Header Injection

Reverse proxy can add headers and cookies and url parameters, during processing Request. To configure the headers, we must first define a Contect Provider.

Configure Content Provider URI Pattern to add headers

Reverse proxy can add headers and cookies and url parameters, during processing Request.

To add header or cookie or url parameters, need to open Content Provider, select needed URI pattern. URI pattern will act like a filter, headers or cookies will applied only to requests that match URI pattern. Then in URI pattern, it is possible to create Meta data and fill it with needed values. Name of header or cookie should be specified, but value can be static value, or some data from user, currently available username and password, or groovy script. Using groovy scripts, it is possible to send any values, just need to write this script.

  • Go to Content Providers

00-contentProvider.png

  • Click on edit on Content Provider where you want to add changes

01-editCP.png

  • Scroll down to URI Patterns Create new URI Pattern:

02a-uriPatterns.png

or click edit on existing:

02b-uriPatterns.png

For newly created URI pattern, add Pattern.

03-createURIPattern.png

  • On URI Pattern screen, scroll down to Meta Data and click on plus button

04-createMetadata.png

  • In opened dialog, select Meta Data Type. for headers it should be Set Header, for cookies: Set Cookie

06-setHeader.png

  • add Meta Data Name and click on plus button

05-createMetadata.png

  • In new dialog, add needed header or cookie name in Property Name and select Property Type. For this example Property Type is Static Value. But it possible to use different types, for example, User Name, Password or Groovy Script.

08-headerField.png

  • Add Property Value. for Static Value it will be string value. if you need empty value, use special Property Type named Empty Value on previous step. For Groovy scripts, it will be name of groovy script.

09a-someValue.png

  • Optionally you can uncheck Propagate Through Proxy. If it is checked(by default), header will be added to HTTP Response and will be visible in client's browser. If it is unchecked, header will be added only to requests that rproxy send to backend server and will not be visible in client's browser.

09b-someValue.png

  • Optionally you can uncheck Propagate on Error. if this value is unchecked, headers will be added only to successful responses. If checked, headers also will be added to responses with all HTTP statuses. For examples to responses with HTTP status 404 or 500 or any others.

09c-someValue.png

  • If you need more headers or cookies, repeat steps above as much as needed.

07-addHeaderField.png

  • Finally click on Save button.

10-saveField.png