WSA certificate options for https proxy

Similar Messages

• WSA access logging for HTTPS traffic

  Hi,
  We have a WSA s370 with AsyncOS  version 7.5.1-079 and it is configured as a transparent proxy.
  HTTPS proxy is enabled and all the URL categories set to pass through ( no decrytpting or monitoring ).
  Seems like the WSA does not generate logs for HTTPS transactions.
  I would like to know whether this is the expected behaviour.
  Is there any way that I can monitor HTTPS transactions without decrypting ?
  Thanks,
  Wipula.

  In addition to what Ken mentioned, the only way you can monitor HTTPS traffic without decrypting it will be done so using the IP address.
  In the access logs, you will see the following transaction when accessing an HTTPS site (google for example):
  TCP_CONNECT 74.125.101.50
  It will only report URLs once decrypted.  At that point, it is just HTTP.
  -Vance

• What is the correct setting for 'HTTP Proxy'?

  On my iPhone 5, while on my home network should HTTP Proxy be set to off, manual, or auto? thanks.

  Thanks, i saw so much talk about it in other threads but nothing about what it should be. My iPhone connects everywhere fine.

• Safari, Proxy Authentication, and Certificate Authorities ( for https )

  A recent update to Safari has caused it to not work with our proxy authentication.  It will not provide authentication details when looking up SSL certificate authorities, causing certificate errors on all https:// websites. All other traffic (http, https if certificate is bypassed, plugins, etc.) seem to work just fine. Is anyone else having this problem?  If so, is there a fix?
  It occurs on Mac and PC.  I am using SquidGuard with NTLM authentication.  All other browsers on our system (IE x.x, FireFox, Chrome, Opera ) don't have this issue.

  I have the same problem and it's frustrating as can be.
  What happens to me is that When I bring my laptop to work, and put it on the work network and launch Safari, Safari informs me that each of my plugins is invalid and then uninstalls them - I'm effectively not able to use any plug ins at work, and I have to go hunt them down when I get back home (for reference, The extensions are still physically in \users\me\Library\Safari\Extensions - so when I get home I can just double click on all of them)
  I opened a case with apple and I encourage you to do the same. Perhaps if enough users complain they will find a gentler way to work with it.
  They had me do a capture and after analyzing it said it was an issue with the work network and not being able to valdate the extensions.
  It sounds like the same issue you have - as my work network uses a proxy as well.
  The rep suggested that I use a different browser at work, but I'm so used to clicking safari, that I do it out of habit.
  I really like Safari, and hope they get it fixed - Safari may not get respect in the windows world, but it's really a great browser - especially on a laptop where screen real estate is limited (where I often hit command-shift-\ to hide the address bar to see more of the page)
  -Jack

• Virus Scanning Options for Web Proxy

  Hi There,
  The release notes for 3.6 state that Virus Scanning is no longer supported as a function of the product.
  What options do I have to virus scan in and outbound content? Is there a virus scanner that plugs in via the NSAPI?
  Cheers
  Andrew

  Hi
  This thread was interesting as I have many customer sites using virus scanning without any problems together with this proxy.. Some sites are really huge as well.
  Can the author of this thread explain how the scanning that now refuse to work is done with the proxyserver... Through an API or as forwarded requests to another scanning proxy (trend micro etc.) or what ? Maybe this is done in some way I am not aware of. Then I am really interested in your problem.
  We mostly use it "user->proxy->vscanner->site" where the proxy and the scanner often run at the same host. This in huge installations together with load balancers infront and behind.
  /Per-Olov

