HTTP transformations

You can modify HTTP requests and responses as they pass through WebSEAL with HTTP transformation rules. XSLT or Lua scripting is used for this function. You can trigger specific rules with a Protected Object Policy (POP) or a request line pattern match.

WebSEAL processes the rule as a Lua script if the name of the resource file ends with a .lua extension. All other files are treated as an XSLT rule.

WebSEAL administrators can configure the following modifications. You can apply these transformations to HTTP requests and HTTP responses (except where otherwise noted):

  • Add a header
  • Remove a header
  • Modify an existing header
  • Add a cookie
  • Remove a cookie
  • Modify an existing cookie
  • Modify the URI (request only)
  • Modify the method (request only)
  • Modify the HTTP version
  • Modify the HTTP status code (response only)
  • Modify the status reason (response only)
  • Add a body (for XSLT on the response only)
  • Modify the authorization object name (request only)
  • Modify the ACL bits used in the authorization decision (request only)
  • Filter the request from the request log (request only)
Note:
  1. With XSLT rules it is not possible to modify the body of the request or response. It is however possible to do this with Lua rules.
  2. You cannot modify cookies or headers that are inserted by WebSEAL. For example, the Host, iv-user, and iv-creds junction headers.