Contents
The Connect to URL filter is the simplest routing filter to use to connect to a target Web service. To configure this filter to send messages to a Web service, you need only enter the URL of the service in the URL field. If the Web service is SSL enabled or requires mutual authentication, you can use the other tabs on the Connect to URL filter to configure this.
Depending on how the API Gateway is perceived by the client, different combinations of routing filters can be used. Using the Connect to URL filter is equivalent to using the following combination of routing filters:
-
Static Router
-
Rewrite URL
-
Connection
The Connect to URL filter enables the API Gateway to act as the endpoint to the client connection (and not as a proxy), and to hide the deployment hierarchy of protected Web services from clients. In other words, the API Gateway performs service virtualization. For an introduction to routing scenarios and the filters in the Routing category, see the Getting Started with Routing Configuration topic.
Configure the following general settings:
Name:
Enter an appropriate name for the filter.
URL:
Enter the complete URL of the target Web service. You can specify this setting
as a selector, which enables values to be expanded at runtime. For more details,
see Selecting configuration values at runtime. Defaults to ${http.request.uri}.
![[Tip]](../common_oracle/images/admon/tip.png) |
Tip |
|---|---|
You can also enter any query string parameters associated with the incoming
request message as a selector, for example, ${http.request.uri}?${http.raw.querystring}.
|
On the Request tab, you can use the API Gateway selector syntax to evaluate and expand request details at runtime. For more details, see Selecting configuration values at runtime. The values specified on this tab are used in the outbound request to the URL.
Method:
Enter the HTTP verb used in the incoming request (for example, GET).
Defaults to ${http.request.verb}.
Request Body:
Enter the content of the incoming request message body. Defaults to
${content.body}.
![[Important]](../common_oracle/images/admon/important.png) |
Important |
|---|---|
|
You must enter the body headers and body content in the Request Body
text area. For example, enter the Content-Type: text/html <!DOCTYPE html> <html> <body> <h1>Hello World</h1> </body> </html>
|
Request Protocol Headers:
Enter the HTTP headers associated with the incoming request message.
Defaults to ${http.headers}.
Configure the SSL settings on the SSL tab. You can select the server certificates to trust on the Trusted Certificates tab, and the client certificates on the Client Certificates tab.
You can also specify the ciphers that API Gateway supports in the Ciphers field. The API Gateway sends this list of supported ciphers to the destination server, which selects the highest strength common cipher as part of the SSL handshake. The selected cipher is then used to encrypt the data as it is sent over the secure channel.
When API Gateway connects to a server over SSL, it must decide whether to trust the server's SSL certificate. You can select a list of CA or server certificates from the Trusted Certificates tab that are considered trusted by the API Gateway when connecting to the server specified in the URL field on this dialog.
The table on the Trusted Certificates tab lists all certificates imported into the API Gateway Certificate Store. To trust a certificate for this particular connection, select the box next to the certificate in the table.
To select all certificates for a particular CA, select the box next to the CA parent node in the table.
Alternatively, you can select the Trust all certificates in the Certificate Store option to trust all certificates in the store. This is selected by default.
In cases where the destination server requires clients to authenticate to it using an SSL certificate, you must select a client certificate on the Client Certificates tab.
To select a client certificate click the Signing Key button, and complete the following fields on the Select Certificate dialog:
Choose a specific certificate:
Select this option to choose a certificate from the Certificate Store. Select the check box next to the client certificate to use it to authenticate to the server specified in the URL field.
Bind the certificate at runtime:
Select this option to bind the certificate at runtime. You can specify this setting as an environment variable selector, which enables values to be expanded at runtime. For more details, see Selecting configuration values at runtime.
The Authentication tab enables you to select a client credential profile for authentication. You can use client credential profiles to configure client credentials and provider settings for authentication using API keys, HTTP basic or digest authentication, Kerberos, or OAuth.
Click the browse button next to the Choose a Credential Profile field to select a credential profile. You can configure client credential profiles globally under the External Connections node in the Policy Studio tree. For more details on configuring client credentials, see the Configuring client credentials topic.
The Settings tab enables you to configure the following additional settings:
-
Retry
-
Failure
-
Proxy
-
Redirect
-
Headers
By default, these sections are collapsed. Click a section to expand it.
To specify the retry settings for this filter, complete the following fields:
Perform Retries:
Select whether the filter performs retries. By default, this setting is not selected, no retries are performed, and all Retry settings are disabled. This means that the filter only attempts to perform the connection once.
Retry On:
Select the HTTP status ranges on which retries can be performed. If a host
responds with an HTTP status code that matches one of the selected ranges,
this filter performs a retry. Select one or more ranges in the table (for
example, Client Error 400-499). For details on adding custom
HTTP status ranges, see the next subsection.
