Access Gateway custom error handling with no backend host
search cancel

Access Gateway custom error handling with no backend host


Article ID: 272532


Updated On:


SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder)



Customer is using Access Gateway for authentication and federated web services only, and as such there are no backend hosts behind the proxy.  Customer wants to know how they can still leverage Access Gateway's custom error handling in case it receives a request for a non-existent resource.



Release : All



Update proxyrules.xml so the default forward rule has something like the following destination:$0

where is a valid virtual host address and /default is a folder that does not exist.

Update the Apache httpd.conf with this line:
JkUnMount /default/* ajp13

Update server.conf with:
custom error pages "yes"

Add the root CA certificate that signed the Apache SSL certificate (along with any intermediate CA certs if the SSL cert was not signed by the root CA) to Tomcat's ca-bundle.cert file (this allows Access Gateway proxy to make backend connections to itself).

This configuration allows all existing use cases to work while allowing custom error handling for requests for non-existent files.  The way it works is a request is received by Apache for the one valid virtual host.  The request is for a non-existent file, so a 404 error is expected.  The request also doesn't match any of the configuration for .fcc files or any other locally served resources.  This causes Access Gateway to proxy the request to  Since this request is for a non-existent file, Apache, serving as the backend host, throws a 404 error, and with custom error pages turned on, Apache reads the file to take the custom action configured for a 404 error (in the file you can either display custom text in the default error page or redirect the user to any valid URL).