Webdispathcer redirection for HTTPS/ Block certain URL in HTTPS

Similar Messages

• Regex expression to block certain URL's.

  Hi,
  I am trying to block certain URL paths within a website. For example I would want to block any request to www.asdf.com/test/input.asp, other request like www.asdf.com should be accepted.
  I tried building a regex to match test/input.asp and the regex test says match succeeded, however after applying it via service policy the URL still works. The following regex has been applied to match test/input.asp
  .+\/test\/input\.asp
  Where could I be wrong?
  Regards

  Hi Karsten,
  The filtering config reads like the following:
  regex Block-test ".+\/test\/input\.asp"
  access-list outside_mpc extended permit ip any host 2.2.2.2
  class-map outside-class
  match access-list outside_mpc
  policy-map type inspect http Block-test
  parameters
  match request uri regex Block-test
    drop-connection log
  policy-map outside-policy
  class outside-class
    inspect http Block-test
  service-policy outside-policy interface outside
  Its not an https connection and the configuration is on the ASA.
  Regards

• Mozilla blocks certain URL's as NOT VALID-why-what criteria-who decides what we can open?

  This is not a computer problem. It is obvious that Mozilla has adopted a policy of restricting certain sites.
  Please explain why! What is the basis for this policy? Is this not a violation of the first amendment?
  Please respond.
  Thank you

  Firefox doesn't block sites unless they are in the phishing and malware protection data database.
  *http://www.mozilla.org/en-US/firefox/phishing-protection/
  Start Firefox in <u>[[Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.org/kb/Safe+Mode

• Esetnod32 antivirus blocks certain websites causing MFF to crash

  I use ESET NOD32 antivirus and it blocks certain URL's causing MFF to crash. If I disable ESET web access protection all web sites load ok. This only started in the last few months. Below is one of many crash ID'd
  == Crash ID(s) ==
  ID: db4ae407-3f9c-45b9-b13a-881102100716 Signature: RtlpWorkerCallout

  Hello Kirk.
  It's possible that you are having a problem with some Firefox add-on that is hindering your Firefox's normal behavior. Have you tried disabling all add-ons (just to check), to see if Firefox goes back to normal?
  Whenever you have a problem with Firefox, whatever it is, you should make sure it's not caused by one (or more than one) of your installed add-ons, be it an extension, a theme or a plugin. To do that easily and cleanly, run Firefox in [http://support.mozilla.com/en-US/kb/Safe+Mode safe mode] (don't forget to select ''Disable all add-ons'' when you start safe mode). If the problem disappears, you know it's from an add-on. Disable them all in normal mode, and enable them one at a time until you find the source of the problem. See [http://support.mozilla.com/en-US/kb/Troubleshooting+extensions+and+themes this article] for information about troubleshooting extensions and themes and [https://support.mozilla.com/en-US/kb/Troubleshooting+plugins this one] for plugins.
  If you need support for one of your add-ons, you'll have to contact its author.
  If the problem is not disappears when all add-ons are disabled, please tell me, so we can work from there.
  If it doesn't help, you may want to consider asking ESET about what they're doing with Firefox...

• How do I go about blocking certain websites (i.e. parental control methods)?

  Just wanted to look into creating a more controlled environment at home and wanted to learn about how to block certain URLs through my Firefox browser. I've done some searching but I can't figure it out.

  -> [[Parental controls]]
  * http://kb.mozillazine.org/Parental_controls
  Check and tell if its working.

• Lighttpd https redirect for only certain directories

  This works great for redirecting all traffic to https on my home server:
  # Redirect all http requests to https
  $SERVER["socket"] == ":80" {
  $HTTP["host"] =~ "(.*)" {
  url.redirect = ( "^/(.*)" => "https://%1/$1" )
  However, I'm trying to exclude one directory from this (other people using it, self-signed ssl messages...you get the idea ) and I can't quite wrap my brain around it. Server Fault and Stackoverflow had some examples that were close, but I couldn't manipulate them into doing what I wanted. A gentle shove in the right direction would be much appreciated.
  Very simple layout: /srv/http/<dir1> /srv/http/<dir2> /srv/http<dir3> etc. Call it 'foo-dir' that I want to exclude. The server sits behind a consumer router with all port 80 and 443 traffic directed to the server's static IP.  External IP via dyndns.
  Thanks!
  Scott

  SFTP is a subset of SSH. Currently Apple uses OpenSSH which does not have any kind of chroot jail for SFTP as it does for FTP. If you want to have an SFTP chroot jail, you will need to do some alterations. Currently there are two methods which are documented here:
  http://www.schwie.com/brad/macosxsftpchroot/
    Mac OS X (10.4.4)  

• Block Page Customization for https

  Hi All,
  I have Created rules for blocking some sites like facebook.com , dailymotion.com now i want to customize a page for blocking message for my users it just works fine for http but on https request its not working and new pages displays "THE PROXY SERVER
  IS REFUSING CONNECTIONS"
  Pls help me how i can i customize my block page for https requests too

