IBM Security Verify

Hi

Our hope is to offload Liberty Runtime from serving static content most of the time.

We are trying to have WebSEAL content-cache capability store in memory cache static content for an InfoMap deployed on Liberty Runtime behind a junction (such as /mga/sps/static/IBMSecurityLogo.gif).

We have set the following in WebSEAL (cache all images up to 1 hour):

[content-cache]

image/* = memory:5000:3600

While repeatedly accessing https://websealserver/mga/sps/static/IBMSecurityLogo.gif we are tracing with pdweb.debug and seeing that despite the configured content-cache, we still see WebSEAL connecting to the (remote) Liberty Runtime to retrieve the static file. Here is the Liberty Runtime response (200):

2022-03-04-18:48:58.420-05:00I----- thread(22) trace.pdweb.debug:2 /build/isam/src/i4w/pdweb/webseald/ras/trace/debug_log.cpp:285: ----------------- PD <=== BackEnd -----------------

Thread 22; fd 258; local 1.2.3.4:42412; remote 4.3.2.1:443

HTTP/1.1 200 OK

content-language: en-US

content-length: 6647

content-type: image/gif

date: Fri, 04 Mar 2022 23:48:58 GMT

server: IBM Security Access Manager

There seemed to be no response headers that would have WebSEAL invalidate the content cache or refuse to store the content in the cache.

The static file is not recent:

-rw-------. 1 someuser users 6647 Feb 21 16:00 IBMSecurityLogo.gif

Any ideas ?

https://www.ibm.com/docs/en/sva/10.0.0?topic=configuration-content-caching

------------------------------
Sylvain Gilbert
------------------------------

Hi

Our hope is to offload Liberty Runtime from serving static content most of the time.

We are trying to have WebSEAL content-cache capability store in memory cache static content for an InfoMap deployed on Liberty Runtime behind a junction (such as /mga/sps/static/IBMSecurityLogo.gif).

We have set the following in WebSEAL (cache all images up to 1 hour):

[content-cache]

image/* = memory:5000:3600

While repeatedly accessing https://websealserver/mga/sps/static/IBMSecurityLogo.gif we are tracing with pdweb.debug and seeing that despite the configured content-cache, we still see WebSEAL connecting to the (remote) Liberty Runtime to retrieve the static file. Here is the Liberty Runtime response (200):

2022-03-04-18:48:58.420-05:00I----- thread(22) trace.pdweb.debug:2 /build/isam/src/i4w/pdweb/webseald/ras/trace/debug_log.cpp:285: ----------------- PD <=== BackEnd -----------------

Thread 22; fd 258; local 1.2.3.4:42412; remote 4.3.2.1:443

HTTP/1.1 200 OK

content-language: en-US

content-length: 6647

content-type: image/gif

date: Fri, 04 Mar 2022 23:48:58 GMT

server: IBM Security Access Manager

There seemed to be no response headers that would have WebSEAL invalidate the content cache or refuse to store the content in the cache.

The static file is not recent:

-rw-------. 1 someuser users 6647 Feb 21 16:00 IBMSecurityLogo.gif

Any ideas ?

https://www.ibm.com/docs/en/sva/10.0.0?topic=configuration-content-caching

------------------------------
Sylvain Gilbert
------------------------------

Scott,

As you stated elsewhere, the pdweb.wan.cache trace (once activated) indicated that the resource could not be saved in webseal content cache because the junction serving the content is likely configured to supply some type of identity header. In this circumstances, caching is disabled.

2022-03-07-01:02:00.085-05:00I----- thread(82) trace.pdweb.wan.cache:8 /build/isam/src/i4w/pdweb/webseald/http/filters/modules/doccache/cache-filter.cpp:778: [10.189.40.234] lprepareToCache [/HTTPS/isam/sps/static/IBMSecurityLogo.gif]: not caching because request has auth

To over-ride this behavior one needs to attach a POP to the junction which has the following attribute set: 'DocumentCacheControl=public'.

Once I've applied this configuration strategy, the static content served by the Liberty Runtime is now cached by WebSEAL.

Thanks for your help.

Hi

Our hope is to offload Liberty Runtime from serving static content most of the time.

We are trying to have WebSEAL content-cache capability store in memory cache static content for an InfoMap deployed on Liberty Runtime behind a junction (such as /mga/sps/static/IBMSecurityLogo.gif).

We have set the following in WebSEAL (cache all images up to 1 hour):

[content-cache]

image/* = memory:5000:3600

While repeatedly accessing https://websealserver/mga/sps/static/IBMSecurityLogo.gif we are tracing with pdweb.debug and seeing that despite the configured content-cache, we still see WebSEAL connecting to the (remote) Liberty Runtime to retrieve the static file. Here is the Liberty Runtime response (200):

2022-03-04-18:48:58.420-05:00I----- thread(22) trace.pdweb.debug:2 /build/isam/src/i4w/pdweb/webseald/ras/trace/debug_log.cpp:285: ----------------- PD <=== BackEnd -----------------

Thread 22; fd 258; local 1.2.3.4:42412; remote 4.3.2.1:443

HTTP/1.1 200 OK

content-language: en-US

content-length: 6647

content-type: image/gif

date: Fri, 04 Mar 2022 23:48:58 GMT

server: IBM Security Access Manager

There seemed to be no response headers that would have WebSEAL invalidate the content cache or refuse to store the content in the cache.

The static file is not recent:

-rw-------. 1 someuser users 6647 Feb 21 16:00 IBMSecurityLogo.gif

Any ideas ?

https://www.ibm.com/docs/en/sva/10.0.0?topic=configuration-content-caching

------------------------------
Sylvain Gilbert
------------------------------