Cisco Application Networking :: GSS-4492-k9 Does GSS HTTP-HEAD Supports Https
Jun 26, 2011
I am configuring a GSS to check an Web server that responds to https requests.I put 443 as the port but I don´t see replies from the server and the Answer Status is always offline.Other servers using http on port 80 are showing OK.The appliance is a GSS-4492-k9 Version 3.1(0).
I have upgraded gss to version 3.2(0) because I need to track a server that uses only https.I configured a https head KA VIP answer type but the answer never goes on-line.I tried using url... as the VIP address but not go online too.The gss is behind a firewall.I suspected of the firewall but from the gss CLI it seems that the firewall is open for the https traffic: [code]
i have a 4710 appliance (one armed) and i am load balancing with two webservers. In the URL, there are links that need to be redirected to https:
[URL]
i am using the
rserver redirect REDIRECT-TO-HTTPS[URL]
The https is working but i have a problem. when i access the Main link "first" it is redirected to https to the Main link.But if i access one of the Sublinks directly(without having to click on the main link first) the page is redirected to https but to the Main Link. i have to click the Sublink again in order to get the page.How can i redirect to https and stay on the same page? What might be the general link in the webserver-redirection?
For a CSS with a SSL module (performing SSL termination) - is it possible to impliment a redirect on https URL to send to equivalent http URL.If my understanding is correct, the CSS will do SSL termination and then use an http content rule on the resultant http stream as it is recursively handled by the CSS ? This would mean that the SSL module has no way of seeing/acting on layer 5 and above data (i.e. picking up on a specific URL) and can not itself issue a redirect - i.e. you could not associate a redirect statement or service with the following ssl content rule ? [code]The CSS would instead rely on a http content rule to impliment a redirect - i.e. you would have to associate a redirect statement or service to the following http content rule instead?
But if the CSS is already handling traffic for existing url... traffic that is going to cause a loop when a client goes direct to. url...I realise the requirment is uncommon / a bit convoluted, its one of those don't ask type scenarios - aimed at achieving a specific requirement.Would the ACE 4710 be able to handle such a scenario any differently ?
I am trying to make a redirect from http to https. the goal is whenever a user writes in http://10.80.199.71 it should be redirected to https://10.80.199.71 I am just haveing some trouble making it work.
How to configure a redirection on the ACE from HTTP to HTTPS using specific URL example [URL] to [URL], the SSL certificates were installed on the servers.
I have a physical server running behind the ACE module ACE20-MOD-K9. The Server has several virtual machines. One of that virtual machines, has a WEB SERVER running virtual https servers. For example, server with IP address 10.0.0.20/24, has serveral virtual HTTPs servers as of urll... So, if you nslookup the servers, they all respond with 10.0.0.20 IP address. So if I do url...goes to 10.0.0.20 and read the VIRTUAL SERVER config and replies back to the request.Now, I am trying to verify that the TCP connection (443) and the HTTPS server itself is up and running but only for the url... site and not for the other 2.The problem that I am facing is tha the HTTPS probe fails randomly. The TCP probe works fine.
We want to mask part of the path prefix to hide development content: For example: the site(s) are: [URL]However we don't want anything with acme showing...so we would want the loadbalanced url to be: [URL] ...for requests and responses. I think this would be an http re-write request/response scenario?Is this possible to configure this on the ACE Device? We've got the load balance configuration down...not sure how to do this re-write type scenario?
I have reset my wireless connection numerous times, rebooted, tried wireless and wired and continue to have the same result - great signal; cannot connect to any webpage. Ran network diagnostics and everything seems to check out except the "DNS Server."
Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:Documents and SettingsMarcy Musselman>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : MARCYS Primary Dns
I have follow below URL to disable the https over web authentication:
[URL]
What i want to achieve is disable https over web authentication due to certificate issue, but it seems like even we have disable the http over web management as above URL describe, still https while doing web authentication. Or it is possible to configure use port other than 80, like 8080 for web authentication? (need to reboot the wlc?)Is there any bug that related to this CSCsy32145?
I am familiar with how a proxy works. The client sends a request to the proxy server and the proxy server makes the connection on behalf of the client to the web page.My question is how does this work with HTTP and end to end encryption?I know that at a company the IT staff can install certs on the computers that link to the proxy thus breaking the end to end encryption and allowing the company to see what data is being sent.I however cannot find out or think of how else to proxy an HTTPS connection other than installing certs on the clients that allows the proxy to see the data.If the proxy makes the https request on behalf of the client via one session, the https session would terminate on the proxy and the proxy would have to create a subsequent https connection to the client.This would break the end to end encryption and the client should pick up on this unless the certs on the client have been changed.
I will be adding wireless access points or repeaters on a business network. The business already has one wireless router using a https login, that 15 computers are wired to, through switches. This Secure http router is directly connected to the cable modem.Would I be loosing the benefit of Secure http by adding wireless access points or repeaters that don't support it? Or would they be securely routed by the main https router connected to the gateway?I have never had the opportunity to work with a secure http router before.
I installed the LMS as ova template on ESXi and be able to connect via SSH, but when I try to connect via http or https I got the following error.
ForbiddenYou don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Never seen a Cisco, or any other L3 switch before. Nor an Lx router. Any step by step,or class room or web based training, or a partner or Cisco helper to get us up to speed on this.Goal is to limit http and https traffic in favor of telnet to an AIX server and RDP to a Windows TS. Printing would be ahead of http/s and below the others.
Interstingly, the web site promises 9 videos, but there are only 8. The demo guide says about OoS: "Coming Soon".Where to go? Who(m) to call?
