AnsweredAssumed Answered

Apache Rewrite rules and CA siteminder

Question asked by NeerajTati on Feb 12, 2016
Latest reply on Apr 8, 2016 by Karmeng

Hi Everyone,

I am facing issue with CA agent protection when using apache rewrite rules.The problem is that rewrite rules are executed before CA Agent. So, no login page is shown, user directory goes to rewrite target page.

 

So far with my testing, I have this finding:

 

Observation:

What is working:

1. If we define rewrite rules in httpd.conf file in the directory section of htdocs (root directory), it was working properly. CA Agent was intercepting request first and then rewrite rules were executed properly. So no issues.

 

DocumentRoot "/apps/httpd/htdocs"

<Directory "/apps/httpd/htdocs">

  Options Indexes FollowSymLinks

    AllowOverride None

    Require all granted

 

RewriteCond %{REQUEST_URI} ^/apps/springd/secure$

RewriteRule ^(.*)$ /apps/springd/pages/onepass/target [L,NE,R=302]

</Directory>

 

2. If we define same rewrite rules in virtual host section, rewrite rules are working but CA Agent is not intercepting requests. We configured in below format:

 

<VirtualHost sso-per.csso.apps.net:443>

#   General setup for the virtual host

DocumentRoot "/apps/httpd/htdocs"

#ServerName SSRWEBL001:443

ServerName sso-per.csso.apps.net:443

ServerAdmin admin_test@example.com

#ErrorLog "/apps/httpd/logs/apache24_error_log"

ErrorLog "| /apps/httpd/bin/rotatelogs logs/apache24_error_log-%d-%m-%Y 86400"

#TransferLog "/apps/httpd/logs/apache24_access_log"

 

RewriteCond %{REQUEST_URI} /apps/springd/secure$

RewriteRule ^(.*)$ /apps/springd/pages/onepass/target [L,NE,R=302]

 

</VirtualHost>

 

Queries:

1. Would you know of a possible reason why CA agent is not able to intercept when rewrite rules are configured in virtual host?

2. And how CA Agent takes precedence over rewrite rules when rules are defined in httpd.conf directory section?

 

Environment details:
Web server OS : RHEL 6.6/64 bit

Web server : Apache 2.4.1/64 bit

Web Agent : R12.52SP1CR0

Policy server : R12.52SP1CR0

 

Thanks.

Regards,

Neeraj Tati

Outcomes