Retry Count:
Enter the maximum number of retries to attempt. Defaults to 5.
Retry Interval (ms):
Enter the time to delay between retries in milliseconds. Defaults
to 500 ms.
Add an HTTP status range
To add an HTTP status range to the default list displayed in the Retry On table, click the Add button. In the Configure HTTP Status Code dialog, complete the following fields:
| Name | Enter a name for the HTTP status range. |
| Start status | Enter the first HTTP status code in the range. |
| End status | Enter the last HTTP status code in the range. |
To add one specific status code only, enter the same code in
the Start status and End status fields. Click
OK to finish. You can manage existing HTTP status ranges using
Edit and Delete.
To specify the failure settings for this filter, complete the following fields:
Consider SLA Breach as Failure:
Select whether to attempt the connection if a configured SLA has been
breached. This is not selected by default. If this option is selected,
and an SLA breach is encountered, the filter returns false.
Save Transaction on Failure (for replay):
Select whether to store the incoming message in the specified directory and file if a failure occurs during processing. This is not selected by default.
File name:
Enter the name of the file that the message content is saved to. You can
specify this using a selector, which is expanded to the specified value at
runtime. Defaults to ${id}.out. For more details on
selectors, see Selecting configuration values at runtime.
Directory:
Enter the directory that the file is saved to. You can specify this using
a selector, which is expanded to the specified value at runtime. Defaults
to ${environment.VINSTDIR}/message-archive, where
VINSTDIR is the location of a running API Gateway
instance.
Maximum number of files in directory:
Enter the maximum number of files that can be saved in the directory.
Defaults to 500.
Maximum file size:
Enter the maximum file size in MB. Defaults to 1000.
Include HTTP Headers:
Select whether to include HTTP headers in the file. HTTP headers are not included by default.
Include Request Line:
Select whether to include the HTTP request line from the client in the file. The request line is not included by default.
Call policy on Connection Failure:
Select whether to execute a policy in the event of a connection failure. This is not selected by default.
Connection Failure Policy:
Click the browse button on the right, and select the policy to run in the event of a connection failure in the dialog.
To specify the proxy settings for this filter, complete the following fields:
Send via Proxy:
Select this option if the API Gateway must connect to the destination Web
Service through an HTTP proxy. In this case, the API Gateway includes the
full URL of the destination Web service in the request line of the HTTP
request. For example, if the destination Web service resides at
http://localhost:8080/services, the request
line is as follows:
POST http://localhost:8080/services HTTP/1.1
If the API Gateway was not routing through a proxy, the request line is as follows:
POST /services HTTP/1.1
Proxy Server:
When Send via Proxy is selected, you can configure a specific proxy server to use for the connection. Click the browse button next to this field, and select an existing proxy server. To add a proxy server, right-click the Proxy Servers tree node, and select Add a Proxy Server. Alternatively, you can configure Proxy Servers under External Connections in the Policy Studio tree. For more details, see the Proxy Servers topic.
Transparent Proxy (present client's IP address to server):
Enables the API Gateway as a transparent proxy on Linux systems
with the TPROXY kernel option set. When selected, the IP address of
the original client connection that caused the policy to be invoked is used as the
local address of the connection to the destination server.
For more details, see the Configuring a Transparent Proxy topic.
To specify the redirect settings for this filter, complete the following fields:
Follow Redirects:
Specifies whether the API Gateway follows HTTP redirects, and connects to the redirect URL specified in the HTTP response. This setting is enabled by default.
To specify the header settings for this filter, complete the following fields:
Forward spurious received Content headers:
Specifies whether the API Gateway sends any content-related message headers
when sending an HTTP request with no message body to the HTTP server. For
example, select this setting if content-related headers are required by an
out-of-band agreement. If there is no body in the outbound request, any
content-related headers from the original inbound HTTP request are forwarded.
These are extracted from the http.content.headers message attribute,
generally populated by the API Gateway for the incoming call. This attribute can
be manipulated in a policy using the appropriate filters, if required. This
field is not selected by default.
HTTP Host Header:
An HTTP 1.1 client must send a
Host header in all HTTP 1.1 requests. The
Host header identifies the host name and port number
of the requested resource as specified in the original URL given by the
client.
When routing messages on to target Web services, the API Gateway can
forward on the Host as received from the client,
or it can specify the address and port number of the destination Web
Service in the Host header that it routes onwards.
Select Use Host header specified by client to force
the API Gateway to always forward on the original
Host header that it received from the client.
Alternatively, to configure the API Gateway to include the address and
port number of the destination Web service in the
Host header, select the
Generate new Host header radio button.
