Layer7 API Management

Expand all | Collapse all

Route via HTTP assertion : how to overide some request header entry

  • 1.  Route via HTTP assertion : how to overide some request header entry

    Posted 01-31-2019 10:47 AM

    Hello,

     

    We use 'Route via HTTP' assertion in CA API Gateway 9.3

     

    Every Original Request Header value are forwarded to the back-end.

    It's ok.

    But we need to override only one, the 'host' value,

    because the back-end have to know the original request host.

     

    We tried to use 'Manage Transport Properties/Headers' but it only usseful for the Response Header, not the Request Header.

     

    Is there a simple way to do that with 'Route via HTTP' or around 'Route via HTTP' ?

     

    Thanks



  • 2.  Re: Route via HTTP assertion : how to overide some request header entry

    Posted 01-31-2019 12:18 PM

    Good afternoon,

     

    The Host header by default will not be transmitted from the front end without making a modification to the system.properties file as outline in this link (Route via HTTP(S) Assertion - CA API Gateway - 9.3 - CA Technologies Documentation ).

     

    Excerpt from the documentation:

    Configuring the [Headers] Tab

    The [Headers] tab is used to define which HTTP headers should be passed through. It contains separate sections for request and response headers.

    By default, all request and response headers are passed through in their original form. 

    WARNING: There may be potential security ramifications to allowing all applications header to be passed through. If in doubt, restrict the pass-through to only specific headers.

    When passing through only specific headers, define these headers in their respective tables. You can choose to pass the original value of the header or a custom value (context variables acceptable).

    Some tips for constructing a list of headers to be passed through:

    • You may repeat header names if you are constructing multiple rules on handling a particular header. See "Working with Multiple Headers" below for more details.
    • When passing the original value, if the header is present multiple times in the incoming request, then it is passed multiple times as they are in the original request.
    • When passing through only specific request or response headers, if no headers are specified in the accompanying table, then the Gateway reverts to passing through all headers. 

    The Gateway does not pass these headers by default, regardless of the pass-through rules defined

    connection
    content-encoding
    content-length
    content-type
    date
    host

    keep-alive
    server
    transfer-encoding

    Technical Note: To pass through any of the excluded headers above, add the system property com.l7tech.policy.assertion.HttpPassthroughRuleSet.headersToSkip with the list of headers to skip. For more information, see Gateway System Properties.

    Sincerely,

     

    Stephen Hughes

    Broadcom Support



  • 3.  Re: Route via HTTP assertion : how to overide some request header entry

    Posted 02-01-2019 03:40 PM

    Why do you need to do this exactly? Are you using the same Web API to route to different backends dynamically? If so, how are you routing your requests through the API Manager exactly?



  • 4.  Re: Route via HTTP assertion : how to overide some request header entry

    Posted 02-04-2019 12:37 PM

    Hi Fabien,

    the host-header will be included automatically depending on the hostname part of your URL used in your "Route via HTTP(S)"-assertion. And yes, this value is normally different for the incoming and outgoing request on a reverse proxy like the API Gateway. If your backend application is not aware of such a reverse proxy and therefor generates all links, URLs, redirects or additional resources with the wrong hostname, there is an official option to tell your application how to handle this correctly.

    It's the usage of the "Forwarded"-Header.

    We have also one API, which requires this header and I put the required logic into a fragment and can then use it in as much policies as I like. Somethink like this:

    Hope that helps a little bit.

     

    Ciao Stefan