RV042G redirects all https traffic to NAS

Similar Messages

• Redirecting all HTTP traffic to HTTPS that will reverse proxy specific URI

  -- Requirement --
  I have a Sun web server 6.1 SP4 that sits in a DMZ that must securely reverse proxy traffic to an internal application server listening on 443.
  The web server instance has two listen sockets, 80 and 443.
  The web server instance must accept traffic on port 80 but re-direct it to 443 so all subsequent traffic with the client happens over HTTPS.
  HTTPS traffic for "www.mydomain.com/myapp/" must be reverse proxied to the internal app server, "https://myapp.mydomain.com/myapp/".
  -- Current set-up --
  The server reverse proxies both HTTP and HTTPS traffic with the indicated URI.
  How can I constrain the reverse proxying to HTTPS traffic?
  Thanks for your help,
  Jez

  Thanks Chris that worked perfectly.
  Aside
  Before your solution I had (unsuccessfully) tried the following obj.conf directive
  <Client security="false">
  NameTrans fn="redirect" from="/" url-prefix="https://www.mydomain.com/"
  </Client>However, it didn't work - is it not possible to use the <Client security="false"> in this manner?

• RV042G V3 protocol bind all HTTPS traffic to wan1

  If you are using load balancing how do you bind i.e. all HTTPS traffic to i.e. wan1. RV042G V2 you can inter 0.0.0.0~0.0.0.0 as Source IP to forward from all IPs, how do you do that with a V3?

  Dear Hans,
  Thank you for reaching Cisco Small Business Support Community.
  The improvements on the Cisco RV042G v3 have basically been hardware related, better processor and more memory pretty much, but since the firmware release has also changed, here I add the link for the admin guide where on page 81 you can follow the "Managing the Bandwidth settings" section;
  http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf
  Please let me know if this answers your question and/or if there is any further assistance I may help you with.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• Intercepting all http traffic and forwarding to VIP on CSM?

  We would like to intercept all http traffic from clients from all vlans and redirect them to a VIP on the CSM for loadbalancing to 2 proxy servers. Is this possible? I can't seem to find a solution similar to our issue? Please help thanks!

  Thx Giles! Do you mean a policy that uses route-maps with next-hop? So would I point the next-hop address to the CSM client vlan IP? Do you have a support link that covers this in detail? Thx!

• Redirecting Non-http traffic

  Gilles,
  we are running GSLB between two sites.
  Is it possible to do redirect non-http traffic(Ex- SFTP service) when there is a failure of the services at one site.
  Thanks in advance

  Gilles,
  Thanks for your response.
  As far as the option 2- could you please tell whether the mentioned configuration will work or do i need to make changes.
  Site A
  service remote_site_vip
  11.1.1.1
  keepalive type icmp
  active
  content 1
  vip address 10.1.1.1
  port 8443
  add service 1
  add service 2
  primarysorryserver remote_site_vip
  active
  ****GROUP***
  group redirect
  vip address 10.1.1.1
  add destination service remote_site_vip
  active
  Site B
  service remote_site_vip
  10.1.1.1
  keepalive type icmp
  active
  content 1
  vip address 11.1.1.1
  port 8443
  add service 1
  add service 2
  primarysorryserver remote_site_vip
  active
  ****GROUP***
  group redirect
  vip address 11.1.1.1
  add destination service remote_site_vip
  active
  Thanks in advance

• How to configure DNS server to redirect all web traffic to one external website?

  I'd like to use the DNS service on my OS X Server as a way to force all all web traffic to one specific, external website. Not quite sure how to go about configuring it, though - any recommendations?
  (BTW, this is, obviously, not our primary DNS server; I intend to silently update the preferred DNS server for users who fail to complete their timesheets in order to force the issue)

