400 Bad Request error returned to browsers when accessing Linux Access Gateway Appliance

  • 7008993
  • 14-Jul-2011
  • 26-Apr-2012

Environment

Access Manager 3.1 Support Pack 3 applied
Access Manager 3.1 Linux Access Gateway (LAG) Appliance
LAG under heavy load

Situation

Linux Access Gateway Appliance (LAG) setup to accelerate multiple applications whichinvolves all sort of transactions including public, protected, identity injection policy evaluation, formfill policy evaluation, and authorization policy access. After applying Access Manager 3.1 SP3, users randomly started reporting 400 bad request errors on their browsers. It did not seem to be specific to one application but to all applications, and once the issue occured, the only option was to restart the "/etc/init.d/novell-vmc restart" services as all subsequent users accessing that URL would get the error.

Resolution

Apply Access Manager 3.1 SP3 IR2 (build 3.1.3-292) or greater.

The issue is related to the use of the 'If-None-Match:' HTTP header that lag is sending to the webserver. When the size of such a header was greater than a predefined 32 bytes, the cache became corrupted and all subsequent users accessing that URL would see this error.