Any issues with IOS 12.4(16) through 12.4(25f) with HTTP/HTTPS protocols running on a 3825 router? I have a remote site that accesses a corporate application over an MPLS, sometimes it works fine, other times it will hang for hours. No errors on circuits, interfaces, ethernet interfaces, etc. Response times are averaging 50ms even when the application freezes. The only thing I can think of is that it could be an issue with the IOS version.
I need to redirect all http and https traffic from one source in a dmz network, to port tcp/8080 on a proxy server on the inside network.
The source device doesn't handle proxying very well, so i've been advised to redirect the tcp/80 and tcp/443 ports to tcp/8080 as it passes through the firewall.
I was unable to access my ASA 5520 using HTTP/HTTPS even on the management interface. I had upgrade the ASA IOS to asa832-k8.bin and ASDM to asdm-634-53.bin. But, the issue still the same.
My browser show the error message as attach image.
PGA-Firewall-02# sh run: Saved:ASA Version 8.3(2)!hostname PGA-Firewall-02enable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface GigabitEthernet0/0 nameif public security-level 0 ip
I have a WLC526 running sw version 4.2.61.8 that I finally got around to installing in my shop for testing after sitting on the shelf for several years. Since it's now out of warranty and I'm no longer certified getting the latest sw version isn't possible so I'm stuck with the version it shipped with.
1, How do we change the web log in page from https to http? No guest wants to get confronted with a certificate error page so https doesn't make sense.
2, The virtual interface used for Web-Auth provides for a DNS Name but if I set a name it won't resolve and the log in fails. If I delete the name it uses the assigned IP instead and works fine. How do I get the DNS Name to work since it looks more professional?
3, When changes are made to the WLC I was initially just applying the change and then saving the config but it appears for some of these changes to take affect I have to reboot. It this correct or am I just missing something.
Again some of these issues are probably addressed in the subsequent sw releases but since my device sat in a box for 3+ years I missed out on the opportunity to upgrade and now TAC is telling me { (no contract || no warranty == no software) }, despite the fact that this device reached its EOL.
I have a custom webauth page installed that I am using with web passthrough authentication on my WLC2006 in order to put up a acceptable use policy page. The WLC uses HTTPS to display this which causes a security certificate warning to appear if I go with the WLC's own self-signed certificate. Is there a way I can get the WLC to use plain HTTP to display this page instead so I can eliminate the warning? I have already tried installing a trusted 3rd party certificate on the WLC, but I have this very strange problem where mucking with the WLC's web authentication certificate in any manner causes all network activity on the WLC to break except for CDP and ARP, essentially leaving the WLC dead. Three weeks of troubleshooting with Cisco TAC has yielded no progress on that front so now I am trying to bypass the need for a security certificate altogether since I really don't need to encrypt my acceptable use policy page.
Right now, in my network there is no proxy server and all users go straight through the ASA to access internet. I would like to put a squid with dansguardian (for web filtering). Steps in getting all http and https traffic from ASA go via my squid?
I have a customer who wants his new ASA-5520 to load balance out-going traffic between 2 ISPs, fairly normal request. Now here's the twist. He wants to separate traffic based upon the protocol used, http to one ISP, https to the other.
I have an ASA 5505 that I am using to connect my contractors to via an inside interface, the outside interface is my private LAN. I have setup on our corporate Proxy server to allow traffic from my outside interface of my ASA to go to the internet without credentials BUT log internet activity. The question is I want to know if the ASA can send that http & https traffic to my proxy server and all other traffic to my default route? I want to be able to send all internet traffic to my proxy server. This will avoid me asking the contractors to place proxy credentials in their browsers.
I have some questions about the size of the certifcates in ACE module (ACE20). Reading the following link: [URL]
I can verify this text: 4096 (high security, level 4) - For software release A2(2.4) and later in the ACE module and software release A3(2.6) and later in the ACE appliance, you can use 4096-bit SSL certificates in chaingroups and authgroups. You can also import public certificates and keys that are 4096 bits in length.
We intend to use a certificate (CA) with keys of 4096 bits and according to the text of wiki, it's possible.
But if I check the guide [URL]
Somebody that already use certificates with 4096 bits in ACE20 module?
DSL Internet Router (Dynamic IP) -> Linksys RV082 -> Firewall PC -> LAN
DSL Internet Router: 192.168.3.0/24 Linksys RV082 WAN2: 192.168.3.0/24 Linksys RV082 LAN: 192.168.5.0/24 Firewall (2 Nics): Nic1 is 192.168.5.0/24 and Nic2 is 192.168.1.0/24 LAN: 192.168.1.0/24
RV082 WAN 2: Configured with a DHCP IP Address from DSL Internet Router so it has 192.168.3.0/24 range IP. Load Balancing enabled Static Route added on RV082: 192.168.1.0 mask 255.255.255.0 gateway 192.168.5.x interface LAN Firewall PC is completely Open as i was using it before.
I had a Fortgate 60B and everything worked fine, then a bought a RV082 and now i can get this up and running properly.The thing is this....whit the actual setup i have, computers only can navigate through HTTP web pages, other ports seem to be closed, but if the Firewall PC was blocking this i guess i'll know because it shows a message on screen when a policy is being applied. If i try to open HTTPS Pages it doesnt work, Even a simple pinng to google.com doesn't work from my LAN (192.168.1.0/24), but if i connect a computer on a local port on RV082 i can PING and i can browse anywere i want.
It seems to be that Firewall PC is causing problems but i execute a tracert to [url]...., the packet get stuck in the RV082.What im thinking is that maybe the RV082 doesn't allow to go trhu at all if the traffic comes from other networks that doesn't belong to the one configured on its LAN side.By the way the Firewall PC connected to the RV082 directly navigates perfectly.
PS. The reason im using Firewall PC is because that way is much easier and flexible to handle policies for Internal users than in the RV082 Router. I use this ume basically to set up VPN IPSEC and Dual WAN Load Balancing.