Linux Access Gateway rewriter adding rewritten strings at random offsets

  • 3433682
  • 18-Jan-2007
  • 26-Apr-2012

Environment


Novell Access Management 3 Linux Access Gateway
Origin Server DNS name is not the same as the reverse Proxy DNS name
Default rewriter setup

Situation

Accelerated a Web server with the Linux Access Gateway. When accessing this Web server via the proxy, many of the links that should appear on the origin Web server are broken.

Resolution

Apply Linux Access Gateway build 70 and upwards (available with IR1 of Novell Access Manager 3)

Additional Information

The Linux Access Gateway (LAG) rewriter component was injecting strings at the wrong offset in the HTTP stream. Taking LAN traces on either side of the proxy connection, and comparing the data, one could see the following (see below) type of string injection in the stream. The data was being rewriting correctly for the most part but occasionally, there were strings that are injected randomly as follows:

eg. the origin server may send back the following to the LAG:

< /ie:menuitem> http://insite.isa1.rna/_vti_bin/exportwp.aspx?pageurl=http%3A%2F%2Ftest%2Ddev010%3A81%2Fhome%2Easpx&guidstring='+
escape(MenuWebPartID), MenuWebPart.getAttribute('HasPers') =='true')"
type="option">

The LAG sends the following back to the browser ...

< /ie:menuitem> http://insite.isa1.rna/_vti_bin/exportwp.aspx?pageurl=http%3A%2F%2Ftest%2Ddev010%3A81%2Fhome%2Easpx&guidstring='+
escape(MenuWebPartID), MenuWebPart.getAttribute('HasPers') =='true')"
type="option">

where insite.connect.com is the reverse proxy DNS name and insite.isa1.rna is the DNS name of the origin server. The string has been added randomly overwriting the menuitem tag that was required.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.