About HTTP filtering in IAG

Applies To: Intelligent Application Gateway (IAG)

Whale Communication Intelligent Application Gateway (IAG) 2007 can check the headers of incoming HTTP requests, and reject unwanted headers, cookies, and parameters. You can configure HTTP header checks to do the following:

• Enforce character ranges

• Check size of header names and values

• Enforce length, type, and values of specific headers

• Check size of cookies

• Enforce length, type, and values of specific cookies

• Enforce length, type, and values of cookies and headers that are not specifically configured

For instructions about configuring HTTP header filtering see Configuring HTTP filtering for IAG traffic.

Header checking is defined in a configuration file which specifies the checks through which the headers and cookies in the HTTP request’s header go. For more information about the configuration file, see About the IAG HTTP filtering configuration file. All headers and cookies first go through general checks that are defined in the file in one general section. Once a header or cookie passes the general checks, IAG checks the header or cookie against the applicable header or cookie section in one of the following ways:

• If an individual section is configured for the header or cookie in the file, the header or cookie is checked against that section.

• If no individual section is configured for the header or cookie, it is checked against the default header or cookie section, respectively.

If any of the headers or cookies in the HTTP header fail either the general or the individual checks, the request is rejected, and the user receives a Security Violation message.

Figure 31 illustrates the flow of checking one header; the flow is identical for cookie checks.

.