HTTP transformations

You can modify HTTP requests and responses as they pass through WebSEAL with HTTP transformation rules. XSLT is used for this function. You can trigger specific rules with a Protected Object Policy (POP) or a request line pattern match.

WebSEAL administrators can configure the following modifications. You can apply these transformations to HTTP requests and HTTP responses (except where otherwise noted):

  • Add a header
  • Remove a header
  • Modify an existing header
  • Modify the URI (request only)
  • Modify the method (request only)
  • Modify the authorization object name (request only)
  • Modify the HTTP version
  • Modify the HTTP status code (response only)
  • Modify the status reason (response only)
  • Add a cookie
  • Remove a cookie
  • Modify an existing cookie
  • Add a body (response only)
  • Modify the ACL bits used in the authorization decision (request only)
Note:
  1. It is not possible to modify the body of the request or response. Similarly, you cannot modify cookies or headers that are inserted by WebSEAL. For example, the Host, iv-user and iv-creds junction headers.
  2. WebSEAL pages under the lib/html directory are referred to as HTML server response pages. These response pages are grouped into:
    • Account management pages.
    • Error message pages.

    You can configure the names of these response pages in the [acnt-mgt] stanza.