Redirecting WCCP to include HTTPS traffic
I am working at a client site today. The client uses a Cisco Cache engine in combination with the 4500 Core Switch/Router to redirect HTTP requests to the Cache Engine to either pull cached content, or send it out for fulfillment to the website being requested by the client. they also use Websense for policy enforcment. the Cache Engine sends to the Websense Server to either allow or deny.
I think WCCP redericts port 80 only by defalut. The configuration on the Core switch is as follows:
Ip wccp web-cache. Then there are "ip wccp redirect in" statements on each VLAN.
The client today told me that he did not think that https requests were being handled, as he sees users whom have no Internet access priveleges use HTTPS and get to web sites.
How can i configure WCCP in include 443 requests as well?
thx
Kevin
Kevin,
Here's a documentation link for ACNS that describes how to configure HTTPS redirection:
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/waas/acns/v55_13/configuration/local/guide/params.html#wp1366561
Just above this in the same documentation it describes limitations:
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/waas/acns/v55_13/configuration/local/guide/params.html#wp1326190
-Chip
Please mark this as Answered if it answers your question.
Similar Messages
-
How to redirect https traffic to captive portal?
Any WLC controller model (8500/5508/2504/vWLC) version 7.3 and up..
This is unusual scenario wherein clients have a default homepage to https://www.google.com (sample only)
Typical http web redirection don't have any problem at all. When you open your browser and type http://www.google.com it will redirect to captive portal without any problem.
Is there any way to redirect https traffic to captive portal as well?redirection only happen on http traffic, a feature request has been issued to have the redirection happen on https.
please check the following
CSCar04580
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCar04580
Please make sure to rate correct answers -
Is it possible to redirect https traffic to http in CSM?
Hello,
I have a requirement to redirect https traffic to http. Is it possible to do that in the CSM?
In the CSM documentation all redirect examples/config etc refer only to http traffic so I am wondering if the other way around is supported as well.
BTW I have already tried it on the CSM and it is not working. Everytime I try to reach the https url I get "ERROR_INTERNET_SECURITY_CHANNEL_ERROR" on http watch.
Thanks for any help offered.
MurtazaI don't have a config in hands for this.
I have done it before and know this is feasible.
The redirect is here :
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00802877f6.shtml
Just change the vip to be only accessible by the SSLM.
Create the appropriate redirect vserver.
On the SSLM, send the decrypted traffic to the vip address and port.
Just as if the Vip was a server.
Gilles. -
Can a WLC redirect HTTPS traffic in a CWA environment
Hi Guys.
Regarding with ISE, CWA and WLC, I 'm seeing that when you connect to the SSID and open your navigator, if the URL is an HTTPS URL the traffic is not redirected to the ISE Portal using CWA. I though that the WebAuth Proxy Redirection Port option of the WLC only works when It has the portal (LWA) but not in CWA.
I only found information about the redirection of the traffic when is a HTTP connection (port 80).
Is it possible to redirect HTTPS traffic in a CWA deployment??, most of my users use Google Chrome and, in some scenarios, any search using Gooogle is in HTTPS mode and the captive portal is not shown.
Thanks.
Best regards.No, the WLC is not able to redirect HTTPS pages.
You can however add other ports(other than 80) that can be redirected incase of proxy etc.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
SG300 Redirect HTTP Traffic to Proxy
Dear Cisco Community,
We have the following setup
1 x SG300 Switch in Layer 3 Mode
VLAN 100 (Management VLAN)
VLAN 200 (Data VLAN for Internet Users)
The SG300 has an IP4 Interface in each VLAN:
100: 10.1.1.254 / 24
200: 10.1.2.254 / 24
The internet gateway (Zyxel USG-100) is located in VLAN 100.
In order to restrict the web browsing acitivites, we're in the process of implementing a Proxy server (GFI Webmonitor). Is it possible, to redirect all HTTP and HTTPS traffic which arrives at the SG300's VLAN200 IP interface to the proxy server? I was thinking of a static route, but then this would apply to all traffic. Another option would be to block port 80/443 traffic using an ACL I suppose=
Any input will be highly appreciated, thank you!