  Web clients don't generate uniquely-identifiable DNS queries; there's no SRV request or related traffic that you could select on and spoof.  So if you do implement this, everything querying the spoofing DNS server will get the spoofed host, or you'll have to spot specific queries that are likely web queries; Facebook, Google, Bing, etc. 
  If you still want to implement this, then I'd probably replace the DNS server with a runt DNS server (maybe hack dnsmasq or maraDNS, or create yourself a trivial DNS server) and have that always return the specified IP address.  This avoids having to hack BIND to be universally authoritative, which is probably on par with hacking a simpler DNS server to always return a fixed IP address, and the latter is probably easier to undo.
  A firewall can spot TCP port 80 and port 443 traffic, unlike a DNS server.   Firewalling outbound port 80 traffic is more typical of these requests, and either trap that traffic to a specific web page based on the capabilities of the firewall, or the web proxy approach that Camelot suggests.  There are folks that tie access into the web proxies into external authentication and related; that'd be able to do what you want.   Web proxies are usually combined with firewall blocks, as most sites want only the web proxy to have external access, too.  But this is also rather more pieces than a DNS redirect, too.

• SG300 Redirect HTTP Traffic to Proxy

  Dear Cisco Community,
  We have the following setup
  1 x SG300 Switch in Layer 3 Mode
  VLAN 100 (Management VLAN)
  VLAN 200 (Data VLAN for Internet Users)
  The SG300 has an IP4 Interface in each VLAN:
  100: 10.1.1.254 / 24
  200: 10.1.2.254 / 24
  The internet gateway (Zyxel USG-100) is located in VLAN 100.
  In order to restrict the web browsing acitivites, we're in the process of implementing a Proxy server (GFI Webmonitor).  Is it possible, to redirect all HTTP and HTTPS traffic which arrives at the SG300's VLAN200 IP interface to the proxy server?  I was thinking of a static route, but then this would apply to all traffic.  Another option would be to block port 80/443 traffic using an ACL I suppose=
  Any input will be highly appreciated, thank you!
  Kind regards,
  Romeo

  Hi Mohamad,
  I've seen this done in slightly different ways.  One way is at the very bottom of the following examples from the Cisco.com CSM-S config guide:
  CSM-S Configuration Examples
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csms/2.1.1/configuration/guide/cfgxpls.html
  Another way is like this:
  serverfarm REDIRECT
    nat server
    no nat client
     redirect-vserver REDIRECT
      webhost relocation https://www.example.com/
      inservice
  serverfarm SSL_DC
    no nat server
    no nat client
    real 192.168.78.36 local
     inservice
  vserver VSERVER_80
    virtual 192.168.78.35 tcp 80
    serverfarm REDIRECT
    persistent rebalance
    inservice
  vserver VSERVER_443
    virtual 192.168.78.35 tcp 443
    serverfarm SSL_DC
    persistent rebalance
    inservice
  Hope this helps get you started.
  Sean

• Http Traffic Slow/Broken, ping fine

  Hello,
  I am writing because as of this morning all http traffic on my network has went to a snails pace.  However, pings of all types work at normal speed, but fail approximately 5% of the time(Independent of pinging internal address or external).
  I have a very basic setup, i do not really have any custom configures on anything. The only wifi authentication at the moment is WPA2-PSK.  I have this network set up as a test bed for a new setup, its a good thing too because it is unusuable in its current state.
  Network Setup:
  3 3502i AP - Setup in Hreap mode - Connected to PoE Switch
  1 2106 WLAN Controller - Connected to 2960
  2960s Switch
  Dell Layer 2 PoE Switch
  Thanks!
  Seth

  Since you are using HREAP, I'd sniff the AP port.  Make sure the traffic is flowing in both direcitons there before going further.  You should also make sure to prune the VLAN that are not needed on the AP.
  Also, make sure your ports are full duplex and not at half.

• All HTTPS blocked at office. Anyone know iTunes Sign-In IP address??

  We have a Netgear FVX538 router and all HTTPS traffic is blocked. I can open a hole in the firewall if I know a specific IP address for the secure site I want to allow access to.... however, iTunes Sign-In happens inside iTunes so I can't tell what address it's using.
  How can I find out what IP address to allow HTTPS access to?
  Thanks

  There is no single IP address; the iTunes Store uses Akamai's distributed server network which may use any one of a number of different servers. If your firewall allows exceptions by domain, though, try exempting these:
  phobos.apple.com
  phobos.apple.com.edgesuite.net
  Hope this helps.

• Is it possible to redirect https traffic to http in CSM?

