IBM expert Ori Pomerantz has been securing computer networks (and showing others how to do it too) since 1995. Pomerantz joined IBM in 2003 and since then, he has written classes on several IBM security products, including IBM Security zSecure™. He is also a co-author of the IBM Press publication Mainframe Basics for Security Professionals: Getting Started with RACF, 2007. In this whitepaper, Pomerantz explains how to use the WebSEAL server to obtain HTTP connections traces as well as how to interpret the traces.
See Download for the full white paper. The following sections outline what you will learn in the full whiatepaper.
Why you want to trace HTTP connections
WebSEAL is an HTTP proxy that receives an HTTP connection from a browser. If an action is authorized, WebSEAL opens a separate HTTP connection to the back-end server. WebSEAL does not just transfer the information from one connection to the other, it also modifies the URL to interpret junctions. It adds information to the HTTP header for the back-end connection and cookies for the front-end connection. Those changes can cause problems.
The easiest way to trace them is to look at the HTTP connections.
The steps you'll learn
Pomerantz covers the following instructions in this paper:
- Creating HTTP header traces.
- Exploring HTTP header traces. WebSEAL changes HTTP headers and you can discover problems by tracing those changes. In the trace, you can explore requests and responses to, from, and for such elements as browsers, authentication, back ends, and additional information.
- An example on using HTTP header traces.
Pomerantz also covers exploring message body traces too: Creating them, interpreting them, and using them.
Explore the topics and technologies in this article:
- WebSEAL is a high performance, multi-threaded web server that applies fine-grained security policy to the Tivoli Access Manager protected web object space.
- IBM Tivoli Access Manager for e-business Version 6.1.1 provides an access control management solution to centralize network and application security policy for e-business applications.
- Explore the IBM Security Framework for cutting-edge knowledge on IT security issues.
- Start your journey to implement IT security through pragmatic, intelligent, and risk-based practices at Security on developerWorks.
- Follow developerWorks on Twitter.
- Watch developerWorks on-demand demos ranging from product installation and setup demos for beginners, to advanced functionality for experienced developers.
Get products and technologies
- Evaluate IBM products in the way that suits you best: Download a product trial, try a product online, or use a product in a cloud environment.
- Get involved in the developerWorks Community. Connect with other developerWorks users while exploring the developer-driven blogs, forums, groups, and wikis.
Dig deeper into Security on developerWorks
Get samples, articles, product docs, and community resources to help build, deploy, and manage your cloud apps.
Pragmatic, intelligent, risk-based IT Security practices.
Software development in the cloud. Register today to create a project.
Evaluate IBM software and solutions, and transform challenges into opportunities.