Rewriter incorrectly rewriting HTML URLs and appending paths from path based multihomed proxies (with strip path enabled) that should not be rewritten

  • 7022312
  • 13-Nov-2017
  • 13-Nov-2017


Access Manager 4.2
Access Manager 4.3
Access Manager 4.4


Customer setup with 100s of path based multihomed proxy servers enabled, some of which have the "remove path on fill" flag enabled too. When accessing applications that returns references to the published DNS name of the proxy, links are rewritten incorrectly whereby paths from other proxy servers are injected into the URL links returned to the browser from the AG. 
Consider the Access Gateway configuration below:
Parent proxy :    
Child 1         : /resource (Strip path not enabled)
Child 2          : /global (Strip path enabled)
Child 3          : /imdk (Strip path not enabled)
To keep it simple, let’s assume that proxy services have same the backend as [].
Assume the published DNS name [AG-Port] for the proxy has a TCP port of "2222" with its scheme [AG-Scheme] set to http.
The html file being accessed by the users via the AG under "/resource" has hyperlinks to be

By default the following happens if published URL references are returned from the Web server to the AG

1) It will try to match "scheme+domain+port" of hyperlink with "[AG-scheme] + domain + [AG-port]" in available proxy services.
        a) Among the entries matching if we are able to find exact path match, then no rewriting(addition of path) happens.
b) If we are not able to find exact path match, then path with "remove path on fill" enabled, if any, will be appended.
2) If "scheme+domain+port" of hyperlink with "[AG-scheme] + domain + [AG-port]" in available proxy services does not matches, no rewritinghappens.

 After rewriting through AG, it becomes  --> due to 1)a)
  --> due to 1)b)
The /global path is added when users do not expect URL to be rewritten with /global path added.


Go to Access Gateway configuration and enable the "NAGDisableExternalRewrite" to avoid any addition of paths to url returned by Web server that reference the Proxy service published DNS name.


So the main reason for the above problem is the addition of key entry for published dns name(with client port and scheme) into the hash table. 
Due to some reasons it has been added in NAM 3.2 but based on an advanced option "NAGDisableExternalRewrite".