eq https << also tried 8080 etc.
nat (inside,outside) source dynamic obj-10.0.1.0 interface destination static obj_any WSA-HOST service ORIG-HTTP-PORT WSA-HTTP-DEST-PORT
nat (inside,outside) source dynamic obj-10.0.1.0 interface destination static obj_any WSA-PROXY-HOST service ORIG-HTTPS-PORT WSA-HTTPS-DEST-PORT
This works just fine for HTTP, but with HTTPS I get the following response from the Ironport WSA:
Based on your corporate access policies, access to this web site ( https://www.rbsdigital.com/ ) has been blocked.
Notification codes: (1, POLICY, UNKNOWN, 0x00000082, 1329750248.609, QAAAAAAAAAAAAAAAyf8AAP8AAAD/AAAAAAAAAAAAAAE=,
https://www.rbsdigital.com/)
The access log gives me the following:
1329750248.602 404 10.0.4.140 NONE_SSL/200 0 TCP_CONNECT 10.0.210.2:443 - NONE/- - OTHER-NONE-NONE-NONE-NONE-NONE-NONE <-,-,"-","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,[Local],"-","-"> -
1329750248.609 0 10.0.4.140 TCP_DENIED_SSL/403 1840 GET https://www.rbsdigital.com:443/ - NONE/- - BLOCK_ADMIN-HTTPS-NonLocalDestination-NONE-NONE-NONE-NONE-NONE-NONE <-,-,"-","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,[Local],"-","-"> -
If anyone has any idea why the WSA simply denies the connection instead of proxying it then I'd be grateful.
The WSA and the decryption policies work fine in explisit mode.
Thanks in advance!

The policy doesn't require authentication. Now here are two tests I did, seconds apart, from the same client on 10.0.4.140:
First one is where I use NAT as shown above:
1329757052.027 118 10.0.4.140 NONE_SSL/200 0 TCP_CONNECT 10.0.210.2:443 - NONE/- - OTHER-NONE-NONE-NONE-NONE-NONE-NONE <-,-,"-","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,[Local],"-","-"> -
1329757052.311 0 10.0.4.140 TCP_DENIED_SSL/403 1840 GET https://www.rbsdigital.com:443/ - NONE/- - BLOCK_ADMIN-HTTPS-NonLocalDestination-NONE-NONE-NONE-NONE-NONE-NONE <-,-,"-","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,[Local],"-","-"> -
Second test case is when I reconfigured the browser to explisitely use the WSA as a proxy on port 8080:
1329757138.274 344 10.0.4.140 TCP_CLIENT_REFRESH_MISS_SSL/200 39 CONNECT tunnel://www.rbsdigital.com:443/ - DIRECT/www.rbsdigital.com - DECRYPT_WBRS_7-DefaultGroup-UK_Office-NONE-NONE-NONE-DefaultGroup -
1329757138.566 200 10.0.4.140 TCP_CLIENT_REFRESH_MISS_SSL/200 39 CONNECT tunnel://www.rbsdigital.com:443/ - DIRECT/www.rbsdigital.com - DECRYPT_WBRS_7-DefaultGroup-UK_Office-NONE-NONE-NONE-DefaultGroup -
Non-categorised stuff should be passed through:
Global Policy
Identity: All
Pass Through: 1
Monitor: 65
Disabled
Pass Through
Any thoughts ?

Is it possible to redirect https traffic to http in CSM?

Hello,
I have a requirement to redirect https traffic to http. Is it possible to do that in the CSM?
In the CSM documentation all redirect examples/config etc refer only to http traffic so I am wondering if the other way around is supported as well.
BTW I have already tried it on the CSM and it is not working. Everytime I try to reach the https url I get "ERROR_INTERNET_SECURITY_CHANNEL_ERROR" on http watch.
Thanks for any help offered.
Murtaza

I don't have a config in hands for this.
I have done it before and know this is feasible.
The redirect is here :
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00802877f6.shtml
Just change the vip to be only accessible by the SSLM.
Create the appropriate redirect vserver.
On the SSLM, send the decrypted traffic to the vip address and port.
Just as if the Vip was a server.
Gilles.