Kind regards,
RomeoHi Mohamad,
I've seen this done in slightly different ways. One way is at the very bottom of the following examples from the Cisco.com CSM-S config guide:
CSM-S Configuration Examples
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csms/2.1.1/configuration/guide/cfgxpls.html
Another way is like this:
serverfarm REDIRECT
nat server
no nat client
redirect-vserver REDIRECT
webhost relocation https://www.example.com/
inservice
serverfarm SSL_DC
no nat server
no nat client
real 192.168.78.36 local
inservice
vserver VSERVER_80
virtual 192.168.78.35 tcp 80
serverfarm REDIRECT
persistent rebalance
inservice
vserver VSERVER_443
virtual 192.168.78.35 tcp 443
serverfarm SSL_DC
persistent rebalance
inservice
Hope this helps get you started.
Sean -
Redirect / Block non https traffic
I have a quick question. Today I setup teaming 2.0 on SLES10.
After customizing the SuSE firewall per the instructions everything is perfect. I then cut off non-secure port 80 traffic. Looked OK. I found that the email that teaming sends out is http://server, since I killed http traffic it's now broken. I tried changing the firewall rule to FW_REDIRECT="0/0,10.0.100.100,tcp,80,8443 to see if it would just redirect the port 80 traffic to 8443 on the server - but that did not work. Is their a place I can simply change the email to link to https://server?
Any other thoughts?
Cool product by the way!
Tha
DennisDennis,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Gilles,
we are running GSLB between two sites.
Is it possible to do redirect non-http traffic(Ex- SFTP service) when there is a failure of the services at one site.
Thanks in advanceGilles,
Thanks for your response.
As far as the option 2- could you please tell whether the mentioned configuration will work or do i need to make changes.
Site A
service remote_site_vip
11.1.1.1
keepalive type icmp
active
content 1
vip address 10.1.1.1
port 8443
add service 1
add service 2
primarysorryserver remote_site_vip
active
****GROUP***
group redirect
vip address 10.1.1.1
add destination service remote_site_vip
active
Site B
service remote_site_vip
10.1.1.1
keepalive type icmp
active
content 1
vip address 11.1.1.1
port 8443
add service 1
add service 2
primarysorryserver remote_site_vip
active
****GROUP***
group redirect
vip address 11.1.1.1
add destination service remote_site_vip
active
Thanks in advance -
Redirecting all HTTP traffic to HTTPS that will reverse proxy specific URI
-- Requirement --
I have a Sun web server 6.1 SP4 that sits in a DMZ that must securely reverse proxy traffic to an internal application server listening on 443.
The web server instance has two listen sockets, 80 and 443.
The web server instance must accept traffic on port 80 but re-direct it to 443 so all subsequent traffic with the client happens over HTTPS.
HTTPS traffic for "www.mydomain.com/myapp/" must be reverse proxied to the internal app server, "https://myapp.mydomain.com/myapp/".
-- Current set-up --
The server reverse proxies both HTTP and HTTPS traffic with the indicated URI.
How can I constrain the reverse proxying to HTTPS traffic?
Thanks for your help,
JezThanks Chris that worked perfectly.
Aside
Before your solution I had (unsuccessfully) tried the following obj.conf directive
<Client security="false">
NameTrans fn="redirect" from="/" url-prefix="https://www.mydomain.com/"
</Client>However, it didn't work - is it not possible to use the <Client security="false"> in this manner? -
ISE Guest Portal only redirect HTTPS traffic.
I have a wireless deployment consisting of the following:
5760 WLC & ISE 1.2
Am I missing something here
I have 4 similar deployments, and never had these issues:
On Android / Apple devices, the guest portal does not pop up automatically &
On a Windows Laptop only https traffic directs to the guest portal.
