It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda WAF-as-a-Service

Request Rewriting

  • Last updated on

With request rewriting, you can insert, remove, or rewrite headers before the request is forwarded to the backend server. You can also rewrite the URL to map to a different resource. This conceals information from external users. 

Working with URLs

When a web application returns a URL, sensitive information about the web server may be revealed. Rewriting or redirecting modifies the prefix, domain, and response body of an internal URL to an externally viewable URL.

URL Translation can externalize internal applications, which link to internal servers (not defined in the external DNS name space). For example, the Example Company has an internal application registered in the internal DNS as finance.example. URL Translation can make this application available to external partners behind a common public domain such as www.example.com without exposing the internal name space. Through URL Translation, Company ABC can map different internal and external prefixes so the internal application is available on the public Internet as www.example.com/finance.abc

Choose from the following actions available in Request Rewriting:

  • Insert Header
  • Remove Header
  • Rewrite Header
  • Rewrite URL
  • Redirect URL

Rewriting

You can rewrite the request with a constant value or a request value. 

Constant Values

You can choose to use a constant rewrite value, using the following macros.

For Request Rewrites
  • $SRC_ADDR – Inserts the source (client) IP address. You can use it for the new value (Rewrite Value parameter) when inserting or rewriting a header
  • $URI Should be specified in the new value, if you are rewriting or redirecting the URI. $URI specifies the complete request URI including the query string.
  • $X509_VERSION – The client certificate's X.509 version string.
  • $X509_SERIAL_NUMBER – The serial number of the client certificate.
  • $X509_SIGNATURE_ALGORITHM – The signature algorithm used in the client certificate.
  • $X509_ISSUER – The issuer string of the client certificate.
  • $X509_NOT_VALID_BEFORE – Time before which the client certificate is not valid.
  • $X509_NOT_VALID_AFTER – Time after which the client certificate is not valid.
  • $X509_SUBJECT – The subject string of the client certificate.
  • $X509_SUBJECT_PUBLIC_KEY_TYPE – The X.509 Certificate Subject Key Identifier string of the client certificate.
  • $X509_SUBJECT_PUBLIC_KEY – Public key modulus of the client certificate.
  • $X509_SUBJECT_PUBLIC_KEY_RSA_BITS – Size of the client certificate's public key, in bits.
  • $X509_EXTENSIONS – The client certificate's X.509 Extensions string.
  • $X509_HASH – The X.509 Hash string of the client certificate.
  • $X509_WHOLE – The X.509 client certificate, represented as a string in PEM format.
  • X509_SAN_EMAIL and X509_IAN_EMAIL  Macros copy the information of an email from the client certificate and send it back to the backend server in HTTP header.
  • $AUTH_USER – Adds the username.*
  • $AUTH_PASSWD – Adds the password.*
  • $AUTH_GROUPS – Adds the user roles.*
  • $LOG_UID – The unique ID used to identify a log.

*Notes for specific situations:

    • The URL is not protected; access control or authentication is off. The value substituted for the above three macros will be the special string NCURLNotProtected.
    • The client has not logged in. The value substituted for the above three macros will be the special string NCNoUserSession.
    • The user does not belong to any groups. The value substituted for $AUTH_GROUPS will be the special string NCNOUserRoles.
For Response Page
  • %action-id – The attack ID of the violation that resulted in displaying this response page.
  • %host – The host that sent this request.
  • %s – The URL of the request that caused this violation.
  • %client-ip – The client IP address of the request that caused the violation.
  • %attack-time – The time at which the violation occurred.
  • %attack-name – The attack name of the violation that resulted in displaying the response page.

Request Values

Request values are available in the menu and include:

  • Client IP Address
  • Endpoint Address
  • URL
  • SSL Protocol Version
Last updated on