URL modification concepts

Edit online

Pages returned to the client from back-end application servers often contain links to resources located on those servers. It is important that these URLs are constructed to correctly direct any client requests back to these resources.

For example, in a non-WebSEAL environment, the URL entered by a client for a resource on an application server might appear as follows:

http://www.example.com/file.html

WebSEAL, as a front-end reverse proxy, provides security services to back-end application servers via the WebSEAL junctioning feature. This feature requires that the original URLs to these resources be modified to include the junction information.

The standard junction feature of WebSEAL changes the server and path information that must be used to access resources on junctioned back-end systems. A link to a resource on a back-end junctioned server succeeds only if the URL contains the identity of the junction.

If this same back-end server is a junctioned server in a WebSEAL environment, the URL used to access the same resource on a junctioned back-end application server must appear as follows:

http://webseal.example.com/jct/file.html

To support the standard junction feature and maintain the integrity of URLs, WebSEAL must, where possible:

  1. Modify the URLs (links) found in responses sent to clients
  2. Modify requests for resources resulting from URLs (links) that WebSEAL could not change
Note: WebSEAL's rules and mechanisms for modifying URLs do not apply to links that point to resources external to the Verify Identity Access junctioned environment.

The following diagram summarizes the solutions available to WebSEAL for modifying URLs to junctioned back-end resources:

Figure 1. Summary: Modifying URLs to back-end resources

Summary: Modifying URLs to back-end resources