  Hi,
  Instead of showing these error pages upon denied access, you could try to configure the denying rule so that the proxy would respond to the denied request with a redirect to another URL.
  New in Forefront TMG SP1: Redirect on Deny with dynamic parameters
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Renewed Cert, now http redirect for OWA no longer works

  From this previouse thread, where I was discussing cert issues, I renewed my cert (to expire in a few days) from my third party (GoDaddy).  I installed the new Cert via teh GoDaddy instructions:
  http://support.godaddy.com/help/article/4877/installing-an-ssl-certificate-in-microsoft-exchange-server-2007
  now, when attempting to connect to http://mail.MyDomain.com, I get the dreaded "403: Forbidden: Access is denied" message
  If I put in https://mail.MyDomian.com, it opens OWA normally.  I do have (and have had) redirect of http enabled as shown in this Miscrosoft Article:
  http://technet.microsoft.com/en-us/library/aa998359(EXCHG.80).aspx, so that's not hte issue.
  Any ideas please...
  James

  Well, solved it myself.  Not sure what was differnt before now however, I went to this document from Microsoft (note: this says for Exchange 2010, but also applies to 2007, which is what I am running):
  http://technet.microsoft.com/en-us/library/aa998359.aspx
  And there at the yellow box, it says:
  In the Default Web Site Home pane, click SSL Settings.
  In SSL Settings, clear Require SSL.
  If you don’t clear Require SSL, users won’t be redirected when they enter an unsecured URL. Instead, they’ll get an access denied error.      
  After that, if someone goes to http://mail.MyDomain.com it redirects to
  https://mail.MyDomain.com as needed.  Why did the cert update bring this problem to the surface, not sure.
  Thanks,
  James

• Webdispatcher not redirecting for multiple url prefixes

  Hi Experts,
  Web Dispatcher configuration already in place.
  We are already using the URL's for NWBC through webdispatcher & masked the hostname & ports for Development/Quality systems in Development webdispatcher systems.
  Now currently we have created the Url with port for EP development systems as "https://abc.company.com:8200" & I have placed the relevant details in configuration profile but the re-direction is not happening and by default its taking the prefix ashttps://abc.company.com:8200/sap/bc/nwbc instead ofhttps://abc.company.com:8200/irj/portal .Also note if I replace the redirection rule & set as icm/HTTP/redirect_0= PREFIX=/, TO=/irj/portal redirection works but the rest of the multiplesystems which is Abap & using nwbc prefixes will not work.So to summarize , we want to use both the redirections for nwbc as well as portal in one webdispatcher.
  Rgd
  Asim

  Hi Tim,
  Unfortunately this is not possible; you can't associate multiple certificates to a single proxy list due to the fact that SSL handshake is done first with no visibility of the URL being requested, so the CSS won't know which public server to use in order to perform the traffic decryption.
  But there are a couple of options that you may want to look at (depending on the URL string)
  If your URLs are subdomains and you hold a wildcard SSL certficate to match multiple requests, i.e your domain being "pets.com" you can have a certficate that will match request for dogs.pets.com or cats.pets.com because the cert will be in the form *.pets.com
  The second option is SAN (Subject alternative names) certificates; which give you the option to include up to 4 flavors of the domain within the same file, such as pets.com, pets.net, www.1pets.com.
  I hope this helps.
  Pablo

• Selectively blocking certain users urls / Bloqueo selectivo de urls a ciertos usuarios

  I have a cisco SA520 and I want to block urls to some users but not others. I do not know how I do it, because if I saw as I can block web pages but do not know how some users if they can access, though I blocked the url
  Hola, Tengo un cisco SA520 y yo deseo bloquear urls a ciertos usuarios pero a otros no. No se como yo debo hacerlo, ya que si he visto como yo puedo bloquear paginas web pero no se como hacer que algunos usuarios si puedan acceder, habiendo yo bloqueado la url

  Hola Enrique,
  If you use the standard Content Filtering of your SA520, then you cannot segregate client access.  Either all clients are blocked or all are allowed.
  If you buy a license for ProtectLink Gateway, then you are able to block a group of users from viewing certain sites, while predefining a list of clients that will have access to the sites in question.  However, they will have access to all sites.  Clients will either be blocked or allowed to visit sites that are to be filtered.
  Si utilizas el estándar filtrado de contenido "Content Filtering" de tu SA520, entonces no se puede separar el acceso de clientes. O sea todos los clientes están bloqueados o todos están permitidos a visitar los sitios en cuestión.
  Si compras una licencia para ProtectLink Gateway, entonces eres  capaz de bloquear a un grupo de usuarios que puedan ver ciertos sitios,  mientras que se puede predefinir una lista de clientes que tendrán acceso a los  sitios en cuestión. Sin embargo, este grupo tendrán acceso a todos los sitios. Entonces habra un grupo con acceso y otro sin acceso a los sitios en cuestión.
  Saludos,
  Julio

• ICloud mail blocking emails containing certain URLs

  I've discovered that iCloud email is blocking both incoming and outgoing emails containing certain URLs in the body of the email.
  There is no indication to the sender that the email has been blocked.
  In my case, I was organising an evening out at a pub in West London called The Oak.
  The pub website is www.theoakw12.com and I put this in the body of the email, but nobody received the email.
  If I remove the "." so it is no longer a full URL, the email is received.
  It looks like Apple's email filtering is over-zealous... but I've been going round and round Apple's support pages but can't find anywhere to report this sort of issue except for these forums.

