Using HTTP instead of HTTPS

Similar Messages

• Web Authentication on HTTP Instead of HTTPS in WLC 5700 and WS-C3650-48PD (IOS XE)

  Hello,
  I have configured a Guest SSID with web authentication (captive portal).
  wlan XXXXXXX 2 Guest
   aaa-override
   client vlan YYYYYYYYY
   no exclusionlist
   ip access-group ACL-Usuarios-WIFI
   ip flow monitor wireless-avc-basic input
   ip flow monitor wireless-avc-basic output
   mobility anchor 10.181.8.219
   no security wpa
   no security wpa akm dot1x
   no security wpa wpa2
   no security wpa wpa2 ciphers aes
   security web-auth
   security web-auth parameter-map global
   session-timeout 65535
   no shutdown
  The configuration of webauth parameter map  is :
  service-template webauth-global-inactive
   inactivity-timer 3600 
  service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
   voice vlan
  parameter-map type webauth global
   type webauth
   virtual-ip ipv4 1.1.1.1
   redirect on-success http://www.google.es
  I need to  login on web authentication on HTTP instead of HTTPS.
  If I  login on HTTP, I will not receive certificate alerts that prevent the users connections.
  I saw how to configure it with 7.x relesae but I have IOS XE Version 03.03.05SE and I don´t know how to configure it.
  Web Authentication on HTTP Instead of HTTPS
  You can login on web authentication on HTTP instead of HTTPS. If you login on HTTP, you do not receive certificate alerts.
  For earlier than WLC Release 7.2 code, you must disable HTTPS management of the WLC and leave HTTP management. However, this only allows the web management of the WLC over HTTP.
  For WLC Release 7.2 code, use the config network web-auth secureweb disable command to disable. This only disables HTTPS for the web authentication and not the management. Note that this requires a reboot of the controller !
  On WLC Release 7.3 and later code, you can enable/disable HTTPS for WebAuth only via GUI and CLI.
  Can anyone tell me how to configure web authentication on HTTP instead of HTTPS with IOS XE?
  Thanks in advance.
  Regards.

  The documentation doesn't provide very clear direction, does it?
  To download the WLC's default webauth page, browse to the controller's Security > Web Login Page. Make sure the web authentication type is Internal (Default). Hit the Preview button. Then use your browser's File > Save As... menu item to save the HTML into a file. Edit this to your liking and bundle it and any graphics images up into a TAR archive, then upload via the controller's COMMAND page.

• Clicking on workflow from oracle applications manager getting directed to http instead of https

  Oracle DB:11.2.0.3.0
  Oracle Apps: 12.1.3
  O/S: Sun Solaris
  Hi All,
  We are facing s strange issue -  Whenever we click on workflow from oracle applications manager, it's getting directed to http instead of https?
  Could anyone please share the fix to the above issue.
  Thanks for your time.
  Regards,

  I've noticed that lsmod | grep agp gives me this output:
  intel_agp 25436 1
  agpgart 29332 2 drm,intel_agp
  Is alright to see the intel_agp module or should I use ati_agp?
  That module is motherboard dependent or VGA dependent?
  Edit:
  dmesg | grep agp
  agpgart-intel 0000:00:00.0: Intel 865 Chipset
  agpgart-intel 0000:00:00.0: AGP aperture is 256M @ 0xe0000000
  agpgart-intel 0000:00:00.0: AGP 3.0 bridge
  agpgart-intel 0000:00:00.0: putting AGP V3 device into 4x mode
  Last edited by pazioman (2009-06-04 14:25:59)

• Urgent - help question on sending http instead of https

  I'm trying to dump out my http wrapper: I'm trying to set send http instead of https so I can dump the wrapper.
  currently my code does the following for https determination. i read from a configuratioin file to see if i should set https or http
  question) Do i need an else section to cover non https?
  If so, what do i need to set for http properties.
  // check if https is wanted
  // yes - send https
  String useHttps = cf.get("useHttps", "true");
  if (useHttps.equals("true")) {
  logger.debug(classMethod + "https mode=" + useHttps);
  System.setProperty(
  "java.protocol.handler.pkgs",
  "com.sun.net.ssl.internal.www.protocol");
  // make provider and/or protocol configurable?
  Security.addProvider(
  new com.sun.net.ssl.internal.ssl.Provider());
  }