Can a WLC redirect HTTPS traffic in a CWA environment

Hi Guys.
Regarding with ISE, CWA and WLC, I 'm seeing that when you connect to the SSID and open your navigator, if the URL is an HTTPS URL the traffic is not redirected to the ISE Portal using CWA. I though that the WebAuth Proxy Redirection Port option of the WLC only works when It has the portal (LWA) but not in CWA.
I only found information about the redirection of the traffic when is a HTTP connection (port 80).
Is it possible to redirect HTTPS traffic in a CWA deployment??, most of my users use Google Chrome and, in some scenarios, any search using Gooogle is in HTTPS mode and the captive portal is not shown.
Thanks.
Best regards.

No, the WLC is not able to redirect HTTPS pages.
You can however add other ports(other than 80) that can be redirected incase of proxy etc.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered

How to redirect https traffic to captive portal?

Any WLC controller model (8500/5508/2504/vWLC) version 7.3 and up..
This is unusual scenario wherein clients have a default homepage to https://www.google.com (sample only)
Typical http web redirection don't have any problem at all. When you open your browser and type http://www.google.com it will redirect to captive portal without any problem.
Is there any way to redirect https traffic to captive portal as well?

redirection only happen on http traffic, a feature request has been issued to have the redirection happen on https.
please check the following
CSCar04580
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCar04580
Please make sure to rate correct answers

Redirect HTTP 404 Error

Hi,
Is there anyone knows how to redirect HTTP 404 Error on OAS 4? For example, if the requested file doesnt exist, I have to redirect the request to a default page. Thanks for any help.

So the user actually sees a 404 - page not found error?
Yes, using a static session id in the apache rewrite rule causes the user to get a HTTP 404 - Page cannot be found error.
Since owa_util.redirect_url is called directly after owa_cookie.send, the owa_util.redirect_url is using just the apex relative url, f?p=blahblahblah, which causes all the Host and DAD information (in our case, infotrek.er.usgs.gov/pls/apex/ to be dropped from the Location: header and sends the user to HOST/f?p=blah instead of HOST/DAD/f?p=blah, which causes the http 404 error.
I did the test you asked:
Header when relative URL is used:
HTTP/1.1 302 Found
Date: Thu, 23 Aug 2007 13:09:21 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Location: f?p=190:1:2088586269224413
X-DB-Content-length: 0
Set-Cookie: WWV_PUBLIC_SESSION_TEST=99999999
Connection: close
Content-Type: text/html; charset=UTF-8Header when absolute URL is used:
HTTP/1.1 302 Found
Date: Thu, 23 Aug 2007 13:09:49 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Location: http://infotrek.er.usgs.gov/pls/apex/f?p=190:1:2088586269224413
X-DB-Content-length: 0
Set-Cookie: WWV_PUBLIC_SESSION_TEST=99999999
Connection: close
Content-Type: text/html; charset=UTF-8The second condition is what we need to have happen, and we don't know if we can tinker with anything in apache, Apex, or the owa_util.redirect_url to make it happen. I can't use this fix within any application because the user doesn't get that far. He/she never makes it to the app--they get a Page Cannot be Found error and thinks our site is down.

WCCP V2 Question (Redirect https)

Hello all
I have been successful in implementing wccp in my multiple vlan environment.
Router is Cisco 2921
G0/0 - Internet
G0/1 - Squid Proxy
G0/2 - Clients in multiple vlans
Here is the config:
ip wccp web-cache redirect-list 120
interface GigabitEthernet0/2.1
encapsulation dot1Q 3
ip address 172.16.1.1 255.255.255.0
ip wccp web-cache redirect in
ip nat inside
interface GigabitEthernet0/2.2
encapsulation dot1Q 2
ip address 172.16.2.1 255.255.255.0
ip wccp web-cache redirect in
ip nat inside
interface GigabitEthernet0/2.3
encapsulation dot1Q 3
ip address 172.16.3.1 255.255.255.0
ip wccp web-cache redirect in
ip nat inside
access-list 120 remark REDIRECTION_CRITERIA
access-list 120 deny   ip host 192.168.1.2 any
access-list 120 permit tcp 172.16.1.0 0.0.0.255 any eq www
access-list 120 permit tcp 172.16.2.0 0.0.0.255 any eq www
access-list 120 permit tcp 172.16.3.0 0.0.0.255 any eq www
access-list 120 deny   ip any any
I have some questions:
1) In the command "ip wccp web-cache redirect-list 120", "redirect-list 120" is not required since all vlans are clients.
using ip wccp web-cache redirect in under all subinterfaces alone would work.
Am I correct ?
2) How can I redirect HTTPS traffic to my squid proxy.

