The Enter Regular Expression table displays
the list of configured HTTP header names together with the
White list of regular expressions that restrict
their values. For this filter to run successfully, all
required headers must be present in the request, and all
must have values matching the configured regular expressions.
The Name column shows the name of the HTTP header.
The Regular Expression column shows the name of the
regular expression that the Enterprise Gateway uses to restrict the value
of the named HTTP header. A number of common regular expressions are
available from the global White list library.
Configuring a Regular Expression
You can configure regular expressions by selecting the Add,
Edit, and Delete buttons. The Configure
Regular Expression dialog enables you to add or edit regular expressions
to restrict the values of HTTP headers. To configure a regular expression, perform
the following steps:
-
Enter the name of the HTTP header in the Name
field.
-
Select whether this header is Optional or
Required using the appropriate radio button.
If it is Required, the header
must be present in the request.
If the header is not present, the filter fails. If it is
Optional, the header does not need to be
present for the filter to pass.
-
You can enter the regular expression to restrict the value of the HTTP
header manually or select it from the global White list
library of regular expressions in the Expression Name
drop-down list. A number of common regular expressions are provided
(for example, alphanumeric values, dates, and email addresses).
You can use properties representing the values of message attributes
to compare the value of an HTTP header with the value contained in
a message attribute. Enter the $ character in the
Regular Expression field to view a list of available
attributes. At runtime, the property is expanded to the corresponding
attribute value, and compared to the HTTP header value that you want to
check.
-
You can add a regular expression to the library by selecting
the Add/Edit button. Enter a Name for the
expression followed by the Regular Expression.
Advanced Settings
The Advanced section enables you to extract a portion of
the header value which is run against the regular expression. The extracted
substring can be Base64 decoded if necessary. This section is specifically
aimed towards HTTP Basic authentication headers, which consist of the
Basic prefix (with a trailing space), followed by the Base64-encoded
username and password. The following is an example of the HTTP Basic authentication
header:
| | |
|
Authorization: Basic dXNlcjp1c2Vy
| |
| | |
|
The Base64-encoded portion of the header value is what you are interested in
running the regular expression against. You can extract this by specifying the
string that occurs directly before the substring you want to extract, together
with the string that occurs directly after the substring.
To extract the Base64-encoded section of the Authorization header above,
enter Basic (with a trailing space) in the Start substring
field, and leave the End substring field blank to extract the entire
remainder of the header value.
Important Note:
You must select the start and end substrings to ensure that the exact substring is
extracted. For example, in the HTTP Basic example above, you should enter Basic
(with a trailing space) in the Start substring field, and
not Basic (with no trailing space).
By specifying the correct substrings, you are left with the Base64-encoded header value
(dXNlcjp1c2Vy ). However, you still need to Base64 decode it before you can
run a regular expression on it. Make sure to select the Base64 decode
checkbox. The Base64-decoded header value is user:user , which conforms to
the standard format of the Authorization HTTP header. This is the value that
you need to run the regular expression against.
The following example shows an example of an HTTP Digest authentication header:
| | |
|
Authorization: Digest username="user", realm="oracle.com", qop="auth",
algorithm="MD5", uri="/editor", nonce="Id-00000109924ff10b-0000000000000091",
nc="1", cnonce="ae122a8b549af2f0915de868abff55bacd7757ca",
response="29224d8f870a62ce4acc48033c9f6863"
| |
| | |
|
You can extract single values from the header value. For example, to extract
the realm field, enter realm=" (including the "
character), in the Start substring field and " in the
End substring field. This leaves you with oracle.com
to run the regular expression against. In this case, there is no need to Base64 decode
the extracted substring.
Note:
If both Start substring and End substring
fields are blank, the regular expression is run against the entire header
value. Furthermore, if both fields are blank and the Base64 decode
checkbox is selected, the entire header value is Base64 encoded before the regular
expression is run against it.
While the above examples deal specifically with the HTTP authentication
headers, the interface is generic enough to enable you to extract a
substring from other header values.
|