Manipulating HTTP responses with AppWrap

  • Article

Applies To: Unified Access Gateway

The Application Wrapper (AppWrap) is a Forefront Unified Access Gateway (UAG) XML configuration file that lets you configure how HTTP responses from backend Web servers to the end user client devices are manipulated. By default, the following manipulation types are performed:

  • Blocking uploads and downloads, according to endpoint policy definitions.

  • Adding session timeout and logoff functionality to applications.

  • Removing logoff functionality from applications published in the Forefront UAG portal.

  • Fixing application publishing bugs, such as, a mismatch of HTTP and HTTPS, and accessing the incorrect frames because of the structure of the Forefront UAG portal.

  • Sending the correct HTTP request headers to the Exchange Client Access server to support private and public access, and access to the Outlook Web Access Light.

Two versions of the AppWrap file exist: one for HTTP trunks and one for HTTPS trunks. The files have a similar structure which enables you to easily duplicate manipulations between the trunk types. The files are located in the ...\Microsoft Forefront Unified Access Gateway\von\Conf\WizardDefaults\AppWrapTemplates folder.

The basic structure of the file is as follows:

<APP_WRAP ver="3.0" id="RemoteAccess_HTTPS.xml">
    <MANIPULATION>
        <MANIPULATION_PER_APPLICATION>
            <APPLICATION_TYPE>InternalSite</APPLICATION_TYPE>
            <DATA_CHANGE>
                <URL case_sensitive="false">...</URL> 
                <SAR>
                    <SEARCH encoding="base64">...</SEARCH>
                    <REPLACE encoding="base64" using_variables="true">...</REPLACE>
                </SAR>
            </DATA_CHANGE>
            ...
            ...
            ...
        </MANIPULATION_PER_APPLICATION>
        <HEADER_CHANGE>
            ...
            ...
            ...
        </HEADER_CHANGE>
    </MANIPULATION>
</APP_WRAP>

This structure lets you make manipulations on a per application basis. For each application that you want to make a manipulation, create a <MANIPULATION_PER_APPLICATION> section and between the <APPLICATION_TYPE>[Application_Name]</APPLICATION_TYPE> tags, enter the application name as it is defined in the WizardDefaultParam.ini file.

For a description of the conventions used by the AppWrap files and the AppWrap syntax, see AppWrap file description.

Conditional search and replace

Conditional search and replace (SAR) lets you define manipulations that will be performed based on Forefront UAG session parameters. The session parameters can be viewed in the Forefront UAG Web Monitor on the Session Details page.

For example, to remove the ‘Log off’ link from your published SharePoint 2007 application that is published in the portal frame (that is, where the portal ‘Log off’ button exists and should be used), use the following:

<MANIPULATION_PER_APPLICATION>
    <APPLICATION_TYPE>SharePoint 2007</APPLICATION_TYPE>
    <DATA_CHANGE>
        <URL case_sensitive="false">.*\.aspx.*</URL> 
        <SAR conditional_variable="UsePortalFrame" conditional_var_value="False">
            <SEARCH encoding="base64">SignOut.aspx';"</SEARCH>
            <REPLACE encoding="base64"> SignOut.aspx';" style="visibility:hidden;"</REPLACE>
        </SAR>
    </DATA_CHANGE>
</MANIPULATION_PER_APPLICATION>
<SAR conditional_variable="UsePortalFrame" conditional_var_value="False">

Note

You can also use conditional SAR for HTTP header manipulation.