Thanxi think you need to recheck the configuration also check the link for step by step config
http://www.cisco.com/c/en/us/solutions/enterprise/design-zone-security/landing_DesignZone_TrustSec.html -
Redirect AIR app http traffic to SOCKS server
Hi there,
I have an AIR app creating an SSH tunnel/SOCKS5 using a JAVA class via Native process, that so far works perfect but I need to redirect all the http requests from the AIR to the SOCKS server, can this be done via Socket/ServerSocket?? any exmaples?
Thanks
MArcosFirst things first - WS6.1sp4 is very old. You should upgrade to the latest SP. There are security problems that have been fixed in the years since SP4 was released.
<Client match="none" security="true">
NameTrans fn="redirect" from="/" url-prefix="https://www.example.com"
</Client>This would probably work. <Client security="false"> might work. I'm not positive if Security is holding a Boolean value and this is the right way to test for it, but some quick experimentation should be able to validate the solution.
Basically what you're trying to do is test for whether the request is secure or not and, if it is not, redirect the browser to the same URI but on a new protocol (https).
You could also have two obj.conf files. One could be attached to the Port 80 listen socket and do nothing but redirect anything that comes in to the Port 443 listen socket. -
QoS value for http traffic from IP Phone
Since the phone marks all voice with COS 5 and data traffic with COS 0. Does this also include traffic sourced from the IP Phone http? request when doing Directory Lookups, IP Phone Services.
Thanks!With 4.1 and up (not sure if 4.0 had this), this traffic is marked with TOS 3 or DSCP CS3 (24). You can modify this enterprise parameter to what ever you want.
DSCP for SCCP Phone-based Services :
This parameter specifies the Differentiated Service Code Point (DSCP) IP classification for IP phone services on SCCP-based phones, including any HTTP traffic. Note: You must restart SCCP-based phones for this parameter change to take effect.
This is a required field.
Default: default DSCP (000000).
Restart SCCP-based phones for the parameter change to take effect.
HTH
Sankar
PS: please remember to rate posts! -
Intercepting all http traffic and forwarding to VIP on CSM?
We would like to intercept all http traffic from clients from all vlans and redirect them to a VIP on the CSM for loadbalancing to 2 proxy servers. Is this possible? I can't seem to find a solution similar to our issue? Please help thanks!
Thx Giles! Do you mean a policy that uses route-maps with next-hop? So would I point the next-hop address to the CSM client vlan IP? Do you have a support link that covers this in detail? Thx!
-
Kerberos encryption for HTTP traffic
Hello
I am writing client for WinRM service(Windows Vista). This service use SOAP protocol for communication.
And I cannot make subscription for Windows events using Push method.
The issue is when I try to make events subscription - Vista tries to test connection with my server, but I don't know what should I send back for test connection request to Vista WinRM... :(
I didn't find it in MSDN.
Subscription request is:
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:e="http://schemas.xmlsoap.org/ws/2004/08/eventing" xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:ew="http://www.example.com/warnings'" xmlns:n="http://schemas.xmlsoap.org/ws/2004/09/enumeration" xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns:x="http://www.w3.org/2001/XMLSchema">
