Web Agent :: Useserverrequestip : AgentName

Document ID : KB000051247
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

On virtual Web servers, when IP addresses and host names are used to resolve the Agent name, the Web Agent can potentially use an incorrect value for AgentName to evaluate the request. This situation would allow unauthenticated users to access protected resources.

However, if you configure the Useserverrequestip parameter, the Web Agent resolves AgentName based on the actual IP Address and protects these resources. If the Web server is configured to use IP addresses for virtual server mappings, set Useserverrequestip to yes. The Web Agent resolves the AgentName based on the physical IP address of the virtual server, which means that the correct rules and policies are applied. Which means that if Web server is configured to use IP addresses for virtual server mappings then 'useserverrequestip' must have been set to 'yes' should have worked.

But this is not the case and it still does not work on my environment. Why?

Solution:

If you set 'useserverrequestip' to yes, then you have to set AgentName with ip address, plus the port number as x.x.x.x:zzzz.
An IP within itself is not unique but IP + port is unique and will point to a single AgentName rather than multiple one.