Access Gateway Service is not passing alternate hostname in reference header properly in 3.2 and 3.2ir1

  • 7010882
  • 06-Oct-2012
  • 06-Oct-2012


NetIQ Access Manager 3.2


When alternate host name is configured the Access Gateway Service (AGS/MAG) was corrupting the referrer value sent to the web server.

This became a problem because the customer was using a custom authentication method which relied on a proper referrer name to grant access to the web server.. Since the hostname was blank, the end user was getting redirected to an error page defined at the web server. There could be other symptoms depending on how the referrer is being used, but the problem is in the /opt/novell/ag/t/opt/novell/ag/lib/ library included with NAM version 3.2 and 3.2_ir1.


The issue has been reported to engineering and the issue is fixed in 3.2 support pack 1. If you are experiencing the issue and version 3.2 support pack 1 is not yet available (not available at the time this tid was authored), please contact Novell Technical Services to obtain the fixed library until sp1 becomes available.


The Access Gateway Service (AGS/MAG) was nullifying the value in memory that contained the alternate host name when passing referrer header to the Web Server.


[Fri Sep 07 08:38:18 2012] [debug] mod_deflate.c(615): AMEVENTID#1012: Zlib:

Compressed 139 to 118 : URL /Services/Brokerage.aspx, referer:


Notice the hostname is not present after referrer, e.g. http://*/

The problem is present in both 3.2 and 3.2ir1.

See additional information below for notes on configuration and duplications steps used to identify and fix the issue.

Additional Information


a) Configured alternate host name ( The published DNS name is

b) Enabled Rewrite Inbound Headers (rewriteRefererHeader) option under HTML


c) Issued the first request to

d) Then issued the request to

e) Verified the referrer header sent from MAG to web server was nullified.

1. The referrer header was

2. Then issued another request to

3. The referrer header was http://scott/stuff/

Applied fixed build of and restarted novell-apache2performed same test.

Now at step 3.e) the correct referrer id of is observed.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.