WSDLReader and https

Similar Messages

• Error Message when installing Companion CD for HTMLDB 1.6 and HTTP Server

  Hi. First time forum user so bear with me.
  I'm not sure if this is the correct forum for this but the assistance of anyone who may be able to shed some light on the problem whould be greatly appreciated. I am having a problem when attempting to install the Companion CD for HTMLDB 1.6 and HTTP Server, details given below:
  The following Oracle components have been successfully installed
       Oracle 10gR2 Database.
       Oracle 10gR2 Database patch 10.2.03.
       Critical patch up date (security).
  The following Oracle component failed to install.
       Companion CD for HTMLDB 1.6 and HTTP server
  Scenario leading up to failure
       Extracted companion CD installation files to D:\oracle\utilities\Oracle_10_2_0_Companion
       Executed D:\oracle\utilities\Oracle_10_2_0_Companion\companion\setup.exe.
  The following error message is displayed in a "JAVA VIRTUAL MACHINE LAUNCHER" dialog box
       "Could not find the main event class. Program will exit."
  I have been attmepting to resolve this problem for over a week and have already checked the following with no resolution to the problem:
  Cause. This issue may have to do with two issues (and may occur more on Windows):-
  1. Within the ORACLE_HOME directory full pathname there is a space.
  2. The directory from where the software / patch is being installed has a space within the directory full
  pathname (where the file for the installation by default is named products.jar or products.xml).
  Solution. To implement the solution, please execute the following steps:-
  1. Rename the full pathname directory NOT to contain a space.
  2. Launch again the OUI... and verify if the problem occurs.
  Any further guidance would be greatly appreciated.
  Edited by: user10386555 on 03-Oct-2008 02:51

  Can you install using OUI from the RDBMS installation? IIRC, there is a problem using OUI on companion to install companion items.

• Https front end and http backend

  Hi there....I am having a small issue....I have a web app that is https based....I have installed the cert on the CSS, and DNS for this app points to the VIP....the client is wanting to have an https front end, and then load balance in http to the backend servers....the issue I am running into is that this only works if I have an active port 80 rule on that same VIP....if I suspend the port 80 rule and only leave the port 443 rule active on that VIP, it doesn't work....please see appropriate config portions below....Thanks in advance!
  Sandeep
  ANy suggestions? I have been trying this for a couple of days now...it works fine if the backend sessions are also https, but the client has changed their requirement....
  ssl-proxy-list SSL1
  ssl-server 1
  ssl-server 1 rsakey app1-test
  ssl-server 1 rsacert app1-test
  ssl-server 1 vip address 10.19.55.10
  ssl-server 1 cipher rsa-with-rc4-128-md5 10.19.55.10 81
  backend-server 1
  backend-server 1 port 81
  backend-server 1 server-ip 10.19.55.132
  backend-server 1 ip address 10.19.55.132
  backend-server 2
  backend-server 2 port 81
  backend-server 2 server-ip 10.19.55.133
  backend-server 2 ip address 10.19.55.133
  backend-server 3
  backend-server 3 port 83
  backend-server 3 server-ip 10.19.55.132
  backend-server 3 ip address 10.19.55.132
  backend-server 4
  backend-server 4 port 83
  backend-server 4 server-ip 10.19.55.133
  backend-server 4 ip address 10.19.55.133
  backend-server 5
  backend-server 5 port 85
  backend-server 5 server-ip 10.19.55.132
  backend-server 5 ip address 10.19.55.132
  backend-server 6
  backend-server 6 port 85
  backend-server 6 server-ip 10.19.55.133
  backend-server 6 ip address 10.19.55.133
  active
  service webserver002:81
  ip address 10.19.55.132
  port 81
  keepalive port 2199
  keepalive type tcp
  protocol tcp
  active
  service webserver003:81
  ip address 10.19.55.133
  port 81
  keepalive port 2199
  keepalive type tcp
  protocol tcp
  add ssl-proxy-list SSL1
  active
  service webserver002:83
  ip address 10.19.55.132
  port 83
  add ssl-proxy-list SSL1
  keepalive port 2399
  keepalive type tcp
  protocol tcp
  active
  service webserver003:83
  ip address 10.19.55.133
  port 83
  keepalive port 2399
  keepalive type tcp
  protocol tcp
  add ssl-proxy-list SSL1
  active
  service webserver002:85
  ip address 10.19.55.132
  port 85
  add ssl-proxy-list SSL1
  keepalive port 2599
  keepalive type tcp
  protocol tcp
  active
  service webserver003:85
  ip address 10.19.55.133
  port 85
  keepalive port 2599
  keepalive type tcp
  protocol tcp
  add ssl-proxy-list SSL1
  active
  service SSL_Front
  slot 2
  type ssl-accel
  keepalive type none
  add ssl-proxy-list SSL1
  active
  owner app1-test
  content app-test_back
  vip address 10.19.55.10
  add service webserver002:81
  add service webserver003:81
  add service webserver002:83
  add service webserver003:83
  add service webserver002:85
  add service webserver003:85
  balance aca
  protocol tcp
  port 81
  active
  content app1-test_front
  vip address 10.19.55.10
  application ssl
  add service SSL_Front
  protocol tcp
  port 443
  advanced-balance ssl
  balance aca
  active