• OSB Routing Options for JMS Proxy

  Hello!
  My config:
  WS Proxy Service -> <jms queue> ->Proxy Service -> WS Service
  jms queue used for guaranteed delivery of msg. I wanna dynamically change retry interval and retry count.
  Does Configuration Routing Options in Proxy Service (Retry Interval and Retry Count) override default settings of queue?
  I tried to change JMS headers (JMS_BEA_DeliveryTime, JMS_BEA_RedeliveryLimit) via snippet Transport Headers, but all of these headers are not delivered.
  Any ideas?
  Thanks,
  lam
  Edited by: laaam on 17.05.2012 12:50

  laaam wrote:
  but all of these headers are not delivered.
  Edited by: laaam on 17.05.2012 12:50They should be delivered, I have a proxy that send JMS header using an insert operation of my expression "as first child of" */ctx:transport/ctx:request/tp:headers* "in variable" outbound.
  Cheers,
  Vlad

• Could'nt configure for http proxy server in weblogic5.1

  Hai
  we have installed weblogic5.1 in two machines one in NT and the other in windows98.
  We want to use one as the webserver and the other as the proxy webserver. When
  ever if a particular file is not found in the webserver it should automatically
  redirect to the proxy server. we have configured the following set of lines in
  the weblogic.properties.
  weblogic.httpd.defaultServlet=proxy
  weblogic.httpd.register.proxy=weblogic.t3.srvr.HttpProxyServlet
  weblogic.httpd.initArgs.proxy=redirectURL=http://192.168.254.183
  but still we could'nt get the redirection. If we look for a particular jsp file
  which is not in the webserver and located in the proxy webserver it searches only
  in the webserver and giving the "404 not found error". What further configuration
  we have to do to achieve this. Both systems are in the network.
  Anybody's help is more appreciated
  Thx and regards
  jagan

  "jaganmohan" <[email protected]> wrote:
  >
  Hai
  we have installed weblogic5.1 in two machines one in NT and the other
  in windows98.
  We want to use one as the webserver and the other as the proxy webserver.
  When
  ever if a particular file is not found in the webserver it should automatically
  redirect to the proxy server. we have configured the following set of
  lines in
  the weblogic.properties.
  weblogic.httpd.defaultServlet=proxy
  weblogic.httpd.register.proxy=weblogic.t3.srvr.HttpProxyServlet
  weblogic.httpd.initArgs.proxy=redirectURL=http://192.168.254.183
  but still we could'nt get the redirection. If we look for a particular
  jsp file
  which is not in the webserver and located in the proxy webserver it searches
  only
  in the webserver and giving the "404 not found error". What further configuration
  we have to do to achieve this. Both systems are in the network.
  Anybody's help is more appreciated
  Thx and regards
  jaganThanks for everyone i was able to solve the problem on my own. The problem is
  i did'nt commented the following line in the weblogic.properties. After commenting
  the line it worked
  weblogic.httpd.defaultServlet=file

• HT1843 I'm using manual proxy setting for my wifi network, how can i save my manual proxy setting , in maual HTTP Proxy i have give server,port username and password details but it asking again and again pop window( Authentication for HTTPS proxy) how can

  give me soluiton.

  Hi,
  My thought is to check the current IP of the server, as your smb.conf has the line interfaces = 192.168.1.109 which means samba will only listen on that interface for requests. If the IP of the server has changed, that would explain why samba isn't working.

• What HTTP Proxy settings to use and when?

  On the Wi-Fi Networks menu there are three options for HTTP Proxy - Off, Manual, Auto
  Which one should I use and when/why would I use the others?
  thx, gordo

  99% of the time, you should have the proxy settings turned off. Unless you are trying to connect to a corporate network, or some other network that requires a proxy server. In that case you would need to talk to the network administrators to obtain the settings you would need. If your just connecting to your wireless network at home, your almost for sure not going to need to enter anything for the proxy server settings.