  resolved - don't need help anymore on it

• Intranet Clients try to access SUP Point Over http instead of https

  Hi
  My internet clients on DMZ Network trying to access my SUP Server over http instead of https.
  So the clients are not downloading any updates, here is my ContentTransferManager log on a DMZ Client
  Persisted locations for CTM job {31F9D2B4-1289-4EB3-926F-83770BC6D294}:
   (LOCAL) net:http://wsus.ds.download.windowsupdate.com/msdownload/update/software/crup/2014/02/windows6.1-kb2929733-x64_8856fdc2cde01190e69f849eb279b4e6e0e1868a.cab
   switched to location 'http://xxx.xxx.xx/SMS_DP_SMSPKG$/a48042d8-b0e5-4246-9282-02c331ea184c
  The client is activated as PKI client in my sccm site and and everthing else is working except for SUP.
  Best regards Andreas

  Hi
  Reinstalled the MP for the Internet clients and can now the MP is now in the list of MP´s
  But when the internet clients trying to download the updates it only try from
  (LOCAL) net:http://wsus.ds.download.windowsupdate.com/msdownload/update/software/updt/2013/06/windows6.1-kb2836942-x64_b576b76c2c385f390b77f1727ecd804d9718821f.cab
  But I still got this in the LocationService log
  WSUS Path='https://xxx.xxx.xx:8531', Server='xxx.xxx.xx', Version='1037' 
  Calling back with locations for WSUS request {4166FE44-C262-4BE4-AD58-7C81A3C3E16C}
  Executing Task LSSiteRoleCycleTask
  1 internet MP errors in the last 10 minutes, threshold is 5. 
  Executing Task LSMPCommSuccessTask
  Reset internet MP error count
  Calling back with the following distribution points
  Distribution Point='net:http://wsus.ds.download.windowsupdate.com/msdownload/update/software/updt/2013/06/windows6.1-kb2836942-x64_b576b76c2c385f390b77f1727ecd804d9718821f.cab', Locality='LOCAL', DPType='WUMU', Version='0', Capabilities='<Capabilities/>',
  Signature='', ForestTrust='FALSE', 
  Calling back with locations for location request {EE7E4CFC-AAD6-4908-B30D-68F524E55166} 
  Executing Task LSSiteRoleCycleTask 
  1 internet MP errors in the last 10 minutes, threshold is 5.
  Best regards Andreas

• If my URL shows my connection as http: instead of https: am I at risk of being hacked? If so, how do I fix it?

  A friend on FB said that if my URL box doesn't show as beginning with https: (instead of http:) I am at risk of being hacked. I fixed it for FB but all my other websites are coming up as http:
  Is this really something to be concerned about?

  http://en.wikipedia.org/wiki/HTTP_Secure
  most sites is http, and all the sites when you redirect you in some payment method(paypal, greditcard etc) reverse to https for maximum secure.

• Controller 4402 web authentication http instead of https?

  Hello,
  Does somebody know if its possible to redirect to a http page instead of https when using web authentication? with WLC 4400 and AP 1000?
  Or how not to have the certificat message?
  thanks Gael

  Yes, I tried it. It does work, although there is a noticable time lag until the cert warning pops up. Also, the controllers, as of ver 3.2.78.x, had only 30k space for text & images thus limiting what can be displayed on the webauth page. It does allow for url redirects though, but I am not sure it can parse html or not.

• Need my custom webauth page displayed with HTTP instead of HTTPS

  I have a custom webauth page installed that I am using with web passthrough authentication on my WLC2006 in order to put up a acceptable use policy page.
  The WLC uses HTTPS to display this which causes a security certificate warning to appear if I go with the WLC's own self-signed certificate. Is there a way I can get the WLC to use plain HTTP to display this page instead so I can eliminate the warning?
  I have already tried installing a trusted 3rd party certificate on the WLC, but I have this very strange problem where mucking with the WLC's web authentication certificate in any manner causes all network activity on the WLC to break except for CDP and ARP, essentially leaving the WLC dead. Three weeks of troubleshooting with Cisco TAC has yielded no progress on that front so now I am trying to bypass the need for a security certificate altogether since I really don't need to encrypt my acceptable use policy page.

  The documentation doesn't provide very clear direction, does it?
  To download the WLC's default webauth page, browse to the controller's Security > Web Login Page. Make sure the web authentication type is Internal (Default). Hit the Preview button. Then use your browser's File > Save As... menu item to save the HTML into a file. Edit this to your liking and bundle it and any graphics images up into a TAR archive, then upload via the controller's COMMAND page.