  Just to add further info: I check the Cloud Mail from a PC at work.

• How to enable Client Cert Required, only for certain URL's in the webserver

  WE are using netegrity siteminder for authentication and their plugin is executed as AuthTrans function. If I enable clientauth in server.xml ( which is basically turning on the client cert required for entire site), everything works fine. But If I want to turn that on only for certain URL's how do I do that.
  I tried turning global clientauth off in server.xml and tried using PathCehck fn"get-client-cert" in obj.conf for the URL's that need client cert, but the problem is AuthTrans is getting executed first and my netegrity plugin is throwing an error saying it cann't find the cert.
  What are diffrent options to enable cert required only for certian URL's.
  Thanks

  What is the condition you want to match?
  You can use get-client-cert in If tags in Web Server 7.0 :
  For e.g. If the condition is matched, This gets a cert, requesting it if it is not already present and failing the request if it can't obtain an acceptable cert only on POST requests.
  <If $url ~="*abc*>
  PathCheck fn="get-client-cert" method="POST" dorequest="1" require="1"
  </If>
  or
  <Object ppath="*abc*">
  PathCheck fn="get-client-cert" dorequest="1" require="1"
  <Object>
  for more details :
  http://docs.sun.com/app/docs/doc/819-2630/6n4thbiek?a=view#indexterm-380

• How can I block a certain URL in Firefox ?

  There is an banking site where username and password are logged and I need to block this URL until the mallware is removed (is not yet recognized)

  It is best to keep the Password Manager disabled.
  *Tools > Options > Security: Passwords: [] "Remember passwords for sites"
  *http://kb.mozillazine.org/Password_Manager
  *https://support.mozilla.com/kb/make-firefox-remember-usernames-and-passwords
  *BlockSite: https://addons.mozilla.org/firefox/addon/blocksite/

• Mozilla has switched off content blocker and URL advisor for Kapersky and I cannot browse the web

  How do I turn these back on?

  It appears that the problem is that the Kaspersky components are outdated an needing action from Kaspersky. I have not the time to research this myself at the moment, but you may be able to do so your self on their support site.
  What do you mean by you cannot browse the web.
  What are the content blocker and URL advisor intended to do ? They may well be largely unnecessary and superfluous. Is just installing them blocking you from using Firefox ? If so uninstall them until Kaspersky has a fix.
  Please also look at this thread
  * [/questions/975869] <br /> (With Windows 7 it would be similar advice) concluding:
  ''Firefox doesn't have any known compatibility issues with any of the major anti-virus suites, but honestly you are wasting your money if you pay for them. Uninstall them and use Window 8's built in Windows Defender. Update your Windows 8 machines to Windows 8.1, and make sure your win 7 machine is up to date, and always keep everything on your machines (Firefox, plugins, etc.) all up to date. That will keep you secure as possible. ''
  * From Windows Microsoft see http://windows.microsoft.com/en-gb/windows/security-essentials-download (That '''explains''' about MSE it does NOT automatically download anything )
  Note
  (But Quotation above is from Tyler who IS professional paid Mozilla Firefox support staff)
  The people who answer questions here, for the most part, are other Firefox users volunteering their time (like me), not Mozilla employees or Firefox developers.
  If you want to leave feedback for Firefox developers, you can go to the Firefox ''Help'' menu and select ''Submit Feedback...'' or use [https://input.mozilla.org/feedback this link]. (You'll need to be on the latest version of Firefox to submit feedback). Your feedback gets collected at http://input.mozilla.org/, where a team of people read it and gather data about the most common issues.

• Looking for a good app so I can block certain callers

  I am trying to find an app which lets me block certain callers. I have a friend who drinks too much sometimes and decides to call me all night long. I don't want to turn my phone off because of business and family.  I have tried Iblacklist manager but there are not instructions or support available..
  Please help. 
  Thanks.

  THANKS, 
  AS I WAS WAITING FOR A RESPONSE (WHICH YOU ANSWERED VERY QUICKLY - THANKS) I WAS READING ABOUT MAKING A RINGTONE SILENT FOR THAT PERSON.  I THINK I WILL TRY THAT.  THANKS AGAIN FOR YOUR QUICK RESPONSE.