<env:Header>
<a:To s:mustUnderstand="true">HTTP://winrmcient:80/wsman/</a:To>
<w:ResourceURI>http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog</w:ResourceURI>
<a:Action s:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/08/eventing/Subscribe</a:Action>
<a:MessageID s:mustUnderstand="true">uuid:a4b86ede-32d0-4a28-91f5-bc8f36bfca22</a:MessageID>
<a:ReplyTo>
<a:Address s:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>
</a:ReplyTo>
<w:MaxEnvelopeSize>262144</w:MaxEnvelopeSize>
<w:Locale xml:lang="en-US"/>
<w:OperationTimeout>PT5M0.000S</w:OperationTimeout>
<w:OptionSet>
<w:Option Name="ReadExistingEvents" mustComply="false"/>
<w:Option Name="ContentFormat">RenderedText</w:Option>
</w:OptionSet>
</env:Header>
<env:Body>
<e:Subscribe>
<e:Delivery e:Mode="http://schemas.xmlsoap.org/ws/2004/08/eventing/DeliveryModes/Push">
<e:NotifyTo>
<a:Address>http://Antares:443</a:Address>
</e:NotifyTo>
</e:Delivery>
<e:Expires>PT12H0M0.000S</e:Expires>
<w:Filter>
<QueryList>
<Query Path="Security">
<Select>*</Select>
</Query>
<Query Path="System">
<Select>*</Select>
</Query>
<Query Path="Application">
<Select>*</Select>
</Query>
</QueryList>
</w:Filter>
<w:SendBookmarks/>
</e:Subscribe>
</env:Body>
</env:Envelope>
WinRM connection test request is request with empty content length and with header:
Host=[Antares:443], Content-type=[application/soap+xml;charset=UTF-16], Content-length=[0], Connection=[Keep-Alive], Authorization=[Kerberos YIIE4wYJKoZIhvcSAQICAQBuggTSMIIEzqADAgEFoQMCAQ6iBwMFACAAAACjggOLYYIDhzCCA4OgAwIBBaEKGwhCUS5MT0NBTKIaMBigAwIBAqERMA8bBEhUVFAbB0FudGFyZXOjggNSMIIDTqADAgEXoQMCAQ2iggNABIIDPHstoHWBhepDeU/h3o6Uuzjtgxo5SlVRVaa9JjAUcEDb4k+DKQrtwia/GtvDsmoZ4VgE8gGpJmcuZHNUEBHwEmn48RAAuo/f3o/D7hBJ3XygexN8yPZFYtElT1CvtoVOuvox83xOr9TdUn+Dd12/AupkAIxwbdHNhftcOCajJOv3NnFGoeF5+NA54VguaW1XGZxoC1mviITkfeDW0rZnKQ3aJxRDG0kKfHvWYdIlifRydQkTY/XMGHBFvd8kA8Q3M6WYVmuCKLjjJwvHjfZ56GWUpax7MlYmOGs7ncHLptCyxiV7RTiP0c00MViangq4CoioLyPwdysG7V8oyMGcc32WpsWCbXJNm5N8ijy7JxRd4W2zfzL6rpkGFQ2F0AfsH/b+Dz45sYXKyEgJajA5TK/cPiECTIMbXnkehz2yC5mjY4XalhXf4U1j/D5E2ApbG0ITUrp10a6C/dy5yEtc4CNtVHDQ30BrdZS+vxO2PwwIKZovvvlzIyddgOqyKaKhs9i3eMfF61IjhUpquK4zZYYZEqpQtkgSaDz8rurD4M5Z1CzzlID5nlVg9YsA9JhPejsdU9Rmt51OjCu8rBvd+Kb7AMkujDogOli4NVNKssdLOJl7m3ulMQTs5AFT1O7YOW4SQsos1g2UEW+JzE+sj1IGdia8xmjxuZOsWks4QgX9O0PL3LNVE/iGgR2dOQhRzhuwEJEUfHpy1BIqZzbG48KkkNxFZLgeM+ztnrssw/zaD1vTs4+EF7KPVp1ldBwPId2P6PIyd4nyX+1tJt2SYHKyk0mdxkCw8pTAfrNxJGj9Ku573YcPfFdGhTtTTzo1CJPwSQFoNlEhh7wriaED/fseIEPPLASR+wIzGVPNBb5mTCd/vCPrwsShZl0wmtwUiDgNAu2732GVb7MDSKIc/hOjZAdFqoh3KzvWUSIsdrl1Mezcjb6VSuM87f4pWaR7f0RMexNB6ZEL0RzncbMXyhmUcqNaVyCWCgWN/ovKmWt53FkBQZkZIxLZUVyi6As3bhsfVxrw6dU4oKpHesDKldHFOz1fuEv8UKu6s7DaAd1VXiLmU4uzUSfiYH0iQCYkvf1sVqKBVyrFXHHQTKSCASgwggEkoAMCAReiggEbBIIBF2DcdvxWBV/D29hIBpQ8sJk8XF+q9tVNBHm3bFXtetxKwk1UxO64r7U5YQ4kqgvAyKTq/aL9V/QrO5x1M0mbqjKrfo/ehKGy5GGUZeQ0TYhkkmdNq8Mxo2CR5IIWqzEIaB00qSkombg/3IvniUoKbHfvoGMdr63DqRr8AbmXzHK+9kfyYMkkSMn72spoPBYadYAJZ02VUJp5fdNIqsMTREfEf3qfJNdvzaCRN/BcHVJ0C/5TChf8gFMThZzHShr2j1OdWBEZ/uLsMl2INqW0/AcCfLopSTcwgip/E63Zz/mKFCq2VIPp1++KvWPUKPalzdK9Pg/AwzXM6/+SBXdWfkUJGUW9x2nHFuZ6IeoAlhS2hvNLcjJ2ww==], User-agent=[Microsoft WinRM Client]
I tried to send empty response(with the same test request header) for test request but it doesn't take any effect.
