000011526 - AxM: Apache Agent 4.7: Browser is redirected to CT_ORIG_URL on the port that Apache is listening on  not the proxy port that the browser connects to.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011526
Applies ToClearTrust Web Agent Apache V4.7 Agent
Apache webserver behind a proxy
IssueAxM Apache Agent 4.7: Browser is redirected to CT_ORIG_URL on the port that Apache is listening on, not the proxy port that the browser connects to.
Browser is redirected to CT_ORIG_URL on the port that Apache is listening on, not the proxy port that the browser connects to.
CauseThe Access Manager agent queries the Apache webserver for the hostname and port to use for the requested resource. By default, Apache relies on the host: header for SERVER_NAME and SERVER_PORT
ResolutionThe host header should contain the hostname and the port that was requested by the browser. This enables the webserver to generate links to resources that the browser can resolve and connect to.

If the host header does not contain the correct information, you can override this value with a specific hostname and port that will be hardcoded in the Apache configuration.

Add the following lines to the VirtualHost section httpd.conf (apache configuration file by default)

UseCanonicalName On
ServerName www.mydomain.com:443
 
These settings will cause the agent to build the ct-orig-url based on the value of ServerName contained in the httpd.conf.

NotesNote: the webserver will also use these values for generating links so application functionality must be retested after this change. The preferred solution would be to resolve the problem with the host header.
Legacy Article IDa41598

Attachments

    Outcomes