  Thanks for the quick reply....there is another port 80 rule setup for that vip....I was using that to test with the app until I got the front end https rules working....
  my port 80 rules just says listen to 10.19.55.10 on port 80 and load balance btwn the webervers on port 8x in the back end...
  I am trying to do https front end and http backend....
  no where in my SSL config have I configured port 80....but when I suspend that rule it all fails....
  I am wondering if the backend server sessions are happening properly?
  I don't fully get what you mean by "You need to have the rule in port 443 to match traffic coming from the client and the clear text rule (port 81) to match traffic already decrypted coming from the SSL module"
  Haven'tI done that?
  Thanks again!
  Sandeep

• Oracle database (10.2.0.4) and HTTP server / HTML DB conflict

  Hi there,
  I installed a fresh 10.2.0.1 (patched with 10.2.0.4) oracle database on Oracle Entreprise linux 5.7, and HTTP server + HTML DB products from the companion CD. Both are located in different home directory:
  ODB:  $ORACLE_BASE/product/10.2.0/db_1
  APEX: $ORACLE_BASE/product/10.2.0/apex
  I just discovered that logs files ($APEX/opmn/logs/) have filled up my entire disk this week end. After some googling / digging, I've read that there is a conflict between the ONS services that run for both products on the same port. Opening the configuration files of both products:
  +$ODB/opnm/conf/ons.config+
  +$APEX/opnm/conf/opnm.xml+ (btw, ons.conf is empty)
  I indeed saw that they both use port 6113 as local port and 6200 as remote port. The workaround I've found in variuos places is to either change the port number, or unsuscribe ONS for the database listener (and sometimes both).
  Question 1: what is the best solution ? what are the consequences for the database listener in case of unsuscribtion ?
  I also saw that opnm.xml in APEX configuration file is making use of the $ORACLE_HOME environment variable, which I define in my /etc/profile as $ORACLE_BASE/product/10.2.0/db_1. So I guess the opnm of APEX is looking at the wrong place... Yet if I change ORACLE_HOME in my /etc/profile, I won't be able to run dbstart upon stgartup, as it is run using ORACLE_HOME in a init.d script...
  Question 2: Can someone clarify things up about the exact relationship between oracle database and HTTP server ? How should I deal with ORACLE_HOME environment variable, which one use it and when... ?
  Note that I'm completely new to Oracle (and hence APEX).
  Thanks in advance!

