Patrick-Dussault

Tech Tip : CA Single Sign-On : How to solve a leakage of Privileged Information when running Apache as Reverse Proxy in front of a Web Agent.

Discussion created by Patrick-Dussault Employee on Oct 7, 2016

Issue :

 

We have Apache Reverse Proxy in front of the Web Agent (Apache Reverse Proxy does not has the Web Agent running on it). We are seeing sometimes that when user1 is logged in he can see data of user2 and vice versa. How can we fix this?

 

Environment :

 

Web Agent with front end Apache 2.2 as Reverse Proxy;

 

Cause :

 

This is a known problem with Apache Reverse Proxy.

 

https://bugzilla.redhat.com/show_bug.cgi?id=617523

 

In this case, the Apache Reverse proxy causes session caching which might look like SiteMinder issue but it is not. The problem is on the Apache Reverse Proxy.

 

Resolution :

 

The problem is resolved by adding the following configuration in Apache:

 

Enable "DisableReuse" in ProxyPass directive.

 

Sample :

 

ProxyPass / http://myinternalmachine.domain.com/ disablereuse=on

 

KB : TEC565902

Outcomes