Layer 7 Access Management

Tech Tip : CA Single Sign-On : How to solve a leakage of Privileged Information when running Apache as Reverse Proxy in front of a Web Agent.

  • 1.  Tech Tip : CA Single Sign-On : How to solve a leakage of Privileged Information when running Apache as Reverse Proxy in front of a Web Agent.

    Posted 10-07-2016 04:41 AM

    Issue :

     

    We have Apache Reverse Proxy in front of the Web Agent (Apache Reverse Proxy does not has the Web Agent running on it). We are seeing sometimes that when user1 is logged in he can see data of user2 and vice versa. How can we fix this?

     

    Environment :

     

    Web Agent with front end Apache 2.2 as Reverse Proxy;

     

    Cause :

     

    This is a known problem with Apache Reverse Proxy.

     

    https://bugzilla.redhat.com/show_bug.cgi?id=617523

     

    In this case, the Apache Reverse proxy causes session caching which might look like SiteMinder issue but it is not. The problem is on the Apache Reverse Proxy.

     

    Resolution :

     

    The problem is resolved by adding the following configuration in Apache:

     

    Enable "DisableReuse" in ProxyPass directive.

     

    Sample :

     

    ProxyPass / http://myinternalmachine.domain.com/ disablereuse=on

     

    KB : TEC565902