Layer7 API Management

 View Only
  • 1.  Using variables for fowarding HTTP Headers

    Posted Aug 15, 2016 04:12 AM

    Is it possible to specify in the HTTP Routing assertion certain request headers to be forwarded to the endpoint using variables instead of hardcoded header names?

    Background of this question: We have created an encapsulated assertion to be used as a template policy visible in the API Portal. Routing to the endpoint happens within the encapsulated assertion. However, the headers allowed to be forwarded must be configurable per API using this template.



  • 2.  Re: Using variables for fowarding HTTP Headers

    Posted Sep 01, 2016 04:27 PM

    Hey Peter,

    Outside of having a static list of custom headers to send through or being able to send all headers that were received by the service, I'm not sure we have any other options unfortunately


    Depending on the different combinations of potential headers that will be sent to the backend, you could have a set of branches in policy, that determine which headers will eventually be sent to the back end and based on that, you can invoke the correct routing assertion that is prepared to route those headers?


    I know it's not pretty, but i can't think of another way off hand.


    If you would like to create an 'Idea' on this communities forum for this feature, i'll vote on it for you.


    hope this helps,

  • 3.  Re: Using variables for fowarding HTTP Headers

    Broadcom Employee
    Posted Sep 02, 2016 11:57 AM
      |   view attached



    Another thought would be to pass in a variable to the encapsulated assertion from the main policy called headers which has a common delimited list of headers and values such as Accept:application/json,Distance:30. In the encapsulated assertion take the variable and split it based on the comma then run through each one with 2 regular expressions and assign it to a header. I've attached a sample policy that outlines some of these thoughts. I've not been able to test this on how it would scale though.




    Stephen Hughes

    Director, CA Support


    zip   941 B 1 version

  • 4.  Re: Using variables for fowarding HTTP Headers

    Posted Sep 02, 2016 01:08 PM

    Very nice solution... i forgot about the 'Add Header' assertion.

  • 5.  Re: Using variables for fowarding HTTP Headers

    Posted Sep 05, 2016 08:00 AM



    Thanks for your feedback. If I understand your approach right it doesn't prevent unwanted headers being forwarded to the endpoint, which is our security requirement.

    Is there a possibility to remove all headers from an incoming request? If yes we could do the following:

    - Save all values of a defined set of variables

    - Remove all incoming headers

    - Set the defined variables with the original values

    So only predefined headers would be allowed...




  • 6.  Re: Using variables for fowarding HTTP Headers
    Best Answer

    Broadcom Employee
    Posted Sep 05, 2016 12:53 PM



    The example I provided does only pass through certain headers as you need to identify in the main policy which headers to be sent through so the encapsulation assertion can handle them. The encapsulated assertion will only pass in what you specify as inputs. The other way to ensure that all headers are removed would be to use the Manage Transport Properties/Headers assertion with the option Remove for the operation, the value .* in the Property/Header name field with the Regular Expression checked next to it.


    <?xml version="1.0" encoding="UTF-8"?>
    <wsp:Policy xmlns:L7p="" xmlns:wsp="">
        <wsp:All wsp:Usage="Required">
                <L7p:EvaluateNameAsExpression booleanValue="true"/>
                <L7p:HeaderName stringValue=".*"/>
                <L7p:HeaderValue stringValue=""/>
                <L7p:Operation operation="REMOVE"/>




    Stephen Hughes

    Director, CA Support

  • 7.  Re: Using variables for fowarding HTTP Headers

    Posted Sep 06, 2016 07:07 AM

    Great, didn't know about the regex possibility. That's what we were looking for!