Environment
Novell Access Manager
Novell Access Manager 3.1 Netware Access Gateway
Situation
When setting up a path based accelerator behind SSL, with no SSL from LAG to back-end webserver, an issue appears where the port is not removed from the client requests.
The following example shows the issue - note that the web server
(ncsles10.lab.novell.com) is listening on TCP 8080 but is being accelerated at
the proxy (lag129.lab.novell.com) on TCP 443.
1. Client sends a request to the proxy. The proxy forwards the request
as
GET /servlets-examples/ HTTP/1.1
Host: ncsles10.lab.novell.com:8080
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-applicati
on, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: en-US,en-IE;q=0.5
Ua-Cpu: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.
5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Cookie: novell_language=en-us; CoreID6=23495995982212440449949; __utma=64695856.419410920.1252432782.1252432782.125243
2782.1; __utmz=64695856.1252432782.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Via: 1.1 lag129.lab.novell.com (Access Gateway 3.1.1-247)
Host: ncsles10.lab.novell.com:8080
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-applicati
on, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: en-US,en-IE;q=0.5
Ua-Cpu: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.
5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Cookie: novell_language=en-us; CoreID6=23495995982212440449949; __utma=64695856.419410920.1252432782.1252432782.125243
2782.1; __utmz=64695856.1252432782.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Via: 1.1 lag129.lab.novell.com (Access Gateway 3.1.1-247)
2. Get a response back from the Web server referencing objects on TCP
8080
Status: 200 OK
ETag: W/"5035-1204851982000"
Last-Modified: Fri, 07 Mar 2008 01:06:22 GMT
Content-Type: text/html
Content-Length: 5035
Date: Tue, 17 Nov 2009 15:59:42 GMT
Server: Apache-Coyote/1.1
ETag: W/"5035-1204851982000"
Last-Modified: Fri, 07 Mar 2008 01:06:22 GMT
Content-Type: text/html
Content-Length: 5035
Date: Tue, 17 Nov 2009 15:59:42 GMT
Server: Apache-Coyote/1.1
// snippet of HTML code
<td
VALIGN=TOP WIDTH="30%"><a href="http://ncsles10.lab.novell.com:8080/servlet/HelloWorldExample"><img SRC="http://ncsles10.lab.novell.com:8080/images/execute.gif"HSPACE=4 BORDER=0 align=TOP></a><a href="http://ncsles10.lab.novell.com:8080/servlet/HelloWorldExample">Execute</a></td>
<td WIDTH="30%"><a href="http://ncsles10.lab.novell.com:8080/servlet/helloworld.html"><img SRC="http://ncsles10.lab.novell.com:8080/images/code.gif"HSPACE=4 BORDER=0 height=24 width=24 align=TOP></a><a href="http://ncsles10.lab.novell.com:8080/servlet/helloworld.html">Source</a></td>
</tr>
<td WIDTH="30%"><a href="http://ncsles10.lab.novell.com:8080/servlet/helloworld.html"><img SRC="http://ncsles10.lab.novell.com:8080/images/code.gif"HSPACE=4 BORDER=0 height=24 width=24 align=TOP></a><a href="http://ncsles10.lab.novell.com:8080/servlet/helloworld.html">Source</a></td>
</tr>
3. Response from LAG back to browser
HTTP/1.x 200 OK
ETag: W/"5035-1204851982000"
Last-Modified: Fri, 07 Mar 2008 01:06:22 GMT
Date: Tue, 17 Nov 2009 16:13:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html
Content-Length: 5035
Cache-Control: no-store, no-cache
Via: 1.1 lag129.lab.novell.com (Access Gateway 3.1.1-247)
ETag: W/"5035-1204851982000"
Last-Modified: Fri, 07 Mar 2008 01:06:22 GMT
Date: Tue, 17 Nov 2009 16:13:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html
Content-Length: 5035
Cache-Control: no-store, no-cache
Via: 1.1 lag129.lab.novell.com (Access Gateway 3.1.1-247)
// snippet of HTML code
<td>Hello World</td>
<td VALIGN=TOP WIDTH="30%"><a href="http://ncsles10.lab.novell.com:8080/servlet/HelloWorldExample"><img SRC="http://ncsles10.lab.novell.com:8080/images/execute.gif"HSPACE=4 BORDER=0 align=TOP></a><a href="http://ncsles10.lab.novell.com:8080/servlet/HelloWorldExample">Execute</a></td>
<td WIDTH="30%"><a href="http://ncsles10.lab.novell.com:8080/servlet/helloworld.html"><img SRC="http://ncsles10.lab.novell.com:8080/images/code.gif"HSPACE=4 BORDER=0 height=24 width=24 align=TOP></a><a href="http://ncsles10.lab.novell.com:8080/servlet/helloworld.html">Source</a></td>
</tr>
<td VALIGN=TOP WIDTH="30%"><a href="http://ncsles10.lab.novell.com:8080/servlet/HelloWorldExample"><img SRC="http://ncsles10.lab.novell.com:8080/images/execute.gif"HSPACE=4 BORDER=0 align=TOP></a><a href="http://ncsles10.lab.novell.com:8080/servlet/HelloWorldExample">Execute</a></td>
<td WIDTH="30%"><a href="http://ncsles10.lab.novell.com:8080/servlet/helloworld.html"><img SRC="http://ncsles10.lab.novell.com:8080/images/code.gif"HSPACE=4 BORDER=0 height=24 width=24 align=TOP></a><a href="http://ncsles10.lab.novell.com:8080/servlet/helloworld.html">Source</a></td>
</tr>
Resolution
In the Host Header drop down box under the Web Servers tab for the reverse proxy, do not use "Forward Received Hostname", but rather use "Web Server Hostname" as this setting will re-write the DNS name & Port correctly.