Environment
NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 SP2
NetIQ Access Manager 3.2 SP2IR1
NetIQ Access Manager 3.2 SP2
NetIQ Access Manager 3.2 SP2IR1
Situation
- User running Microsoft Internet Explorer version 10 cannot login to Novell GroupWise Web Access protected by NetIQ Access Manager 3.2.
- the problem started without having any configuration changes / patches applied to either NetIQ Access Manager or Novell GroupWise Web Access.
- after posting the login form it takes about 2 minutes after the Access Gateway returns a HTTP 502 Bad Gateway error message.
- looking into LAN traces it it looks like the processed HTTP Post request has never been received at the GroupWise WebAccess server
Resolution
Excluding the NetIQ Access Manager from the Intrusion Prevention System (IPS) "FastCGI request header buffer
overflow" protection rule solved the problem.
Cause
A SNORT based Intrusion Prevention System (IPS) filtered the POST request
detecting a Microsoft Windows IIS FastCGI request header buffer
overflow attempt as documented at: http://www.snort.org/search/sid/24379.