Disable User ID Cache

For improved performance, IWSVA caches the IP address for LDAP User ID and Group relationships. This cache applies the previously authenticated User IDs to future connections originating from the same IP for as long as is specified in the cache setting. The default value is 1.5 hours.

This relationship is not supported for certain network configurations though, namely a downstream proxy. You need to disable ID Cache for the following network configurations:

client > proxy > IWSVA

client > ICAP > IWSVA

client > firewall > IWSVA

In these configurations, the User's unique IP address would be masked if this feature were enabled—IWSVA sees only the downstream proxy rather than the originating client.

• Warning: Do NOT disable user ID cache when IWSVA is in transparent mode.

To disable the User ID cache:

1. Login IWSVA CLI interface and change to enable mode.

2. Type the following command:

configure module ldap ipuser_cache disable

Explanation of related parameters:  

• ip_user_central_cache_interval—Specifies the duration for which the IP address / User ID remains valid. The default value is 1.5 hours.

• user_groups_central_cache_interval—Specifies the duration for which the User / Group relationship remains cached. The default value is 48 hours. Decrease this value if your group relationships often change.

See also

• Proxy Scan Settings