• I can't afford to pay SSL at GoDaddy at present. My website is now http instead of https. Firefox is saying my website is unsafe. What can I do about it?

  My website is easybalconygardening.com. I painstakingly built it until it has 298 pages of gardening, provident living, and simple cooking information. It is wholesome and informative. My SSL with GoDaddy expired earlier this month. I cannot afford to renew it. Whenever I go to my website now, Firefox says that my website is unsafe, and in a box is a message to get the visitor out of there. What can be done?
  For a little history: I found myself in a situation that I have to switch my website to wix.com, and have to do it one page at a time. GoDaddy switched my version 6 Website Tonight to version 7. Unfortunately, the two versions are not compatible. I tried to switch to version 7, but because I have 298 pages, it became a really huge problem as my technical skills are insufficient. Meanwhile, because of SSL coding by GoDaddy, my Amazon and eBay ads suddenly disappeared. I have contacted both GoDaddy, Amazon, and eBay tech support. GoDaddy and eBay and Amazon tech supports said that it is GoDaddy's SSL coding. So with SSL, my Amazon and eBay ads don't show. Without SSL, Firefox says my website is unsafe. What can I do to help my situation while I am transferring my pages to wix.com? It will take me several months to transfer as I have 298 pages. I have transferred over 80 pages thus far.
  I cannot afford to pay GoDaddy their SSL charges. Right now, I have to pay them $15.98 every month to keep the builder going so that I can transfer my pages to wix.com manually, one page at a time. I also got my domain easybalconygardening.com from GoDaddy, but the domain costs are minimal.
  Help, please.

  Sorry, you have to handle those issues with GoDaddy, they control your IP address registration and probably need to reset their DNS servers for a non-secure connection = HTTP. There is nothing Mozilla can do to help you.

• Http instead of https

  Hello experts,
  In SOAManager, i have configured a service endpoint to communication security of "SSL over HTTP". But even after that the endpoint URL starts with http and not with https?
  Is there any other configuration that needs to be made apart from this?
  Regards,
  Vivek

  Figured this one out.
  Endpoint address location points to HTTPS URL even though the endpoint service URL is HTTP. (i wonder why??)
  Even this could be controlled by choosing "Show WSDL options" and by selecting the WSDL URL
  Regards,
  Vivek

• WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS

  Hi,
  I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http. 
  When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl. 
  What change should I make so that WSDL url will have https instead of http ? 
  This is service side configuration.
  <system.serviceModel>
      <services>
        <service name="Service.IService">
          <endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
        </service>
      </services>
      <bindings>
        <basicHttpBinding />
      </bindings>
      <client />
      <behaviors>
        <serviceBehaviors>
          <behavior>
            <serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
            <serviceMetadata httpGetEnabled="true" />
            <serviceDebug includeExceptionDetailInFaults="true" />
          </behavior>
        </serviceBehaviors>
      </behaviors>
      <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    </system.serviceModel>
  Thanks in advance !!

  Hi,
  For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
  <behaviors>
  <serviceBehaviors>
  <behavior
  name="MyServiceTypeBehaviors"
  >
  <serviceMetadata
  httpGetEnabled="true"
  />
       </behavior>
  </serviceBehaviors>
  </behaviors>
  For more information, you could refer to:
  http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
  http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
  Regards

• When accessed from Firewall, the OSB WSDL is inserting schemalocation with HTTP port instead of HTTPS

  We have OSB service and we are able to access over firewall. Also the WSDL, Schemas etc., But when we external users access the WSDL, they are not able to get complete content i.e schemas are not imported.
  Reason is WSDL has http (<import schemaLocation="http://test.com:80/xxxxxx/Proxy/schema") with port no 80 instead of https (<import schemaLocation="https://test.com/xxxxxx/Proxy/schema") .
  Since we don't specify the complete schema location in WSDL, how does WSDL include the complete schema path? And how to change it https path instead of http?

