HTTP transformations

We can modify HTTP requests and responses as they pass through WebSEAL with HTTP transformation rules. XSLT is used for this function. We can trigger specific rules with a Protected Object Policy (POP) or a request line pattern match.

WebSEAL administrators can configure the following modifications. We can apply these transformations to HTTP requests and HTTP responses (except where otherwise noted):

• Add a header
• Remove a header

• Modify an existing header

• Modify the URI (request only)

• Modify the method (request only)

• Modify the authorization object name (request only)

• Modify the HTTP version

• Modify the HTTP status code (response only)

• Modify the status reason (response only)

• Add a cookie
• Remove a cookie

• Modify an existing cookie

• Add a body (response only)

• Modify the ACL bits used in the authorization decision (request only)

1. It is not possible to modify the body of the request or response. Similarly, we cannot modify cookies or headers inserted by WebSEAL. For example, the Host, iv-user and iv-creds junction headers.

2. WebSEAL pages under the lib/html directory are referred to as HTML server response pages. These response pages are grouped into:
   • Account management pages.
   • Error message pages.

   We can configure the names of these response pages in the [acnt-mgt] stanza.

• Extensible Stylesheet Language Transformation (XSLT)
  
• HTTP transformation rules
  
• Configuration
  
• Example HTTP transformation scenarios
  
• Transformation errors
  Most errors are printed in the server log or returned to the browser as an error page.

Parent topic: Standard WebSEAL Junctions