HTTP transformations
You can modify HTTP requests and responses as they pass through WebSEAL with HTTP transformation rules. XSLT is used for this function. You can trigger specific rules with a Protected Object Policy (POP) or a request line pattern match.
WebSEAL administrators can configure the following modifications. You can apply these transformations to HTTP requests and HTTP responses (except where otherwise noted):
- Add a header
- Remove a header
- Modify an existing header
- Modify the URI (request only)
- Modify the method (request only)
- Modify the authorization object name (request only)
- Modify the HTTP version
- Modify the HTTP status code (response only)
- Modify the status reason (response only)
- Add a cookie
- Remove a cookie
- Modify an existing cookie
- Add a body (response only)
- Modify the ACL bits used in the authorization decision (request only)
Note:
- It is not possible to modify the body of the request or response. Similarly, you cannot modify cookies or headers that are inserted by WebSEAL. For example, the Host, iv-user and iv-creds junction headers.
- WebSEAL pages under the
lib/html
directory are referred to as HTML server response pages. These response pages are grouped into:- Account management pages.
- Error message pages.
You can configure the names of these response pages in the [acnt-mgt] stanza.