Description:
I am running Web Agent as Reverse Proxy.
In order to limit the size of the request going to a backend server, I have configured the Web Agent with the following:
DisableAuthSrcVars to yes DisableSessionVars to yes DisableUserVars to yes
But, I still see the SMIDENTITY cookie sent to the backend Application Server. Is it possible to make this cookie not sent to the backend server?
Solution:
You still see the SMIDENTITY sent to the backend server because the SMIDENTITY is a cookie.
The difference between HTTP header variables and HTTP cookie variables are that the HTTP header variables are maintained by the Server, and the HTTP cookie variable, even produced first by the Server, are sent by the browser.
Considering this, as you have seen in your architecture, the SMIDENTITY cookie cannot be blocked as per setting:
DisableAuthSrcVars to yes DisableSessionVars to yes DisableUserVars to yes
which are maintained by the Server.
The only way not to get it passed to the backend Application Server, is to disable it as per tech note:
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=TEC457849.
There is no way to keep it enabled, and to block it then to be passed to the backend server.