WinRM subscription response is:
<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:e="http://schemas.xmlsoap.org/ws/2004/08/eventing" xmlns:n="http://schemas.xmlsoap.org/ws/2004/09/enumeration" xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns:x="http://schemas.xmlsoap.org/ws/2004/09/transfer" xml:lang="en-US">
<s:Header>
<a:Action>http://schemas.xmlsoap.org/ws/2004/08/eventing/fault</a:Action>
<a:MessageID>uuid:B83898C7-9F93-4E7A-8C8C-B72C7D189908</a:MessageID>
<a:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:To>
<a:RelatesTo>uuid:a4b86ede-32d0-4a28-91f5-bc8f36bfca22</a:RelatesTo>
</s:Header>
<s:Body>
<s:Fault>
<env:Code xmlns:env="http://www.w3.org/2003/05/soap-envelope">
<s:Value>s:Sender</s:Value>
<s:Subcode>
<s:Value>e:EventSourceUnableToProcess</s:Value>
</s:Subcode>
</env:Code>
<env:Reason xmlns:env="http://www.w3.org/2003/05/soap-envelope">
<s:Text xml:lang="en-US">The connectivity test from the push subscription source to the client failed. This can happen if the client machine initiating the push subscription is unreachable from the server machine where the event source is located. Possible reasons include firewall or some other network boundary. Modify subscription to use Pull based subscription. </s:Text>
</env:Reason>
<s:Detail>
<w:FaultDetail>http://schemas.dmtf.org/wbem/wsman/1/wsman/faultDetail/UnusableAddress</w:FaultDetail>
<f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2150858901" Machine="">
<f:Message>The connectivity test from the push subscription source to the client failed. This can happen if the client machine initiating the push subscription is unreachable from the server machine where the event source is located. Possible reasons include firewall or some other network boundary. Modify subscription to use Pull based subscription. </f:Message>
</f:WSManFault>
</s:Detail>
</s:Fault>
</s:Body>
</s:Envelope>
In WinRM documentation I see:
+Note: HTTP traffic by default only allows messages encrypted with
the Negotiate or Kerberos SSP.+
But I use simple java HttpConnection and there are no any references to Kerberos in JavaDoc for this class... :(
One more - I use BASIC authentication.
Does anybody know what should I send back for connection test request.Sorry, I forgot to set "java.security.krb5.conf" and "java.security.auth.login.config" properties.
But after I set these properties I've got another exception:
GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:111)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:178)
at sun.security.jgss.spnego.SpNegoMechFactory.getCredentialElement(SpNegoMechFactory.java:109)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:178)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:384)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:42)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:139)
at com.symantec.cas.ucf.sensors.ws_management.WSServer.start(WSServer.java:132)
Caused by: javax.security.auth.login.LoginException: No LoginModules configured for
at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:499)
at sun.security.jgss.GSSUtil.login(GSSUtil.java:244)
at sun.security.jgss.krb5.Krb5Util.getKeys(Krb5Util.java:185)
at sun.security.jgss.krb5.Krb5AcceptCredential$1.run(Krb5AcceptCredential.java:82)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:79)
... 28 more
But it seems to me that I've set login module correctly:
com.sun.security.jgss.krb5.initiate {
com.sun.security.auth.module.Krb5LoginModule required doNotPrompt=false useTicketCache=false;
May be I missed something...