  Hello,
  I have a requirement to redirect https traffic to http. Is it possible to do that in the CSM?
  In the CSM documentation all redirect examples/config etc refer only to http traffic so I am wondering if the other way around is supported as well.
  BTW I have already tried it on the CSM and it is not working. Everytime I try to reach the https url I get "ERROR_INTERNET_SECURITY_CHANNEL_ERROR" on http watch.
  Thanks for any help offered.
  Murtaza

  I don't have a config in hands for this.
  I have done it before and know this is feasible.
  The redirect is here :
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00802877f6.shtml
  Just change the vip to be only accessible by the SSLM.
  Create the appropriate redirect vserver.
  On the SSLM, send the decrypted traffic to the vip address and port.
  Just as if the Vip was a server.
  Gilles.

• How to redirect https traffic to captive portal?

  Any WLC controller model (8500/5508/2504/vWLC) version 7.3 and up..
  This is unusual scenario wherein clients have a default homepage to https://www.google.com (sample only)
  Typical http web redirection don't have any problem at all. When you open your browser and type http://www.google.com it will redirect to captive portal without any problem.
  Is there any way to redirect https traffic to captive portal as well?

  redirection only happen on http traffic, a feature request has been issued to have the redirection happen on https.
  please check the following
  CSCar04580
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCar04580
  Please make sure to rate correct answers

• Redirect / Block non https traffic

  I have a quick question. Today I setup teaming 2.0 on SLES10.
  After customizing the SuSE firewall per the instructions everything is perfect. I then cut off non-secure port 80 traffic. Looked OK. I found that the email that teaming sends out is http://server, since I killed http traffic it's now broken. I tried changing the firewall rule to FW_REDIRECT="0/0,10.0.100.100,tcp,80,8443 to see if it would just redirect the port 80 traffic to 8443 on the server - but that did not work. Is their a place I can simply change the email to link to https://server?
  Any other thoughts?
  Cool product by the way!
  Tha
  Dennis

  Dennis,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Can a WLC redirect HTTPS traffic in a CWA environment

  Hi Guys.
  Regarding with ISE, CWA and WLC, I 'm seeing that when you connect to the SSID and open your navigator, if the URL is an HTTPS URL the traffic is not redirected to the ISE Portal using CWA. I though that the WebAuth Proxy Redirection Port option of the WLC only works when It has the portal (LWA) but not in CWA.
  I only found information about the redirection of the traffic when is a HTTP connection (port 80).
  Is it possible to redirect HTTPS traffic in a CWA deployment??, most of my users use Google Chrome and, in some scenarios, any search using Gooogle is in HTTPS mode and the captive portal is not shown.
  Thanks.
  Best regards.

  No, the WLC is not able to redirect HTTPS pages.
  You can however add other ports(other than 80) that can be redirected incase of proxy etc.
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• Redirect AIR app http traffic to SOCKS server

  Hi there,
  I have an AIR app creating an SSH tunnel/SOCKS5 using a JAVA class via Native process, that so far works perfect but I need to redirect all the http requests from the AIR to the SOCKS server, can this be done via Socket/ServerSocket?? any exmaples?
  Thanks
  MArcos

  First things first - WS6.1sp4 is very old. You should upgrade to the latest SP. There are security problems that have been fixed in the years since SP4 was released.
  <Client match="none" security="true">
  NameTrans fn="redirect" from="/" url-prefix="https://www.example.com"
  </Client>This would probably work. <Client security="false"> might work. I'm not positive if Security is holding a Boolean value and this is the right way to test for it, but some quick experimentation should be able to validate the solution.
  Basically what you're trying to do is test for whether the request is secure or not and, if it is not, redirect the browser to the same URI but on a new protocol (https).
  You could also have two obj.conf files. One could be attached to the Port 80 listen socket and do nothing but redirect anything that comes in to the Port 443 listen socket.

• ISE Guest Portal only redirect HTTPS traffic.

  I have a wireless deployment consisting of the following:
  5760 WLC & ISE 1.2
  Am I missing something here
  I have 4 similar deployments, and never had these issues:
  On Android / Apple devices, the guest portal does not pop up automatically &
  On a Windows Laptop only https traffic directs to the guest portal.
  Thanx

  i think you need to recheck the configuration also check the link for step by step config
  http://www.cisco.com/c/en/us/solutions/enterprise/design-zone-security/landing_DesignZone_TrustSec.html