7020722: “Error on DNS mismatch” Access Gateway setting fails to work as expected in NAM 4.3 when disabled

Access Gateway (AG) Administrator wants multiple DNS names to resolve to the IP address of a proxy service. To avoid any errors sent back to users, the option for Web server configuration under the AG proxy has an option ‘Error on DNS mismatch’ which is enabled by default. Whenever a HTTP request comes into this proxy server where the HTTP host header does not match the published DNS name of the proxy service, an error will be returned by default.

To avoid this in the above use case, the ‘Error on DNS mismatch’ flag was disabled, enabling users with different Host HTTP headers resolving to this proxy service to be handled without error. Making these changes however always triggers the 403 error on browser eg.

– create an RP with valid name eg. www.novell.com

– under web server config, disable the ‘error on DNS mismatch’ flag

– under web server config, select to forward web server hostname

– modify /etc/hosts so that www2.novell.com resolves to IP address of above RP

– access the www2.novell.com hostname and confirm you see 403 mismatch error

Related:

Leave a Reply