IBM Support

Handling 302 redirect error message in a Web Application Firewall

Technote (troubleshooting)


Problem(Abstract)

DataPower is preventing POST based HTTP redirect in accordance with RFC and displays this as part of the error in the logs:

Redirect and failed due to non idempotent request method. (RFC 2616 sec 10.3)

Symptom

This technote pertains to the following errors.

Example 1: This example shows the service getting the following message: a Backside header failed to parse due to: Failed to establish a backside connection with a HTTP Redirect and failed due to non idempotent request method. (RFC 2616 sec 10.3) message.

web-application-firewall (CookieEncrypt): Backside header failed to
parse due to: Failed to establish a backside connection
12:20:53 webapp-firewall warn 60452 10.176.3.97 HTTP Redirect from
'http://10.176.3.97:8080/cgi-bin/WebObjects.exe/IndvGate.woa/5/wo/2jHo28
QYOlhC2RZ1XQ15DE5OKo8/0.1.2.27.3.SecureSignOn.1' failed due to non
idempotent request method. (RFC 2616 sec 10.3)

Example 2: This example shows an HTTP response code 302,HTTP Redirect and failed due to non idempotent request method - RFC 2616 sec 10.3 message.

Wed May 21 2008 10:39:11 [mpgw][info] mpgw(ECP-MPGW):
tid(369602)[9.65.237.170]: HTTP response code 302 for
'http://9.65.237.170:8080/forum/ucplogin.php?mode=login'
Wed May 21 2008 10:39:11 [mpgw][warn] mpgw(ECP-MPGW):
tid(369602)[9.65.237.170]: HTTP Redirect from
'http://9.65.237.170:8080/forum/ucplogin.php?mode=login' failed due to
non idempotent request method - RFC 2616 sec 10.3.
Wed May 21 2008 10:39:11 [mpgw][error] mpgw(ECP-MPGW):
tid(369602)[9.65.237.170]: Backside header failed to parse due to:
Failed to establish a backside connection


Cause

302,HTTP Redirect and failed due to non idempotent request method - RFC 2616 sec 10.3 message.

This is caused by the adherence to the HTTP RFC 2616 by the Datapower Appliance.
For additional information on the RFC you may see this page RFC2616


Environment

WebSphere DataPower XI50 and XS40

Diagnosing the problem

Backside header failed to parse due to: Failed to establish a backside connection failed due to non idempotent request method. (RFC 2616 sec 10.3)

Resolving the problem

To resolve the issue, the IBM WebSphere DataPower SOA appliance web application firewall can be configured to handle these "302 Redirects". Follow the steps outlined in the attached document that explain how to configure a web application firewall to handle the redirects using the attached ResetLocation.xsl stylesheet. With the specified edit for your environment, this file will handle most simple use cases and may also be edited to handle any additional requirements for your specific business solution.

sampleForRedirects.docResetLocation.xsl

Cross reference information
Segment Product Component Platform Version Edition
Business Integration WebSphere DataPower XML Security Gateway XS40 Not Applicable Firmware 4.0.1, 3.8.2, 3.8.1, 3.8, 3.7.3 Edition Independent
Business Integration WebSphere DataPower SOA Appliances General Firmware 4.0.1, 3.8.2, 3.8.1, 3.8, 3.7.3 Edition Independent

Document information

More support for: WebSphere DataPower Integration Appliance XI50

Software version: 3.8.2, 4.0.1, 4.0.2

Operating system(s): Firmware

Software edition: All Editions

Reference #: 1318593

Modified date: 30 June 2010