Modifying or adding headers for an inbound HTTP request

Document ID : KB000057516
Last Modified Date : 14/02/2018
Show Technical Document Details

Solution

Background

The Gateway has the capability to modify or add inbound HTTP request headers prior to transmitting them to a protected service. It can be done through the following methods:

  • Set the default content type in a specific Listen Port
  • Using the?Add Header?assertion.
  • Specifying individual headers to passthrough in the?Route via HTTP(S)?assertion

Implementation

The Gateway can set a specific default content type via the?Manage Listen Ports dialog within the?Advanced tab. An administrator can activate the?Always use specified content-type?option and specify a content type accordingly. This behavior will only work for inbound requests that completely lack a Content-Type header. This is useful for client applications that do not transmit this header but will route to protected service that require them. This is a useful method of ensuring that all inbound requests to a particular listen port will have a content type. The important caveat is that it is possible to have the incorrect textual content type set for a message so caution is required when making this change. An example of this implementation is illustrated below:

A screen capture of the Advanced tab showing the content type enforcement in the Listen Port Properties dialog

An assertion that can add headers (or modify an existing header's value). The Add Header assertion can be added before a routing assertion to add or modify a header to be sent to the protected service. This is useful for setting headers based on context variables or setting headers based on certain conditions. ?The Gateway will only send this header through the Gateway if it is enabled in the Route via HTTP(S) assertion. An example setting a specific header with a specific value is illustrated below:

A screen capture of the Add Header assertion being configured.

The?Request HTTP Rules tab that can be used to specify whether a specific list of headers or all headers or all headers are passed through. A header should be added to the Route via HTTP(S) assertion when the header was added was through the Add Header assertion. The Gateway can also be used to passthrough all headers from the request or set in policy. The example below illustrates manually adding the header specified in the Add Header assertion to the Route via HTTP(S) assertion:

A screen capture of the Route via HTTP(S) assertion that passes through a specific header.

Headers can also be set manually in the Route via HTTP(S) assertion via the Request HTTP Rules tab. Individual headers can be added to this tab and have their values set manually or with context variables using the dialog specified above. The example below manually adds a header to be transmitted to the protected service without using the Add Header assertion:

A screen capture of the Route via HTTP(S) assertion that adds a specific header.