HTTP transformations

Edit online

You can modify HTTP requests and responses as they pass through WebSEAL with HTTP transformation rules. XSLT or Lua scripting is used for this function. You can trigger specific rules with a Protected Object Policy (POP) or by performing a pattern match against the HTTP request line.

WebSEAL processes the rule as a Lua script if the name of the resource file ends with a .lua extension. All other files are treated as an XSLT rule.

WebSEAL administrators can configure the following modifications. You can apply these transformations to HTTP requests and HTTP responses (except where otherwise noted):

  • Add a header.
  • Remove a header.
  • Modify an existing header.
  • Add a cookie.
  • Remove a cookie.
  • Modify an existing cookie.
  • Modify the URI (request only).
  • Modify the method (request only).
  • Modify the HTTP version.
  • Modify the HTTP status code (response only).
  • Modify the status reason (response only).
  • Add a body (for XSLT on the response only).
  • Modify the authorization object name (request only).
  • Modify the ACL bits used in the authorization decision (request only).
  • Filter the request from the request log (request only)
Note:
  1. You cannot use XSLT rules to modify the body of the request or response. However, you can modify the body of the request or response by using Lua rules.
  2. You cannot modify cookies or headers that are inserted by WebSEAL. For example, the Host, iv-user, and iv-creds junction headers.
Lua scripts also provide the WebSEAL administrators with extra capabilities:
  • Create custom authorization rules.
  • Create custom authentication mechanisms.
  • Add custom attributes to an authenticated credential.