Hello,
1. "ip wccp web-cache redirect in"
It would work if you squid proxy have another default gateway to internet.
Otherwise the traffic from the SQUID is also forwarded. You have to use different interfaces for users and squid. On sabinterfeyse vlan SQUID you should not use a configuration wccp
2. Web-cache permit only http. You must configuring Dynamic WCCP.
some example:
in global:
ip wccp 120 redirect-list 120
access-list 120 remark REDIRECTION_CRITERIA
access-list 120 deny   ip host 192.168.1.2 any
access-list 120 permit tcp 172.16.1.0 0.0.0.255 any eq www
access-list 120 permit tcp 172.16.1.0 0.0.0.255 any eq 443
access-list 120 permit tcp 172.16.2.0 0.0.0.255 any eq www
access-list 120 permit tcp 172.16.2.0 0.0.0.255 any eq 443
access-list 120 permit tcp 172.16.3.0 0.0.0.255 any eq www
access-list 120 permit tcp 172.16.3.0 0.0.0.255 any eq 443
access-list 120 deny   ip any any
on interface:
ip wccp 120 redirect in
See link below for more information
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/12-4t/iap-wccp.html#GUID-5E9AE273-1AFD-4598-9325-85F8C822D168
Best regards

Redirect HTTP 404, 401 errors to custom html pages ?

Does anyone know how to set up Weblogic 6.1 to TRAP and REDIRECT http 404, 401 etc error messages to custom predefined friendly html pages on the server ?? Here, WL takes http requests directly and outputs the results directly back to the browsers (not going through a proxy server like IPlanet or other web servers).
So how do I trap HTTP error messages in WL and redirects them to my own custom error pages ??
Help!

Hi Aswin,
Vintela libraries changed in SP3. Usually a 404 error means:
- Typo in any of the xml tags (you can check opening it in IE)
- Typo in the SPN (cannot be found). However, you mention seeing in stdout.log "credentials obtained" so it looks that's fine
- If you are using keytab, comment those lines in web.xml and use the password in Tomcat > Java
If nothing mentioned above solve the issue, I will suggest you to enable debug in Tomcat and post here the stdout.log
Regards,
Julian