What do yo think about it ? -
Ironport not forwarding HTTPS traffic
We have recently been trying to setup a BYOD wireless network and the wireless Clients that join this network have their traffic routed directly to an Ironport S370 (Ver7.1.4-053) as we do not want the BYOD users to have to configure their proxy settings.
We have created an Identity which matches the Subnet given to BYOD devices with no authentication and then an Access Policy for filtering, all this works as long as the traffic is HTTP, as soon as you try to access anything using HTTPS then the Ironport seems to drop the traffic as it never hits the firewall and the page cannot be displayed.
Any domained clients which have the Ironport address as their proxy work fine.
The Ironport is not set to bypass any addresses in bypass settings.
I am sure there must be a simple answer as to why HTTPS traffic is not being forwarded and any pointers as to why this is would be gretly appreciated.
Many thanks,
Neil.Hi Igor and Neil,
As per AsyncOS 7.5 documentation, HTTPS proxy needs to be enabled to process HTTPS traffic in transparent mode.
following is the extract from the doco.
" When the Web Proxy is configured in transparent mode, you must enable the HTTPS Proxy if the appliance receives HTTPS traffic. When the HTTPS Proxy is disabled, the Web Proxy passes through explicit HTTPS connections and it drops transparently redirected HTTPS requests. The access logs contain the CONNECT requests for explicit HTTPS connections, but no entries exist for dropped transparently redirected HTTPS requests "
If you do not want to decrypt HTTPS traffic, you can enable HTTPS proxy in pass-through mode.
Thanks,
Wipula. -
Transparent wsa and https traffic
folks
i've deploying a S300V in transparent mode and using wccp
i have a single policy allowing http and https
http works fine but https doesn't
i can see both sets of requests go out through my outer firewalls but the https handshake doesn't get past the client hello
the VM is being used on a guest wifi network so clients won't be authenticated, won't have a common root certificate and i don't want to decrypt traffic
tac are telling me i need to enable the https proxy but i can't as clients won't have the root certificate required
do i need to use https proxy?
thanks to anyone taking the time to replyKen,
If I dont to decrypt HTTPS but still want the traffic to be inspected for URL and web reputation, do I need to upload a root certificate still? I would have assume not as I do not want to decrypt HTTPS but the GUI doesn't allow me to enal HTTPS Proxy without uploading a certificate; basically I cannot "Enable HTTPS Proxy" and submit without a cert.
Basically what I just want to do is just pass through the HTTPS traffic to be check against the Access policies that the HTTP is being checked against.
Is this viable? If so can you let me know how I can achieve the above?
Thanks
Maybe you are looking for
-
Hello, We have closed asset fiscal year by a combination of transactions AJAB and AJRW. Now the user wants to reopen the previously closed period for Asset Accounting. The transaction for this is OAAQ however it takes me to customizing. The transacti
-
Error while saving changes in RSPC Error Stack.
Hi gurus, I am able to make changes in the error stack in the transaction RSPC, However, when trying to save those changes, I get an error stating that the request "DTPR_* " doesn't exist. and the message is RSAODS005. I tried searching in SDN as
-
PDF file shows different numbers of text blocks in CC 2014 and CS6
Hi, I've inherited a file at work that displays different numbers of text blocks, depending on the version of Acrobat used to view the file. Here's the specific issue: As viewed in CC 2014: "Chapter 1 - Chapter One Title": Appears as two text blocks
-
SDM Deployment Problem with aii_af_jmsproviderlib
Hi When I try to deploy aii_af_jmsproviderlib I get the following error: "SDM has not calculated any deployment actions.Possible reasons: All selected archives have already been deployed before in the same or in a higher version". Also, it does not l
-
ARD Admin with Standard Account
I log in with a Standard Account on my MacBook Pro under Mac OS X 10.6.8, open Apple Remote Desktop Administrator. I have access to most of the commands in the menu bar except those under Reports (All) and Manage (Copy Items, Install Packages, Send U