Define Application
Proxy
The Identity-Aware Web Application Firewall acts as an HTTP-proxy. In doing to, it can inject an identity-flow (authentication on behalf of) as well as rewrite/rework various HTTP constructs to make them accurate relative to an external environment.
Define Application: Proxy
The Identity-Aware Web Application Firewall acts as an HTTP-proxy. In doing to, it can inject an identity-flow (authentication on behalf of) as well as rewrite/rework various HTTP constructs to make them accurate relative to an external environment.
Typically there is no configuration required in this section, however, you may use it to tweak for individual applications as needed.
Include User Context Headers
If the ‘Include User Context Headers’ is set, several headers are added to the request, allowing the upstream web server to infer user and role. these include:
{
"headers": {
"Remote-Org-Id": "5kX8JJdQ3CzXXXXXXXX",
"Remote-User": "user@agilicus.com",
"Remote-User-Id": "XGMKWs5SXXXXXX",
"X-Agilicus-External-Id": "-",
"X-Agilicus-Member-Of": "[\"wiki-editors\"]",
"X-Gateway-Org": "5kX8JJdQ3CzXXXXXXXX",
"X-Gateway-Primary-Role": "self",
"X-Gateway-Roles": "{\"httpbin\":[\"self\"],\"urn:api:agilicus:users\":[\"self\"]}",
"X-Gateway-Tokenid": "Hwx6vUZPXXXXXXXX",
"X-Gateway-User": "XGMKWs5SXXXXXX",
"X-Gateway-User-Email": "user@agilicus.com",
"X-Roles-Matched": "true",
"X-Token-Valid": "true"
}
}HTTP Media Type Rewrite
It is common for certain body documents to have embedded components linking to the internal name of the host. This could include a JSON search result, showing http://internal instead of https://external.example.com, it could include XML, HTML, CSV, etc.
In this section, we can add specific Media (MIME) types. If they are set, the contents will be rewritten to match the external coordinates.
HTTP (Host) Names Rewrite
The internal host may have multiple names. This can occur with e.g. virtual machines (‘intranet’ is also ‘vweb01’) and these names internally might be used interchangeably. In this section we add a set of hosts that, if present, will be rewritten to the external name.
HTTP Response Header Overrides
Set Header
This allows setting an arbitrary header to an arbitrary value.
Append Header
This allows appending a value to an existing response header.
Remove Header
This will remove a header from the response. It may be used to e.g. remove private internal information or version leakage.
Remove Match
This feature allows removing entire header lines matching some criteria. If your response included:
Host: foobar
Host: fooThen, if we put in ‘Name’: ‘Host’ and value ‘foo’, both lines are removed. If we put in value ‘bar’ only the first line is removed. A regex is allowed here, so we could put in e.g. ‘fo.*’.
Parameter Rewrite Filter
This feature allows overwriting specific GET parameters. E.g. if the URL is https://www?foo=bar, you can rewrite this to foo=baz. It also allows deflate (e.g. decompress) and base64-encoded.
HTTP Request Header Overrides
The Request Overrides operate in the same fashion as the Response Overrides.
Proxied Service Configuration
This field should not be used in normal circumstances. It allows proxying to an external host (e.g. for demonstration purposes).