• Steps to enable Web Proxy for https

  I have an S160 WSA and want to enable the Web service for http and https. I am using transparent mode with WCCP.
  This is part of the router configuration:
  ACL:
  access-list 110 permit tcp 192.168.80.0 0.0.7.255 any eq 80
  access-list 120 permit tcp 192.168.80.0 0.0.7.255 any eq 443
  ip wccp 97 redirect-list 110
  ip wccp 98 redirect-list 120
  interface FastEthernet0/0.380
  ip wccp 97 redirect in
  ip wccp 98 redirect in
  It is the same configuration for http and for https, but only http traffic is working. When I see the logs in the WSA, it looks like accepted connections for https.
  In Security Services -> Web Proxy it is enabled, when I put the port 443, I get an https error in the end user laptop; when I dont, it keeps trying and I get a timeout.
  I tried enabling https proxy but some sites (as gmail), wont work with self-generated certificates.
  Would you please, list me the steps to enable Proxy services for https.
  Thanks!!!
  Sergio L.

  Hi Sergio,
  When WSA is configured as transparent proxy, it also accepts explitcit connections. So in order to test HTTPS proxy, you can configure client browser to explicitly use WSA as proxy and see if it is working before testing in transparent mode.
  When WSA is used as HTTPS proxy, it uses its self-generated certificate to encrypt the connection between itself and the client browser. Since this certificate is not trusted by browser, it'll throw SSL certificate error when connecting via WSA. In order to get rid of this error, download the self-generated certificate from WSA and install it in your browser as a trusted certificate. That should resolve SSL issue with gmail also.
  Hope this helps.
  Thanks,
  Chetan

• DAP and http proxy authentication

  I have a ASA firewall with http proxy authetication and now i configure DAP for Anyconnect with AD .I disable the "Default Dynamic Access Policy"  proxy authentication fail .Someone knows how to configure the DAP for http proxy authentication ?
  best regards

  Still nothing about it. I've also posted to another threads with similar problems:
  http://discussions.apple.com/message.jspa?messageID=8165122#8165122
  http://discussions.apple.com/message.jspa?messageID=8165120#8165120
  http://discussions.apple.com/message.jspa?messageID=8165118#8165118
  http://discussions.apple.com/message.jspa?messageID=8149758#8149758
  As I said before, while I've had OS 1.1.4, everything was normal. It began when I upgraded to 2.0.2 and after to 2.1. I also double checked if the TI here changed the policies, and they assured me they don't.
  Several other users with 2.x are also reporting the same trouble. As far as now, I've came across a post suggesting me to install a local http proxy on the phone, but I don't think it's gonna work.
  Let's keep this thread alive!

• Need to change the Certificate in ACE that is using for HTTPS Management access

  Dear Team,
  Currently we are getting certificate cannot be trusted error in web browser while we are accessing the ACE through https. So we need to installed the new https certificate for https management connection to ACE for removing this error. We do not want to use the self signed certificate for https access to ACEmanagement. We have done the below configuration but there no luck, still its showing the previous self signed certificate in browser.
  parameter-map type ssl MNGMT_SSL
  cipher RSA_WITH_AES_128_CBC_SHA priority 2
  ssl-proxy service PSERVICE_SERVER
  key ACEKEY.key
  cert ACECERT.cert
  ssl advanced-options MNGMT_SSL
  Kindly suggest how we can installed the certificate on ACE for only https management access.
  Thanks in advance.
  Regrads,
  Ranjith

  Ranjith,
  You may want to see the details and recommendation relatedo to this situation and this bug:
  CSCte42757
  Jorge

• Apache HTTP proxying for load balancing only to a group of non-clustered WL servers

            Hi,
            We're running WL Server 6.1 SP 2 on Solaris 2.8.
            For the Apache HTTP proxy plugin, if you use the WebLogicCluster http.conf option,
            do the WL servers you want to load balance across have to be part of a WebLogic
            cluster (if you are prepared to do without failover, as I know it would need to be
            a proper WL cluster to replicate session info for failover). Can you load balance
            across a group of non-clustered WL servers, and maintain the user session to the
            one WL server so that it doesn't switch between servers on alternate requests for
            the same user session, or must the servers be configured as a WebLogic cluster?
            Paul
            We find that if you have a collection of WL servers that are not configured as a
            cluster, that it will load balance alternate requests to each server, but it will
            not pin a user to a single machine according to their session so for 2 servers, 2
            differetn sessions get created, one on each machine.
            Is this because it doesn't normally do this, but sends the user alternately to a
            primary then secondary which works in a cluster because the session is replicated.
            I thought the secondary was only used when the primary failed.
            

