IBM Security Verify

 View Only
  • 1.  Cghanging host header while forwarding to backend

    Posted Wed August 31, 2022 07:54 AM
    Hi Team,

    i was looking for a solution to change the host while sending a request to the backend. Background is a Virtual Host Junction which matches www.example.com and also example.com and a mutual ssl connection to backend. In case of the mutual connection the SNI must match the host header. So in one case I don't get the access because host header is forwarded as the browser sends ist.
    Thougt I could solve with http transforming the host at request header but somehow that didn't work. The rule seems working fine looking at pdweb.http.transformation but pdweb.debug still shows the untransformed header is send to WebSEAL.

    Any hint how to solve that issue?

    Thanks,
    Jens

    ------------------------------
    Jens Petersen
    ------------------------------


  • 2.  RE: Cghanging host header while forwarding to backend

    Posted Fri September 02, 2022 04:55 PM
    Hi Jens,

    It is not possible to transform something that WebSEAL adds to the request.  See https://www.ibm.com/docs/en/sva/10.0.4?topic=junctions-http-transformations for details.

    Note:
    1. With XSLT rules it is not possible to modify the body of the request or response. It is however possible to do this with Lua rules.
    2. You cannot modify cookies or headers that are inserted by WebSEAL. For example, the Host, iv-user, and iv-creds junction headers.


    ------------------------------
    Nick
    IBM Security Verify Customer Support
    ------------------------------