  Billy  Verreynne  wrote:
  There should be no conflicts - except for configuration ones.
  Oracle is multi home capable. Thus multiple Oracle s/w products installed into different homes and these products running side by side.
  The conflict is system resources - like a TCP port. That port cannot be shared by multiple processes. So you need to make sure that each s/w component that needs a TCP listener end-point, has a unique port number allocated for it to use.
  As mentioned, the Oracle Apache server is an Oracle client with respect to Oracle client-server architecture. It simply needs a client OCI driver to connect to the Oracle database instance. So whether you run Oracle Apache on the same server as the database instance, or on another server all together - this makes no difference. The Oracle Apache s/w will be using its home for running. It has no need for anything from the database instance's home directory. Thus there are no conflicts - as long as you correctly keep them separated and not set the wrong home for the wrong component or include the wrong path (to another home's executables).
  OK, so to summarize a bit:
  - I should just be carefull when running startup script which will launch all services upon startup, i.e. changing the value of ORACLE_HOME before running each product startup script (dbstart => ORACLE_HOME = (..)/10.2.0/db_1, opmnctl => ORACLE_HOME = (..)/apex). I'm still quite worried because ORACLE_HOME is heavily used in opmn.xml but anyways.
  - That's basically it: when each product's services are running, they do not use ORACLE_HOME (and such) anymore, hence no conflict from this point of view.
  Also do not attempt to use IPC connectivity between the mod_plsql Apache module and the database instance. Does not make sense ito performance. Shared server should be considered and localhost TCP connectivity can be used.Well as I don't really know IPC yet, so hopefully I won't get into troubles. Just to be clear about that, i've this in my listener.ora:
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = PLSExtProc)
  (ORACLE_HOME = /opt/oracle/app/oracle/product/10.2.0/db_1)
  (PROGRAM = extproc)
  LISTENER =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
  (ADDRESS = (PROTOCOL = TCP)(HOST = apex.nwk)(PORT = 1521))
  Does that mean that ICP will be used somehow ?
  Thanks again from your help.
  Edited by: lv on 27 févr. 2012 06:42

• Ftp and http access over XDB repository is not allowed...

  When I try to execute the following command on a reasonably fresh Oracle 11 installation:
  insert into "XMLTEST" ( "name", "xmlfof" ) values ( 'small', DBMS_XDB.GETCONTENTXMLTYPE('/public/small.xml') );
  -- The schema is correctly registered, the file "small.xml" is in the /public repository folder, the user has every conceivable role and priviledge
  -- http access works fine from a remote location, tried to execute the command on the server and from remote system...
  I get the following error message:
  ORA-31020: Der Vorgang ist nicht zulässig, Ursache: For security reasons, ftp and http access over XDB repository is not allowed on server side ORA-06512: in "XDB.DBMS_XDB", Zeile 1915
  Searching for an answer on the forum didn't produce any concreate explanation... Does anyone have any idea how to solve this problem?

  As it turns out, the XML file contained a reference to a DTD at an external web-site, which caused the problem - it was identical to that described here:
  Re: ORA-31020 when using XML with external DTD or entities
  After removing the reference, everything works perfectly...

• Oracle service, Listener and http server does not start automatically

  Hello,
  I have Oracle 9i release 2 installed on Unix HP box if system restart in case of power failure the Oracle service, Listener and http server does not start automatically, is there any ready reference available to check what's wrong is happening(I don't have knowledge of Unix).
  Thanks, Khawar.

  Hi Rajesh,
  Thanks for reply, I will check this link and will be back if facing problem.
  Regards, Khawar.

• PORTAL ACCESS  THROUGH HTTP and HTTPS BOTH

  Hi,
  Is it possible to make the portal listen on both http and https ports at the same time? What is the required configuration for the same?
  Please let me know for any other details.
  Any input is highly appreciated.
  regards,
  Chandra

  Hello Chandra,
  you can activate SSL in the J2EE engine and then you have both Protocolls avaliable. The documentaiton can be found at <a href="http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm">Configuring the Use of SSL on the SAP J2EE Engine</a>.
  Regards
  Gregor

• Https for SOAP and HTTP Receiver adapters in PI 7.1

  Hi,
  We need HTTPS Transport protocol is required to send the message to receiver systems.
  Currently we are using below procedures for https:
  1)     HTTP with SSL (= HTTPS) without client authentication
  2)      HTTP with SSL (= HTTPS) with client authentication
  But client donu2019t want this procedure.
  Here my question is How to enable the https Transport protocol in SOAP and HTTP Receiver adapters.