  We're running WL Server 6.1 SP 2 on Solaris 2.8.          >
            > For the Apache HTTP proxy plugin, if you use the WebLogicCluster http.conf
            option,
            > do the WL servers you want to load balance across have to be part of a
            WebLogic
            > cluster (if you are prepared to do without failover, as I know it would
            need to be
            > a proper WL cluster to replicate session info for failover). Can you load
            balance
            > across a group of non-clustered WL servers, and maintain the user session
            to the
            > one WL server so that it doesn't switch between servers on alternate
            requests for
            > the same user session, or must the servers be configured as a WebLogic
            cluster?
            You don't have to use the clustering option. To get failover, you'll have to
            use the JDBC persistence option of WL.
            > We find that if you have a collection of WL servers that are not
            configured as a
            > cluster, that it will load balance alternate requests to each server, but
            it will
            > not pin a user to a single machine according to their session so for 2
            servers, 2
            > differetn sessions get created, one on each machine.
            >
            > Is this because it doesn't normally do this, but sends the user
            alternately to a
            > primary then secondary which works in a cluster because the session is
            replicated.
            > I thought the secondary was only used when the primary failed.
            The primary/secondary stuff requires clustering. If Apache continues to
            "load balance" after the first request, you need to either use JDBC session
            persistence or use a different load balancer (like mod_jk for Apache or a
            h/w load balancer with support for sticky).
            Peace,
            Cameron Purdy
            Tangosol, Inc.
            http://www.tangosol.com/coherence.jsp
            Tangosol Coherence: Clustered Replicated Cache for Weblogic
            "Paul Hammond" <[email protected]> wrote in message
            news:[email protected]...
            >
            

• Http proxy setting for webservice client.

  Hi !
  I have set the following option for accessing the webservice through the proxy(webservice
  outside the firewall).
  I'm using weblogic v7.0 with sp1.
  -Dweblogic.webservice.transport.http.proxy.host=xxxx
  -Dweblogic.webservice.transport.http.proxy.port=8088
  It works fine and my soap client is able to access the webservice lying outside
  the firewall.
  But when I use the same setting, the soap client fails for accessing the webservice
  which are
  inside the firewall.
  I get "Connection refused".
  Is there any option to specify not to use proxy for specific hosts and ports ?
  For example http.nonProxyHost
  Any pointers will be of great help.
  Thanks
  Kumar Raj

  I have not worked in SoA server, but since it uses weblogic server underlying (I assume), you can try setting the -Dhttp.proxyHost , -Dhttp.proxyPort system properties ( https for secured URL's) to WLS to specify the proxy details. Also the product might not have the capability to pass user credentials for authentication at the proxy. The version of OSB we are using had this problem. To overcome this you might require to add the URL to the proxy free list in your proxy server. This prevents the proxy from prompting for the user name when you access that URL.

• HTTP Proxy settings for WIFI

  I am trying to access the wifi at work which requires me to use a http proxy.
  I can connect to the network in my company from my PC without any issues by giving the url in the lan settings
  When I open the browser it asks for the user id and password and once I authenticate it allows me internet access
  However I am having trouble mapping this into the iphone I realise I have two options i.e manual and auto
  Can someone help me map these settings or direct me to a forum where some has done this successfully
  Thanks.

  Your post is not going to be seen by the Apple Engineers. This is a users forum. You should contact Apple Technical Services directly.
  There is a new version of Apple Configuration Utility that just came out in the last two weeks. Manually setting the proxy settings isn't really very hard to do so I'm not sure what the concern is.