Working of WebAgent ACO parameter AllowCacheHeaders and how it effects the headers - "If-Modified-Since" and "If-None-Match"

book

Article ID: 51273

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

Why Web Agent by default removes the-"If-Modified-Since" and "If-None-Match" headers by setting the ACO parameter AllowCacheHeaders=No?

Solution:

The AllowCacheHeaders ACO parameter tells the Web Agent how to handle cache-related request headers.

Specifically, this settings tells the Agent whether or not it should remove the "if-modified-since" or "if-none-match" request headers before the Agent passes a request to the web server where it is installed. The action taken by the Web Agent affects whether or not a browser uses cached pages. Thus, removing "If-Modified-Since" headers prevents web-clients from using the cached copy of the resource.

By default, AllowCacheHeaders is set to NO as to remove the headers -"If-Modified-Since" and "If-None-Match".So that browser does not servers the cached page from its browser cache, and thus to prevent the USE of data from those cached pages if any, which use may lead security issue. Having AllowCacheHeaders set to yes will allow the USE of the browser cached sensitive data. For security reasons, the ACO parameter is set to no by default in order to not use the sensitive data from the browser cache.

Further, Irrespective of whether AllowCacheHeaders = yes or no, the Web Agent will always validate/update the SMSESSION cookie for session time out.

Environment

Release:
Component: SMAPC