HTTP transformations

You can modify HTTP requests and responses as they pass through WebSEAL with HTTP transformation rules. XSLT is used for this function. You can trigger specific rules with a Protected Object Policy (POP) or a request line pattern match.

WebSEAL administrators can configure the following modifications. You can apply these transformations to HTTP requests and HTTP responses (except where otherwise noted):

  • Add a header
  • Remove a header
  • Modify an existing header
  • Modify the URI (request only)
  • Modify the method (request only)
  • Modify the authorization object name (request only)
  • Modify the HTTP version
  • Modify the HTTP status code (response only)
  • Modify the status reason (response only)
  • Add a cookie
  • Remove a cookie
  • Modify an existing cookie
  • Add a body (response only)
  • Modify the ACL bits used in the authorization decision (request only)
  1. It is not possible to modify the body of the request or response. Similarly, you cannot modify cookies or headers that are inserted by WebSEAL. For example, the Host, iv-user and iv-creds junction headers.
  2. WebSEAL pages under the lib/html directory are referred to as HTML server response pages. These response pages are grouped into:
    • Account management pages.
    • Error message pages.

    You can configure the names of these response pages in the [acnt-mgt] stanza.