  >>Here my question is How to enable the https Transport protocol in SOAP and HTTP Receiver adapters.
  What I see is your client wants PI to send communication via HTTPS transport protocol. That means you have to apply for trusted certificate and import that certificate root node in Netweaver keystore.
  Then change the transport protocol from http to https in soap and http receiver communication channel and communicate to client via certificate authentication.
  Plenty of documents available in sdn about https certificate authentication. Please go through those links.
  check this thread.. might be helpful
  Client Certificate for PI authentication when Web Dispatcher terminates SSL

• Only HTTPS requests are working for SOAP Sender and HTTP not working

  wHi Experts,
  We have enabled our HTTPS port ( SSL ) in NWA -- >> Security -- >> SSL and Key stores. So understanding is HTTPS port is now enabled on top of HTTP. So PI should be able to cater requests at both ports.
  Now, we have developed a synchronous SOAP to RFC scenario and downloaded WSDL file. This file has both links -
  a. http:<host>:<port>
  b. https:<host>:<port>
  We intend to make a PI system where both ports can work. Now questions.
  1. When we test web service exposed from PI using SOAPUI tool, only HTTPS works fine and gets the response back. If we try HTTP URL, an error is encountered - HTTTPS scheme is required.
  2. Is this whole understanding that both ports  ( HTTP, HTTPS ) should be able to operate simultaneously correct ? Or this is not at all possible ?
  3. In SOAP Sender, we tried selecting all 3 options - 1. HTTP 2. HTTPS without client authentication 3. HTTPS with client authentication.
     None of the options have any effect on testing, Each time, only HTTPS request works and HTTP doesn't.
  Can anyone please provide some hints for troubleshooting ?
  Thanks..
  regards,
  Rajagopal.

  The error "HTTPS scheme is required" is normally returned when the HTTP Security Level on the SOAP adapter is not set to "HTTP". I can see you have mentioned you have tried all these, maybe a cache refresh has gone wrong? Could try recreating the channel with just HTTP specified as security level and this should allow HTTP or HTTPS
  I assume you are using a different port number for  your HTTP and HTTPS requests from SOAP UI. Normally the HTTPS port is the same as the HTTP port number but the final zero changed to a 1 i.e. https://<host>:50001 instead of http://<host>:50000.
  You should be able to confirm both HTTP and HTTPS work OK by loading some of the system webpages in a browser over HTTP and over HTTPS i.e. http://<host>:<port>/nwa and https://<host>:<port>/nwa
  Chris

• Idoc and http adapter

  Idoc and http adapter resides in ABAP stack. So how do we monitor these two adapters ? It wont be visible in RWB ?

  Hi,
  To know the difference i suggest u try to do it by ur self only.
  Login in to Runtime Work bench- component monitoring-Adapter engine-communication channel monitoring- Filter the communication channel with name.
  and click on message id of that channel, it will show u the steps by step log for that channel.
  MONI is used for message monitoring.
  chirag

• Maintaining Sessions between http and https

  I have a web application in which I want my users to view the login page over SSL and send the login request via SSL also, but then I want to revert back to http://
  My problem is, and i've seen this problem on loads of boards with no real resolution, during the login I set some objects with in the session that are used to display information in other parts of the site... but the session object is being lost!!!
  I am using Tomcat as my web server, I saw an article on JavaWorld titled "mix protocols transparently in web applications", and apparently to over come this problem if you are using WebLogic 6.1 there is a parameter in the weblogic.xml file that must be configured, but I cant find a similar one on Tomcat!!!
  Thanks in advance