Solaris HTTP - MS IIS EOF bug, timeout failures

Greetings,
Experiencing what appears to be an "HTTP EOF" problem
running on Solaris 2.7 (Apache ws) for several months.
When my Perl script requests image files, from select remote
servers, the requests hang as if waiting on the last packet to be received.
The images are exclusivly owned by the people that run my cgi script. This
is strictly enforced.
Problem is recreated it using LWP, WGET and LYNX,all fail
the same way. (please see trace data below)
I have a simple script with blocks of urls from several sites
using LYNX with trace on that shows the failure every time.
(please see below)
It works on all non Solaris platforms that I, and others, have tried
(WIN, AIX, etc)
An HTTP 200 is always recieved, with the proper length specified in the
headers.
The hang occurs on what appears to be the last packet (as seen from
LYNX trace)
Sometiimes requests complete after several minutes, with a partial image
file. Occasionally a few requests work fine.
I've seen other newsgroup appends with the exact problem, no solution
Others equate the problem strictly with requests from Solaris to an MS
web server (see related append below)
I can't get my web hosting company to move on this, they've run my
sample app and agree "there's a problem". I've appended this on several
newsgroups in the past, others have run my script, lot of discussion and agreement that there's a problem but to date no solutions.
Looks like an operating system bug to me.
I've tried searching Sun's site for a possible answer but got lost each
time. Not sure how to searh for known fixes, assume I can't open a problem report since I don't own the OS license.
Another related append is included below along with my test script and
trace output.
Any assistance or advice is most appreciated.
Thank you,
Steve Borruso
From a libwww newsgroup append .....On Solaris, an LWP request sometimes fails (ie. reports a server error)
when the server is fine, b/c of some interaction between the OS and the
server response. (See below for more info.) In fact, LWP is receiving data,
but the data is improperly terminated and LWP times out.
There is an interaction between Solaris and certain web servers (notably
Microsoft-IIS/4.0) where the response to a GET comes back improperly
terminated. You can observe this independently of LWP by doing a "telnet
www.ndu.edu 80",
and then "GET http://www.ndu.edu/ndu/inss/strforum/forum83.html"
You will see telnet receive the response (it's a 404), but then (usually
but not always) fail to terminate. As far as I know, you will only see this
on Solaris (I'm on Solaris 7, have heard similar problems w/ 6); I've tried
same under Linux and haven't seen this problem. I have seen this on a
number of other sites.
Trace output from a past run of my script ...
GET /Sell/SSProfiles/10011921/Images/hugedragonbeads.JPG HTTP/1.0
Host: images.auctions.goto.com
Accept: text/html, text/plain, text/sgml, text/x-sgml,
application/x-wais-source
, application/html, */*;q=0.001
Accept-Encoding: gzip, compress
Accept-Language: en
Negotiate: trans
User-Agent: Lynx/2.7.1 libwww-FM/2.14
Sending HTTP request.
HTTP: WRITE delivered OK
HTTP request sent; waiting for response.
HTTP: Trying to read 1023
HTTP: Read 1023
Read 1023 bytes of data.
HTTP: Rx: HTTP/1.1 200 OK
HTTP: Scanned 2 fields from line_buffer
--- Talking HTTP1.
HTTP/1.1 200 OK
HTFormat: Constructing stream stack for www/mime to www/present
StreamStack: found weak wildcard match: www/present
StreamStack: found exact match: www/mime
HTMIME: Server: Microsoft-IIS/4.0
Date: Fri, 24 Nov 2000 02:38:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Tue, 15 Aug 2000 22:32:20 GMT
ETag: "38bfa4ac87c01:1165"
Content-Length: 17935
��
HTMIME: Got 'S' at beginning of line, state now S
HTMIME: Was S, found E, state now SE'
HTMIME: Was SE, foun

