request-match
Use this entry to define the pattern to be matched against the HTTP request line, which includes method, URI, and protocol.
Syntax
request-match = {request|preazn|postazn|postauthn|response}:<request-line>Description
This entry defines the pattern to be matched against the HTTP request line, which includes method, URI, and protocol.
You can also match a request by using a host header. Use this option to
selectively enable this function for a particular virtual host junction. To selectively match an
entry based on a particular host header, add a prefix to the <request-line>
with the string [<host>].
When you are defining the
request-match entry, you also need
to define the stage in the processing flow at which the rule is triggered. The following table lists
the supported options:| Option | Description |
|---|---|
request |
The rule is triggered when the request is first received by WebSEAL. Credential attributes are not available at this stage in the processing flow. |
preazn |
The rule is triggered immediately before the standard authorization decision logic. It can be used to implement your own Lua based authorization decisions. This stage is only valid for Lua scripts. |
postazn |
The rule is triggered immediately after the authorization decision is made. |
postauthn |
The rule is only triggered after an authentication event. It can be used to add extended
attributes to the credential. Note: The request-match is made against the name
of the authentication mechanism rather than the HTTP request line. The name of the authentication
mechanism is located within the AZN_CRED_AUTH_METHOD attribute of an authenticated
credential. |
response |
The rule is triggered after the response has been received from the junction. |
Options
- [request |preazn|postazn|postauthn|response]
- Determines the location in the processing flow at which the rule is to be triggered. This value can be request, preazn, postazn, postauthn, or response.
- request-line
- Contains the request line to be matched against. The pattern matching is case-sensitive. You can
use wildcard characters
*
?
Usage
This stanza entry is optional.
You can specify multiple entries if needed.
Default value
None.
Example
request-match = request:GET /index.html HTTP/1.1
request-match = postazn:GET /jct/* *
request-match = response:[www.ibm.com]GET /login/*
request-match = postauthn:password