Access Gateway Appliance returns 400 "Bad request!" error processing URL with %25 in it
This document (7011672) is provided subject to the disclaimer at the end of this document.
NetIQ Access Manager 3.2 Support Pack 1 applied
Access Gateway Appliance and Access Gateway Service both have same issue
Bad request! Your browser (or proxy) sent a request that this server could not understand.
HTTP headers in response show:
(Status-Line) HTTP/1.1 400 Bad Request
Content-Type text/html; charset=iso-8859-1
Date Tue, 22 Jan 2013 11:12:40 GMT
Hitting the https://nam32app-vm.lab.novell.com/formfill/%20%20tax/ works fine (%20 url encoded version of space character).
Note that all works fine with the same URL on the 3.1 Linux Access Gateway Appliance (LAG).
There is a workaround that can be used but an time a change is applied to the configuration, the workaround will be lost. With the Apache 2.2 base code Access Manager uses,
Bflag for this purpose, allowing you to automatically escape backreferences rewritten to your URL. Adding it to your current flag list should fix the problem in that case:
RewriteRule ^.*$ formfill/$0 [B,L]
Apache in it's default mode cannot handle a %25 character in the URL. This %25 character is the URL equivalent of the % character, and the rewriter module chokes and errors out.
mod_rewritetests your URLs, they have already been decoded to their natural character format, so in this case
%25has become just
%. When you apply this rule to the example above, the backreference actually contains the literal text /formfill/% tax/,, which is not re-encoded by default. Apache has no idea what that
%is doing in your request path to/formfill/% tax/, and chokes, giving the error.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7011672
- Creation Date:22-JAN-13
- Modified Date:06-JUN-13
- NetIQAccess Manager (NAM)
Did this document solve your problem? Provide Feedback