<pre>
Sending trace output and code again (hopefully formatted)
Trace output from a past run of my script ...
GET /Sell/SSProfiles/10011921/Images/hugedragonbeads.JPG HTTP/1.0
Host: images.auctions.goto.com
Accept: text/html, text/plain, text/sgml, text/x-sgml,
application/x-wais-source
, application/html, */*;q=0.001
Accept-Encoding: gzip, compress
Accept-Language: en
Negotiate: trans
User-Agent: Lynx/2.7.1 libwww-FM/2.14
Sending HTTP request.
HTTP: WRITE delivered OK
HTTP request sent; waiting for response.
HTTP: Trying to read 1023
HTTP: Read 1023
Read 1023 bytes of data.
HTTP: Rx: HTTP/1.1 200 OK
HTTP: Scanned 2 fields from line_buffer
--- Talking HTTP1.
HTTP/1.1 200 OK
HTFormat: Constructing stream stack for www/mime to www/present
StreamStack: found weak wildcard match: www/present
StreamStack: found exact match: www/mime
HTMIME: Server: Microsoft-IIS/4.0
Date: Fri, 24 Nov 2000 02:38:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Tue, 15 Aug 2000 22:32:20 GMT
ETag: "38bfa4ac87c01:1165"
Content-Length: 17935
��
HTMIME: Got 'S' at beginning of line, state now S
HTMIME: Was S, found E, state now SE'
HTMIME: Was SE, found R, checking for 'ver'
HTMIME: PICKED UP Server: 'Microsoft-IIS/4.0'
HTMIME: Got 'D' at beginning of line, checking for 'ate:'
HTMIME: PICKED UP Date: 'Fri, 24 Nov 2000 02:38:17 GMT'
HTMIME: Got 'C' at beginning of line, state now C
HTMIME: Was C, found O, state now CO'
HTMIME: Was CO, found N, state now CON
HTMIME: Was CON, found T, checking for 'ent-'
HTMIME: in case CONTENT_
HTMIME: Was CONTENT_, found T, state now CONTENT_T
HTMIME: in case CONTENT_T
HTMIME: Was CONTENT_T, found Y, checking for 'pe:'
HTMIME: PICKED UP Content-Type: 'image/jpeg'
HTMIME: Got 'A' at beginning of line, state now A
HTMIME: Was A, found C, checking for 'cept-ranges:'
HTMIME: PICKED UP Accept-Ranges: 'bytes'
HTMIME: Got 'L' at beginning of line, state now L
HTMIME: Was L, found A, checking for 'st-modified:'
HTMIME: PICKED UP Last-Modified: 'Tue, 15 Aug 2000 22:32:20 GMT'
HTMIME: Got 'E' at beginning of line, state now E
HTMIME: Was E, found T, checking for 'ag:'
HTMIME: PICKED UP ETag: '38bfa4ac87c01:1165'
HTMIME: Got 'C' at beginning of line, state now C
HTMIME: Was C, found O, state now CO'
HTMIME: Was CO, found N, state now CON
HTMIME: Was CON, found T, checking for 'ent-'
HTMIME: in case CONTENT_
HTMIME: Was CONTENT_, found L, state now CONTENT_L
HTMIME: in case CONTENT_L
HTMIME: Was CONTENT_L, found E, checking for 'ngth:'
HTMIME: PICKED UP Content-Length: '17935'
Converted to integer: '17935'
HTMIME: MIME Content-Type is 'image/jpeg', converting to 'www/present'
HTFormat: Constructing stream stack for image/jpeg to www/present
StreamStack: found weak wildcard match: www/present
StreamStack: Using www/present
Read 437 of 17935 bytes of data.
Read 1897 of 17935 bytes of data.
Read 3357 of 17935 bytes of data.
Read 4817 of 17935 bytes of data.
Read 6541 of 17935 bytes of data.
Read 8001 of 17935 bytes of data.
Read 10209 of 17935 bytes of data.
Read 11669 of 17935 bytes of data.
Read 13877 of 17935 bytes of data.
Read 15337 of 17935 bytes of data.
Read 17140 of 17935 bytes of data.
(never completes after this, if I "cntrl C" I get a partial image file)
Here's my script .......
#!/usr/bin/perl -w
@URLValue=();
# Images from auctions.goto -
#$URLValue[0] =
'http://images.auctions.goto.com/Sell/SSProfiles/10011921/Images/hugedragonbeads.JPG';
#$URLValue[1] =
'http://images.auctions.goto.com/Sell/SSProfiles/10011921/Images/yellowribbona.JPG';
#$URLValue[2] =
'http://images.auctions.goto.com/Sell/SSProfiles/10011921/Images/jcharmsNov12E.JPG';
#$URLValue[3] =
'http://images.auctions.goto.com/Sell/SSProfiles/10011921/Images/turquoise8mma.JPG';
# Images from AOL -
#$URLValue[0] = 'http://members.aol.com/shasta4737/nicole1.jpg';
#$URLValue[

Redirect http requests to different servers based on URL

You can use a reverse proxy to do this, but if you have a single IIS box in a DMZ you can also use IIS ARR (Application Routing Request) to do this for you.
https://knowledge.safe.com/articles/How_To/Using-IIS-and-ARR-as-a-reverse-proxy
You may find better articles if you look, but it is easy enough to do.

Hi,
We have an internet connection (with a single IP address) where I need to share access to different internal servers based on the requested URL.
I.e.:
http://url1.domain.com -> webserver1
http://url2.domain.com -> webserver2
etc.
It's http traffic only (no https).
How do I accomplish this? I assume some kind of proxy server-thing that all requests go to? It should be on the Windows platform as we don't want to introduce a Linux "black-box" that noone knows anything about in a production environment.
Thanks for any ideas and/or suggestions :)
This topic first appeared in the Spiceworks Community

