Dear all
In my network I deployed Single-VLAN One-Armed Mode In this mode,the real server’s default gateway is the upstream router. To ensure the return
flow traverses back through the load balancer, the IP address of the client isrewritten to that of the load balancer.
Direct access web was fine ,however when open Pop-ups website will appear error Example, the figure-1 :
figure-1
When I used real Server IP address not through ACE anything will be fine. Example, the figure-2 :
figure-2
| The Web's Code |
|---|
<%@ page language="java" pageEncoding="UTF-8"%> <%@ taglib uri="/WEB-INF/hnisi.tld" prefix="hnisi"%> <%@ include file="/jsp/framework/head.jsp"%> <%@ page import="cn.sinobest.framework.util.DTOUtil,cn.sinobest.framework.util.Util,cn.sinobest.framework.util.ConfUtil" %> <% //当前登录用户 所属系统机构 String orgCode = DTOUtil.getUserInfo().getBAE001(); //操作员ID String operId = DTOUtil.getValue("OPERID"); //角色类型 String roleType = DTOUtil.getValue("ROLETYPE"); String fromFuncDesc = DTOUtil.getValue("fromFuncDesc"); //所选操作员的姓名 String sOperatorName = DTOUtil.getValue("SOPERATORNAME"); //权限树 where 条件 String whereClsTree = " rightid in ( select distinct B.RIGHTID "+ " from FW_RIGHT B"+ " left join FW_OPERATOR2RIGHT A on LOCATE(B.RIGHTID,A.RIGHTID) = 1"+ " where A.AAE100 ='1'"+ " and B.AAE100 ='1' and A.operid = '"+operId+"' "; //条件:有效角色,当前登录用户只能操作用户所属系统机构及下级机构的角色,以及上级机构的共享角色 String whereCls =" AAE100 ='1' and (BAE001 like '"+orgCode+"%' or ( IFSHARED = '1' and LOCATE(BAE001,'"+orgCode+"') = 1))"; if(!Util.isEmpty(roleType)){//角色类型 whereClsTree +=" and AUTHTYPE='"+roleType+"' "; String roleType_zdfpzj = ConfUtil.getDict("ROLETYPE", "13");//最大分配角色 if("2".equals(roleType)){//分配角色包括:分配角色、最大分配角色 whereCls += " and ROLETYPE in('"+roleType+"','"+roleType_zdfpzj+"') "; }else{ whereCls += " and ROLETYPE='"+roleType+"' "; } } whereClsTree +=" )"; %> <%-- 导航栏标签 --%> <hnisi:gNavStr /> <legend style="cursor:hand;" > <span> <img id="img_fw_authmngr_geneauth_list_grid" src="${ctx}/themes/default/images/query_icon_right.gif"> </span> <span title="单击展开或收缩"> <b><%=sOperatorName%></b>已拥有的权限树 <hnisi:tree id="menus" type="1" whereCls="<%=whereClsTree %>"/> </span> </legend> <form name="roleListForm" method="post"> <%-- 角色列表--%> <hnisi:glt id="fw_authmngr_geneauth_role" whereCls="<%=whereCls %>" /> <p align="center"> <%-- 确定按钮 --%> <hnisi:btn name="btnQuery" onclick="roleAutoOk()" value="保存" href="javascript:void(0)"/> <%-- 清除按钮 --%> <hnisi:btn name="btnCls" onclick="cls()" value="清除" href="javascript:void(0)"/> <%-- 关闭按钮 --%> <hnisi:btn name="btnClose" onclick="winClose()" value="关闭" href="javascript:void(0)"/> </p> </form> <form name="roleForm"> <input type="hidden" name="OPERID" value="<%=operId %>"/> <input type="hidden" name="ROLEIDS"> </form> <script type="text/javascript"> <!-- var orgCode ="<%=orgCode%>"; var operId ="<%=operId%>"; var roleType ="<%=roleType%>"; /** * 权限列表窗口 * @param roleId:角色ID */ function winRight(roleId){ var eventId="1";//授权事件(1 查询、2 授权) //弹出模态对话框,并加上时间戳以防止缓存 window.showModalDialog("right!left.do?EVENTID=" + eventId+"&ROLETYPE="+roleType+"&ROLEID=" + roleId+"&_t="+new Date().getTime()); } /** * 确定-保存授权信息 */ function roleAutoOk(){ $(function(){ var roleIds = ""; $.each($("input[name='checkbox']:checked"),function(i,o){ roleIds += (i==0 ? "" : ",")+o.value; }); if (roleIds == ""){ FWalert("请选择要操作的角色!"); return; } roleForm.ROLEIDS.value = roleIds; var params = FWGetForm(roleForm); if(params.ROLEIDS ==""){ FWalert("请选择要操作的角色!"); }else { var fromFuncDesc = "<%=fromFuncDesc%>"; //先进入本次权限变更列表页面,确认后再保存 var title = encodeURIComponent('授权确认');//对话框的标题 var url = "right!list.do?OPERID="+operId+"&fromFuncDesc="+fromFuncDesc+"&ROLETYPE="+roleType+"&ROLEIDS="+roleIds+"&title="+title+"&_t="+new Date().getTime(); var position="resizable:1;status:0;help:0;scroll:1;center:1;dialogWidth:800px;dialogHeight:500px"; window.showModalDialog(url,window,position); } }); } /** * 直接授权:弹出权限树窗口 */ function directAuto(){ var eventId="2";//授权事件(1 查询、2 授权) //弹出模态对话框,并加上时间戳以防止缓存 window.showModalDialog("right!left.do?EVENTID=" + eventId+"&ROLETYPE="+roleType+"&OPERID=" + operId+"&_t="+new Date().getTime()); } /** * 清除:清除已选择的角色 checkbox */ function cls(){ var c_checkbox=document.getElementsByName('checkbox'); for (i=0;i<c_checkbox.length;i++){ c_checkbox[i].checked=false; } } /** * 关闭窗口 */ function winClose(){ window.close(); } //--> </script> </body> </html> |