  Namaste,
  Sorry for the delayed response.
  Yet, my one query is not answered.
  Q:Are you ABLE to get the Desired path in Endpoint URL(https) as well?
  Explanation:
  What I mean is, When the external users access the WSDL (I am assuming External Users are able to access WSDL through Firewall),
  As you have mentioned that XSD imports have HTTP instead of HTTPS, but how about the soap:address location? Even this points to HTTP instead of HTTPS?
  (Ex:
  <wsdl:service name="CaduceusSiteService">
      <wsdl:port name="site_pt" binding="tns:site_pttBinding">
          <soap:address location="https://www.test.com/test123"/>    ---> is this HTTP or HTTPS?
      </wsdl:port>
  </wsdl:service>
  BTW, did you set, HTTP Transport Configuration --> HTTPS required parameter to "YES"? (This is a prerequisite).
  We had a similar issue, where we had HTTP instead of HTTPS when WSDL accessed from Firewall.
  However, after lot of struggle, we got it worked after changing Firewall (MS TMG) settings to support for "text/xml".
  I think, it could be the same settings needed to done in your case too. Please do check the firewall settings.
  Thanks,
  Nagaraj Ganapa

• WLC 7.2 - Custom WebAuth using waep Template w/ HTTP Only

  We are trying to get the waep template (default no changes) from the Cisco WebAuth bundle to work on a 5508 controller.
  We've setup the controller to use the custom login.tar that comes with the waep template folder in the bundle.
  We setup the WLAN to work off the global template and we used the config network web-auth secureweb disable command to allow only http rather than https (which is supposed to work in 7.2 code)
  When we test with the custom bundle, we get no answer from the controller, just a url of
  http://1.1.1.1/fs/customwebauth/login.html?switch_url=http://1.1.1.1/login.html&ap_mac=c3:12:30:01:a4:d0&client_mac=01:21:ca:b3:13:12&wlan=Guest&redirect=www.google.com/
  If we turn custom off, and use internal everything works...
  Just to be clear.. we aren't looking for authentication (user and pass) we are trying to do the enter your email and click accept to the aup method.
  Thanks for any help!

  No changes to the tar file that comes as part of the bundle..
  Downloaded the bundle,  unziped all folders locally.. then uploaded the login.tar from the waep folder right to the controller.
  Changed webauth to use custom, and applied.
  Tested multliple times with the same results.

• [svn:bz-trunk] 21394: bug fix for watson 2887837 Not getting duplicate session detected error when same flex client id is used from two different HTTP sessions in CRX .

  Revision: 21394
  Revision: 21394
  Author:   [email protected]
  Date:     2011-06-16 12:34:13 -0700 (Thu, 16 Jun 2011)
  Log Message:
  bug fix for watson 2887837 Not getting duplicate session detected error when same flex client id is used from two different HTTP sessions in CRX.
  get the sessions id before we invalidate the duplicate session.
  Checkintests pass
  Modified Paths:
      blazeds/trunk/modules/core/src/flex/messaging/endpoints/BaseHTTPEndpoint.java

  For our profect I think this issue was caused as follows:
  Believing that remoting was full asynchronous we fired a 2 or 3 remote calls to the server at the same time ( within the same function ) - usually when the users goes to a new section of the app.
  This seemed to trigger the duplicate http session error since according to http://blogs.adobe.com/lin/2011/05/duplication-session-error.html  two remote calls arriving before a session is created will cause 2 sessions to be created.
  Our current solution ( too early to say it works ) is to daisy chain the multiple calls together .
  Also there seemed to be an issue where mobile apps that never quit ( thanks Apple! )  caused the error when activated after a few hours.
  I guess the session expires on the server and the error above occurs on activation.
  So the mobile apps now ping the server with a remote call when activated after sleeping for more than one hour.
  All duplicate http errors are silently caught and reported.
  Fingers crossed we won't get any more!

• Cisco ASA rely HTTP port to HTTPS without using CNAME DNS-record

  Hi all,
  could anyone tell me Is it possible to configure ASA so when customer rely http://domain.com Cisco ASA rely to https://domain.com (it's similar with CName function of domain record).
  P.S. resource of domain.com located behind ASA and DNS A-record rely on public ASA ip address
  Thank you.

  What version ASA are you running?
  If the server has both static public and private IPs you could use NAT to redirect HTTP traffic to HTTPS based on IP.
  object network PUBLIC_IP
    host 1.1.1.1
  object network REAL_IP
    host 2.2.2.2
    nat (inside,outside) static PUBLIC_IP http https
  Keep in mind that you will also need a NAT statement that maintains https to the server.
  Please remember to select a correct answer and rate helpful posts