[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Solved? - Web Redirect with an "exception" to go to windowsupdate.com??

To: "'Lang, Michael'" <mike.lang@uconn.edu>, <packeteer-edu@lists.Stanford.EDU>
Subject: RE: Solved? - Web Redirect with an "exception" to go to windowsupdate.com??
From: "Doug Fong" <dmf@sfsu.edu>
Date: Thu, 11 Dec 2003 16:42:42 -0800
Cc: <chmorl@wm.edu>
In-reply-to: <F173A06EB33D584DBBD9BB8B79622CB7B2B35E@pacific.housing.sfsu.edu>
Sender: owner-packeteer-edu@lists.Stanford.EDU
Thread-index: AcPAI/cM+LGN20JwQWyCV71Cq1UG2gAH6WXQ

Hi, you can do the exact same thing using two classes (one of the two is an
exception class) on the inbound side only by following the instructions
after my signature.

The only thing I did differently to make windowsupdate work is to add
additional matching rules to the HTTP-Redirected Class.
The key ingredients that made mine work was following step 3.

 3 - Create a Security child class named 'pass-through'.  My class has 5
matching rules to allow windows update and symantec (we use their
antivirus).  The matching rules are for the 'http (web)' protocol, 'Outside
Location' and have a criterion 'Host DNS Name or IP Address' with the
following hosts:

*.microsoft.com
*.windowsupdate.com

I didn't need to add SSL, but there's a possibility I used 'any' as the
service for HTTP-Redirected. But I don't remember.
Anyhow, I was able to make mine work without creating classes on the
OUTBOUND side.

Anti-virus is downloaded from our sfsu.edu site which still works, updates
also seem to function and yes, the web re-direct is still functioning :-D

-
Doug Fong
http://userwww.sfsu.edu/~dmf
Information Technology, San Francisco State University
4th Degree BJJ Purple Belt (Charles Gracie)

-----Original Message-----
From: owner-packeteer-edu@lists.Stanford.EDU
[mailto:owner-packeteer-edu@lists.Stanford.EDU] On Behalf Of Christopher Ihm
Sent: Thursday, October 16, 2003 12:18 PM
To: packeteer-edu@lists.Stanford.EDU; dax@resnet.ucsb.edu
Subject: Re: Redirecting web traffic per IP

At http://support.packeteer.com select Search Tech Info Library (TIL), then
query for "redirect".  First item copied-and-pasted below.  I use this with
what we call a "Grim Reaper" page
(http://www.dowling.edu/tech/wormblock.htm) pointing to local copies of
disinfection software.  Others on this list have told us how to use php and
web forms to somewhat automate the adding and removing of users from the
hostlists, but I just use the CLI:  hl add wormblock 192.168.2.123 and hl
del wormblock 192.168.2.123 .

=================================

How do I redirect certain hosts to a specific web page? 
 
  Background
  I want to create a class that redirects certain hosts to a specific web
page. These hosts are ones that are doing excessive Inbound HTTP traffic --
running P2P applications and uploading copyrighted files. We want to
redirect each of these users to a specific web page that informs the user
that his machine is being blocked and explains who to contact to resolve the
problem.

The hosts are inside of PacketShaper and are clients that go to websites
outside of PacketShaper. 
 
  Answer
  To do this, you must create two classes: one that redirects the hosts and
the other to classify traffic to the redirected website.

Note: This is different than redirecting a specific website to another
website since this requires only one class with a never-admit/redirect
policy.

1. Create an Inbound HTTP-based class that specifies a host list containing
the IP addresses you want to redirect.

Class Name: HTTP-Never-admit
Protocal Family: IP
Service Type: HTTP
Server location: Any
Inside Hostlist: Create a host list name and add the hostnames or IP
addresses you want to redirect.

2. Add a never-admit policy to the HTTP-Never-admit class you just created
and select the web-redirect option. For the Redirect-URL, specify the
website address you want to redirect to. This has to be the complete URL,
for example: http://www.packeteer.com.

3. Create the class based on the IP address of the webserver traffic will be
redirected to.

Class Name: HTTP-Redirected
Protocol Family: IP
Service Type: HTTP
Server Location: outside (or inside depending on the location of the web
server)
Address: IP address of the webserver (inside or outside depending on the
location of the web server)

4. Change the HTTP-Redirected class to an exception so it appears above the
HTTP-never-admit class in the traffic tree.
 




 

-++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**
This message was posted through the Stanford mailing list server. To
subscribe/unsubscribe, send email to majordomo@lists.stanford.edu
with "subscribe packeteer-edu" or "unsubscribe packeteer-edu" as the body.  Archive
is at http://www.stanford.edu/group/networking/netlists/

Prev by Date: Solved? - Web Redirect with an "exception" to go to windowsupdate.com??
Next by Date: RE: Solved? - Web Redirect with an "exception" to go to windowsupdate.com??
Previous by thread: Solved? - Web Redirect with an "exception" to go to windowsupdate.com??
Next by thread: RE: Solved? - Web Redirect with an "exception" to go to windowsupdate.com??
Index(es):
- Date
- Thread