  Thanks a million for the answer, I have got it working now, but I had to do something a little different for any one else who experiances this problem I'll go through it... I set an attribute in the context which was named the the value of the current session id and contianed the session object. Then when leaving the login handeling in my dispatcher servlet I apended the session id to the url of the next jsp called. In this jsp then I retrived the "secure session" object from the context, this so far is what you suggested.
  But then I had to loop through "non secure session" object's attributes and set them in the "non secure session" object, that is I was not just able to reset the "non secure session" object equal to the "secure session" object as when I went on to the next page it was reset to the "non secure session" object again!
  The fact that the session object is changed when moving between http and https is (according to Tomcat buglist) a bug of Tomcat 4.1 and did not occur in tomcat 3.2

• How to protect both access (http and https) with a Policy Agent

  Hi,
  During the installation of a web Policy Agent (i.e. Policy Agent for IIS) we have to choose the protocol (and port) of the web server we want to protect.
  If we have an IIS with secure (https) and non secure (http) applications, how we manage this scenario with the policy agent?
  Regards,

  Hi,
  Finally, i have installed the agent in IIS5 in the non secure port (http) and in fact it detects both access (http and https) fine.
  The problem now is that if i try to access to a non secure url ( http://mynonsecureapp.com ) all works fine, the agent redirects to https://myaccessmanager.com:443/amserver/UI/Login?goto=http://mynonsecureapp.com but when i try to access to a secure url ( https://mysecureapp.com ) the agent try to redirects me to: https://myaccessmanager.com:443/amserver/UI/Login?goto=http://mysecureapp.com (notice that the agent removes the 's' in the url).
  The amAgent log file shows:
  +2008-07-17 09:44:08.296MaxDebug 656:d8f6b0 PolicyAgent: am_web_is_notification(), https://sigcit.agp.gva.es:443/fullcitriweb is not notification url http://sigcit.agp.gva.es:80/amagent/UpdateAgentCacheServlet?shortcircuit=false.+
  +2008-07-17 09:44:08.296 Warning 656:d8f6b0 PolicyAgent: OnPreprocHeaders(): Access Manager Cookie not found.+
  +2008-07-17 09:44:08.296 Debug 656:d8f6b0 PolicyAgent: am_web_is_access_allowed(): url 'https://sigcit.agp.gva.es:443/fullcitriweb' path_info ''.+
  +2008-07-17 09:44:08.296MaxDebug 656:d8f6b0 PolicyAgent: am_web_is_access_allowed(): processing url http://sigcit.agp.gva.es:80/fullcitriweb.+
  +2008-07-17 09:44:08.296 Debug 656:d8f6b0 PolicyAgent: am_web_is_access_allowed(): client_ip 172.27.65.62 not found in client ip not enforced list+
  Any ideas?
  Regards,
  Edited by: idm_oceanic on Jul 17, 2008 1:33 AM

• JSF / Switch between HTTP and HTTPS

  Hello!
  I want to switch between HTTP and HTTPS using JSF.
  Under Apache Struts framework I can use struts extension "sslext.jar" to configure switching between http and https in one web application.
  e.g. Login-jsp should be secured, all other jsp's should run unsecured.
  Any ideas?
  regards
  Harald.

