RE: Web redirect

["Burke, John E." <JEBURKE@stthomas.edu>]

Second the question!

I wanted to set up a redirect so that people off campus (on the "outside")
trying to connect to our main web pages (www.stthomas.edu, etc, all of them
in our central server room on the "inside" of the network) would get sent to
a temporary page (also on the "inside" of the Packetshaper, although not in
the central server room) because we are shutting everything down for about
12 hours while the electrical system feeding the room is rebuilt.

Of course, I wanted to test this before I tried it for the whole
/Inbound/ComputerRoom/HTTP class on the day in question, so, we picked a box
with web server that did not have any non-IT, off-campus users and tried the
redirect just for that.  We did this by setting up a sub-class called
/Inbound/ComputerRoom/HTTP/test and set the matching rule to hit for traffic
to a particular box identified by IP address.  We redirected to our main web
page.

As I read our situation, we should set this class up to match web traffic
for a server inside from any host outside, and then set up the never-admit
with redirect.  Unfortunately, when we the matching rule that way, we cannot
get the GUI to offer us the redirect option -- no drop down box, just an
unchangeable "web-refuse".  

So we commenced a huge amount of fiddling, trying this, trying that
(including:  not specifying which side the server was on;  and setting up a
class /Inbound/ComputerRoom/http-redirect-test that come before the regular
HTTP class and then trying all the variations there).  When I got really
desperate, I went to the CLI and set up combinations there that the GUI
can't seem to display, including setting up the never-admit with redirect
that was not offered on the class described in the preceding paragraph.  In
several instances, I watched as someone off campus tried to get to the test
box, saw the policy hits climb, but the redirect never worked.  I even tried
setting the class up with an admit policy based on a rate guarantee that
couldn't be met (e.g. 100% of our bandwidth) to see if not using the "never"
would help; no dice.

What am I missing?  Help!

John
++++

John Burke
University of St. Thomas
Saint Paul, Minnesota

"And though we are not now that strength which in old days moved heaven and
earth, that which we are, we are, one equal temper of heroic hearts, made
weak by time and fate but strong in will to strive, to seek, to find, and
not to yield."
	
Tennyson
-----Original Message-----
From: Kelly, Chris W. [mailto:ckelly@hsutx.edu]
Sent: Friday, November 14, 2003 10:42 AM
To: Packeteer List
Subject: Web redirect


So is there some "trick" to web-redirect?  I created a test folder, put
a class in it and made a matching rule for my IP address.  I set up a
policy for Outbound of Never Admit with a web redirect to an internal
page.  The browser just says it can't display the page, meaning it's
trying to connect to Google, which is my home page and can't find it.
The Policy is sure working, but the re-direct isn't.  I can still get to
the shaper and the web server is further inside than the shaper.  It's
not a DNS issue as I swapped the "www" part for the internal IP and
still no go.  With the policy in place, I can view the destination page.
What little detail do I seem to be missing?

-++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**
This message was posted through the Stanford mailing list server. To
subscribe/unsubscribe, send email to majordomo@lists.stanford.edu
with "subscribe packeteer-edu" or "unsubscribe packeteer-edu" as the body.
Archive
is at http://www.stanford.edu/group/networking/netlists/
-++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**
This message was posted through the Stanford mailing list server. To
subscribe/unsubscribe, send email to majordomo@lists.stanford.edu
with "subscribe packeteer-edu" or "unsubscribe packeteer-edu" as the body.  Archive
is at http://www.stanford.edu/group/networking/netlists/