Environment
Novell Access Management 3 Linux Access Gateway
Access Manager 3 Interim release 1 (nam3ir1.tar.gz) applied
Situation
Configured a reverse proxy listening on a specific IP address e.g.
10.1.1.1. This resolved to a DNS host entry of www.mylag.com. Under
the Web settings for this reverse proxy, the option "DNS Error for
hostname mismatch" was disabled so that no error would be returned
if a browser generated a Host header in the request to the revers
proxy that did NOT patch the DNS name of the service.
When another DNS host entry was added e.g. www.mylag2.com that also resolved to the 10.1.1.1 IP address, and a browser request for http://www.mylag2.com was generated, the following error was returned indicating that the above DNS hostname mismatch setting did not work.
Your request cannot be processed for this multi-homed web site because the specified host could not be located.
When another DNS host entry was added e.g. www.mylag2.com that also resolved to the 10.1.1.1 IP address, and a browser request for http://www.mylag2.com was generated, the following error was returned indicating that the above DNS hostname mismatch setting did not work.
Your request cannot be processed for this multi-homed web site because the specified host could not be located.
Status Description: 500 Internal Server Error
If this condition persists, please contact
your network adminstrator.
Resolution
Fixed in 3.0 SP2.
To workaround the issue, make sure there are no entries in the DNS database that map multiple reverse proxy service host entries to the same IP address.
Note that the NetWare Access Gateway does not have this issue.
To workaround the issue, make sure there are no entries in the DNS database that map multiple reverse proxy service host entries to the same IP address.
Note that the NetWare Access Gateway does not have this issue.
Additional Information
to dup:
1. create a Hosts file with following entries:
10.1.1.110 www.slc.da.com
10.1.1.10 www.da.com
10.1.1.10 w3.da.com
Configure Proxy Service web.da.com on 10.1.1.10 to internal web server www.slc.da.com, Web Server IP 10.1.1.110
2. disable "DNS Error for hostname mismatch"
3. create a public protected resource
4. Generate a browser request to http://www.da.com, which should be fine, but a browser request generated to http://w3.da.com incorrectly returns DNS host name mismatch error.
1. create a Hosts file with following entries:
10.1.1.110 www.slc.da.com
10.1.1.10 www.da.com
10.1.1.10 w3.da.com
Configure Proxy Service web.da.com on 10.1.1.10 to internal web server www.slc.da.com, Web Server IP 10.1.1.110
2. disable "DNS Error for hostname mismatch"
3. create a public protected resource
4. Generate a browser request to http://www.da.com, which should be fine, but a browser request generated to http://w3.da.com incorrectly returns DNS host name mismatch error.