  Thanks,
  I made the necessary enhancement for the second phase, password confirmation required when return to SSL zone after leaving it after a succesful login.
  I did the following:
  1) create a class in the application scope and/or singleton class with the servlet paths that require SSL
  2) create a plugin that reads ActionConfigs from the ModuleConfig
  3) create a filter that sets a request scope flag that says that password must re-entered.
  Code Extracts:
  1) MainshopContainer application level parameter singleton class:
  private static HashMap sslZoneMap = new HashMap(50); // key = servlet path of request, example /login.do
  public boolean isInSSLZone(String servletPath)
  return this.sslZoneMap.containsKey(servletPath);
  public void addToSSLZone(String servletPath)
  this.sslZoneMap.put(servletPath,null);
  public int getNumberOfActionsInSSLZone()
  return this.sslZoneMap.size();
  2) Struts plugin
  add a call to loadSSLZoneMap in plugin init method:
  loadSSLZoneMap(config, mainshopContainer);
  private void loadSSLZoneMap(ModuleConfig config, MainshopContainer mainshopContainer)
  throws ServletException
  try {       
  ActionConfig[] actionConfigs = config.findActionConfigs();
  for (int i = 0; i < actionConfigs.length; i++)
  if (actionConfigs.getParameter().indexOf("/jsp/account/") < 0) // /account/* = URL path for SSL zone
  // not found = not ssl zone
  System.out.println("loadSSLZoneMap, following actionConfigs excluded from SSL Zone: "+actionConfigs[i].getPath());
  else
  // found = ssl zone
  String servletPath = actionConfigs[i].getPath()+".do";
  mainshopContainer.addToSSLZone(servletPath);
  System.out.println("loadSSLZoneMap, following servletPath added to SSL Zone: "+servletPath);
  System.out.println("loadSSLZoneMap, number of actions in SSL Zone: "+mainshopContainer.getNumberOfActionsInSSLZone());
  catch (Exception ex)
  ex.printStackTrace();
  throw new ServletException("Exception caught in loadSSLZoneMap: "+ex.toString()+" Initialization aborted.",ex);
  3)
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
  throws IOException, ServletException {
  HttpServletRequest req = (HttpServletRequest) request;
  HttpServletResponse res = (HttpServletResponse) response;
  String servletPath = req.getServletPath();
  boolean secure= this.mainshopContainer.isInSSLZone(servletPath);
  The wole picture:
  The filter adds a RequestDTO object that includes all request parameters, one of them is the secure flag.
  I have a session scope class UserContainer that includes all the session parameters, one of them is the lastRequestDTO.(last made request)
  At the end of all my jsp's I set the lastRequestDTO variable.
  In that method I set the passwordConfirmationRequired flag if needed:
  public void setLastRequestDTO(RequestDTO _lastRequestDTO)
  if (this.lastRequestDTO != null && this.lastRequestDTO.isSecure() != _lastRequestDTO.isSecure())
  this.setPasswordConfirmationRequired(true);
  this.lastRequestDTO = _lastRequestDTO;
  I read the passwordConfirmationRequired in all my jsp's in the SSL zone that allow editing or deleting and if that flag is true, a valid password must be re-entered in order to make the updates.
  When the password is OK I reset the passwordConfirmationRequired to false.
  I need some help for the first phase, that is SSL setup for all actions related to jsp's with url path /account/*
  I tought I could define it in the web.xml:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>All Account Related Pages</web-resource-name>
  <url-pattern>/account/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  but that doesn't work and finnaly understood why:
  Example: /WEB-INF/jsp/account/login.jsp corresponds to /login.do
  The url pattern /account/* at the container level is never encountered.
  Is it allowed to declare the following action path: /account/login instead of /login?
  If yes I could add following prefix /account to all my action paths and forward paths and this could resolve my problem.
  What's your opinion?
  If no, would your library resolve this?
  Will all the Struts/JSP/JSTL url generating tags pick-up the required protocol (http/https) according to your configuration file?
  Regards
  Fred

