search cancel

Possible issue with sm_module and mod_proxy

book

Article ID: 203007

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

We have a Siteminder protected Apache web server that reverse proxies to an Atlassian Confluence server in the backend. The application allows users to create posts with file attachments. However, for large attachments we see a timeout issue occurring and the upload failing. For smaller uploads, usually within 20 seconds, it mostly succeeds. After extensive testing on multiple platforms (Solaris and Linux) the following observations were made:

1. If the attachment size is small (around 10 MB) or the upload happens within around 20 seconds - it succeeds

2. If the Webagent is disabled - it has no effect, large uploads still fails so the policy or agent configuration doesn't seem to be the issue

3. If the Siteminder module is unloaded - it succeeds, even with very large files taking many minutes, no questions asked.

I am suspecting some sort of conflict between libmod_sm24.so and mod_proxy.so

Logs for all these use-cases have been attached, also the configuration files

 

Environment

Release : 12.7

Component : SITEMINDER -WEB AGENT FOR APACHE

Resolution

proxy-sendchunks or proxy-sendchunked
This is the opposite of proxy-sendcl. It allows request bodies to be sent to the backend using chunked transfer encoding.
This allows the request to be efficiently streamed, but requires that the backend server supports HTTP/1.1.

https://httpd.apache.org/docs/2.4/mod/mod_proxy_http.html