| The ACE's config |
|---|
`show running-config` Generating configuration.... boot system image:c4710ace-mz.A4_2_0.bin interface gigabitEthernet 1/1 switchport access vlan 100 no shutdown interface gigabitEthernet 1/2 shutdown interface gigabitEthernet 1/3 shutdown interface gigabitEthernet 1/4 switchport access vlan 3 no shutdown access-list ALL line 8 extended permit ip any any access-list allowany line 8 extended permit ip any any access-list allowany line 16 extended permit icmp any any probe icmp Ping interval 2 faildetect 2 passdetect interval 2 passdetect count 1 receive 2 probe tcp TCP6666 description RPC Client Access port 6666 interval 30 passdetect interval 60 connection term forced open 10 probe tcp TCP8888 description RPC Client Access port 8888 interval 30 passdetect interval 60 connection term forced open 1 rserver host YB1 ip address 110.43.102.241 inservice rserver host YB2 ip address 110.43.102.245 inservice rserver host YB3 ip address 110.43.102.246 inservice rserver host YB4 ip address 110.43.102.247 inservice rserver host YB5 ip address 110.43.102.248 inservice rserver host YB6 ip address 110.43.102.242 inservice serverfarm host YB01farm predictor leastconns probe TCP6666 rserver YB2 inservice rserver YB3 inservice rserver YB4 inservice rserver YB5 inservice serverfarm host YB02farm predictor leastconns probe TCP8888 rserver YB2 inservice rserver YB3 inservice rserver YB4 inservice rserver YB5 inservice parameter-map type http PRESIST-REBALANCE persistence-rebalance sticky ip-netmask 255.255.255.255 address source YB01-GRP timeout 60 replicate sticky serverfarm YB01farm sticky ip-netmask 255.255.255.255 address source YB02-GRP timeout 60 replicate sticky serverfarm YB02farm sticky http-cookie COOKIE1 STICKYYB01 cookie insert browser-expire timeout 3600 replicate sticky serverfarm YB01farm action-list type modify http IP-header header insert request X-Forwarded-For header-value "%is" class-map match-all YB01-slb-vip 2 match virtual-address 110.43.102.251 any class-map match-all YB02-slb-vip 2 match virtual-address 110.43.102.252 any class-map type management match-any remote_access description remote-access-traffic-match 2 match protocol xml-https any 3 match protocol icmp any 4 match protocol telnet any 5 match protocol ssh any 6 match protocol http any 7 match protocol https any 8 match protocol snmp any policy-map type management first-match remote_mgmt_allow_policy class remote_access permit policy-map type loadbalance http first-match YB01-slb class class-default sticky-serverfarm STICKYYB01 action IP-header policy-map type loadbalance http first-match YB02-slb class class-default sticky-serverfarm YB02-GRP action IP-header policy-map type loadbalance first-match YB6666 class class-default sticky-serverfarm STICKYYB01 action IP-header insert-http https header-value "on" policy-map multi-match client-vips class YB01-slb-vip loadbalance vip inservice loadbalance policy YB6666 loadbalance vip icmp-reply active nat dynamic 100 vlan 100 appl-parameter http advanced-options PRESIST-REBALANCE class YB02-slb-vip loadbalance vip inservice loadbalance policy YB02-slb loadbalance vip icmp-reply active nat dynamic 100 vlan 100 interface vlan 3 ip address 192.168.50.2 255.255.255.240 access-group input ALL service-policy input remote_mgmt_allow_policy no shutdown interface vlan 100 ip address 110.43.102.238 255.255.255.0 access-group input allowany nat-pool 100 110.43.102.239 110.43.102.239 netmask 255.255.255.255 pat service-policy input remote_mgmt_allow_policy service-policy input client-vips no shutdown ip route 0.0.0.0 0.0.0.0 110.43.102.112 |