• WCCP Configuration HTTP and HTTPS

  Looking for anyone that might have a clue in on this, im attempting to configure a pair of routers to use WCCP to redirect HTTP and HTTPS traffic to two content keeper devices. The network im building is going to be used for a guest internet connection where defining proxies on end devices would be unusable.
  I'll drop the configs in below but for now what i have are 2 cisco 3925 routers configured for HSRP. 2 content keeps running squid for the cache engine. with my current configurations, I have wccp web-cache and wccp service 70 configured (all 4 devices are available/usable in both services). this is a layer 2 setup. HTTP traffic is picked up and redirected to the content keepers without issue. https traffic does not appear to be detected by the routers. I have chosen not to use ACLS for WCCP and use the redirect in because we want to capture http(s) traffic from all hosts.
  for HTTP, I see hits counters rise on the router under show ip wccp, i see hit counters for the content keepers increase, i see http traffic on the firewall from the content keepers and I get the web page on the device
  For HTTPS I do not see hit counters under wccp increase, I do not see any traffic on the content keepers bridge, and i see traffic on the firewall from the hosts orginal ip address.
  interface0/2 internal LAN
  interface 0/0 content keepers (no WCCP commands)
  interface 0/1 gateway firewalls. (no WCCP commands
  ip wccp check services all
  ip wccp web-cache
  ip wccp 70
  interface GigabitEthernet0/2
  description To Lan
  ip address x.x.x.x
  ip wccp web-cache redirect in
  ip wccp 70 redirect in
  standby 1 ip x.x.x.x
  standby 1 priority 150
  standby 1 preempt
  duplex auto
  speed auto
  Global WCCP information:
      Router information:
          Router Identifier:                   x.x.x.2
      Service Identifier: web-cache
          Protocol Version:                    2.00
          Number of Service Group Clients:     2
          Number of Service Group Routers:     2
          Total Packets Redirected:            17999
            Process:                           0
            CEF:                               17999
          Service mode:                        Open
          Service Access-list:                 -none-
          Total Packets Dropped Closed:        0
          Redirect access-list:                110
          Total Packets Denied Redirect:       0
          Total Packets Unassigned:            0
          Group access-list:                   -none-
          Total Messages Denied to Group:      0
          Total Authentication failures:       0
          Total GRE Bypassed Packets Received: 0
            Process:                           0
            CEF:                               0
      Service Identifier: 70
          Protocol Version:                    2.00
          Number of Service Group Clients:     2
          Number of Service Group Routers:     2
          Total Packets Redirected:            0
            Process:                           0
            CEF:                               0
          Service mode:                        Open
          Service Access-list:                 -none-
          Total Packets Dropped Closed:        0
          Redirect access-list:                -none-
          Total Packets Denied Redirect:       0
          Total Packets Unassigned:            0
          Group access-list:                   -none-
          Total Messages Denied to Group:      0
          Total Authentication failures:       0
          Total GRE Bypassed Packets Received: 0
            Process:                           0
            CEF:                               0
  Show details and show service attached.

  Hello Josh,
  1. Yes, port-specific ACL is not supported. But it is not a big problem. Usually on WCCP server you can configure very specific bypass (Cisco WSA supports that - do not know about Sophos). For bypassed traffic WCCP server will reinject that packet in GRE and send back to ASA which will decapsulate it and send as normal packets.
  It's a good design, because you can have very granural bypass policy on WCCP server.
  2. Yes, configuration is correct, although it's better to be more specific (not send all traffic to WCCP if there is no need for that).
  3. Yes, you can use deny in redirect-list to exclude traffic.
  4. WCCP keepalives are being send by WCCP server by default every 10 seconds. If ASA does not see that replies for some time it marks server as dead and uses other ones.
  Michal

• In OS 10.6 and Safari 6, http: and https: are no longer displayed.

  In OS 10.6 and Safari 6, http: and https: are no longer displayed.
  Can this behaviour be restored??
  In 10.5.8 with Safari 5.x some sites will show up as https: while the same
  site in Safari 6 may, or may not, show the grey or green box https: box.
  Is this this a certificate problem?
  Can I set the address bar to for the URL prefix?
  I have both systems on separate disks and consistantly see this behaviour on some sites.
  How can I feel assured that a site is or is not secure using Safari 6??
  A relative also shares this same issue
  Thanks for your Help!

  Safari 6 : http is not shown in the URL (& Search combined) bar, but https is always shown, often with a symbol lock. The URL address font is black, after the / it is grey.
  All as expected.
  Best.