Redirect HTTPS traffic to HTTP in Tomcat

Hi,
We are running SAP BI Platform 4.0 SP2 Patch 7, which runs on top of Tomcat 6.
We have succesfully configured our iPads to connect to our SAP BusinessObjects server using HTTPS in internet. We have an application proxy that handles HTTPS and sends plain HTTP to the SAP BusinessObjects server.
The problem is that same connection do not work when users are accessing our intranet, because the SAP BusinessObjects server only accepts HTTP requests in port 8080.
I have seen that Tomcat allows automatic redirections from HTTP to HTTPS ( using redirecPort parameter in HTTP connector definition ).
But is it possible the opposite, to switch automatically HTTPS to HTTP ?
Regards,
Joan

Hi,
At last we have activated HTTPS support in Tomcat. The idea was to avoid HTTPS in BOBJ servers to save CPU usage but after some tests we can afford it.
So no redirections are needed and the question is solved.
Thanks,
Joan

SG300 Redirect HTTP Traffic to Proxy

Dear Cisco Community,
We have the following setup
1 x SG300 Switch in Layer 3 Mode
VLAN 100 (Management VLAN)
VLAN 200 (Data VLAN for Internet Users)
The SG300 has an IP4 Interface in each VLAN:
100: 10.1.1.254 / 24
200: 10.1.2.254 / 24
The internet gateway (Zyxel USG-100) is located in VLAN 100.
In order to restrict the web browsing acitivites, we're in the process of implementing a Proxy server (GFI Webmonitor). Is it possible, to redirect all HTTP and HTTPS traffic which arrives at the SG300's VLAN200 IP interface to the proxy server? I was thinking of a static route, but then this would apply to all traffic. Another option would be to block port 80/443 traffic using an ACL I suppose=
Any input will be highly appreciated, thank you!
Kind regards,
Romeo

Hi Mohamad,
I've seen this done in slightly different ways. One way is at the very bottom of the following examples from the Cisco.com CSM-S config guide:
CSM-S Configuration Examples
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csms/2.1.1/configuration/guide/cfgxpls.html
Another way is like this:
serverfarm REDIRECT
nat server
no nat client
   redirect-vserver REDIRECT
    webhost relocation https://www.example.com/
    inservice
serverfarm SSL_DC
no nat server
no nat client
real 192.168.78.36 local
   inservice
vserver VSERVER_80
virtual 192.168.78.35 tcp 80
serverfarm REDIRECT
persistent rebalance
inservice
vserver VSERVER_443
virtual 192.168.78.35 tcp 443
serverfarm SSL_DC
persistent rebalance
inservice
Hope this helps get you started.
Sean

How to redirect http to www

This isn't limited to dreamweaver, but I hope someone can
help. I create a website for a domain, let's say xxxx.com and post
it no problem. If you type
http://www.xxxx.com, in a browser
it comes up fine. If you type
http://xxxx.com (without the www), it
will also come up fine, and the address bar of the browser shows
http://xxxx.com (i.e. without the www).
My client would like the address bar to display the www in
both cases, i.e. even if the user does not type in the www. I've
looked around, and while most sites do not display the www in both
cases, some do, so I know it's possible.
Can anyone help me with this? Thanks a lot.

Get the hosting company to set up a redirect. It's pretty
simple for them to do.
Andy

Redirecting http traffic to the proxy server

Hi,
We have a requirement to divert web traffic to blue coat proxy through firewall. Below is the setup
Requirement:
We need to divert web traffic from 10.20.200.0/23 [DMZ-STAFFNET] and point it to Bluecoat proxy to process the packets.
Now that ASA doesn't support PBR to accomplish this, how can we accomplish this ?

Hi,
To list one limitation that you might see in your scenario , You would only be able to redirect the subnets to the proxy from those subnets which are physically behind the interface where the WCCP server resides only. i.e. UNTRUST
Now , talking about the NAT , why don't you try this NAT if you don't want to NAT the Source part of the Traffic:-
(DMZ-STAFFNET) to (bluecoat) source static DMZ-STAFFNET DMZ-STAFFNET destination static internet proxy-server service original-http proxy-8080
Also , ASA now supports Policy Based routing from ASA 9.4.1 :)
Thanks and Regards,
Vibhor Amrodia

Redirecting HTTPS to HTTP in IIS 8

Similar Messages

Maybe you are looking for