Share via


About the IAG HTTP filtering configuration file

Applies To: Intelligent Application Gateway (IAG)

Whale Communications Intelligent Application Gateway (IAG) 2007 uses the file HdrRuleSet.ini to define HTTP header checking. The file is divided into a number of sections, which define check parameters for both headers and cookies in the HTTP header. The number of sections in the file depends on the number of headers and cookies that are configured in the file, as described in the following sections.

General Parameters

The General section of the file defines the parameters for the general checks, against which all headers and cookies are checked.

HdrRuleSet.ini–General Parameters

Parameter Description

ParseCookies

Yes=parse and check cookies.

No=do not check cookies.

AllowedInName

Lists the characters that are allowed in the header or cookie name.

AllowedInValue

Lists the characters that are allowed in the values of the header or cookie.

MaxHeaderLen

Maximum number of characters allowed in a header name.

MaxValueLen

Maximum number of characters allowed in a header value. The length that is defined in the individual header sections cannot exceed the value defined here.

MaxCookieLen

Maximum number of characters allowed in a cookie name.

MaxCookieValue

Maximum number of characters allowed in a cookie value. The length that is defined in the individual cookie sections cannot exceed the value defined here.

NumberOfCookies

Maximum number of cookies allowed in the HTTP header.

A sample General section:

[General]

ParseCookies=Yes

AllowedInName= "!#$%&’*+-.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ

^_‘abcdefghijklmnopqrstuvwxyz~|"

AllowedInValue= "!"#$%&’()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNO

PQRSTUVWXYZ[\]^_‘abcdefghijklmnopqrstuvwxyz{|}~"

MaxHeaderLen=20

MaxValueLen=200

MaxCookieLen=20

MaxCookieValue=200

NumberOfCookies=20

Header Parameters

Header parameters are defined as follows:

  • The Headers section defines the number and names of the headers that are subsequently defined in individual header sections. It is described in Headers Section.

  • For each header that is defined in the Headers section, the HdrRuleSet.ini file holds an individual header section, where the section name is the header name as defined in the Headers section.

  • The header is checked against the parameters in that individual section.

    For example: if in the Headers section Header1=Host, the first individual header section in the file is named Host, and it defines the parameters against which the Host header is checked.

  • Headers that are not defined in the Headers section and for which no individual section is configured are checked against the default header section—Default:Header. Both the individual and the default sections are described in Individual and Default Header Sections.

Headers Section

The table below describes the parameters in the Headers section; be sure to read the note that follows before you configure this section. A sample section follows.

HdrRuleSet.ini–Headers Section Parameters

Parameter Description

Count

Number of headers for which individual header sections are configured in the file.

Header#

Header definitions: each line defines the sequential number and name of the header for which individual check parameters are defined in the file.

Important

IAG checks only headers that are defined in the Headers section against the individual header sections, first according to the number of headers defined in the Count parameter, then according to the header definitions. Note the following:

  • If the number of individual header sections that are defined in the file exceeds the number defined in the Headers section either in the Count parameter or in the header definitions, IAG ignores the excessive header sections and checks the headers against the default header parameter.

  • If the number of headers defined in this section—either in the Count parameter or in the header definitions—exceeds the number of header sections, IAG will not check any headers.

For example:

  • If Count = 2 and Header1 and Header2 are defined in this section, only the headers that are configured in the first two individual header sections will be checked against their sections. Additional headers will be checked against the default section, even if an individual header section is configured in the file for them.

  • If Count = 1 and Header1 and Header2 are defined in this section, only the header that is configured in the first individual header section will be checked against the individual section.

  • If Header1 and Header2 are defined in the Headers section but an individual header section is defined for Header1 only, no headers will be checked.

A sample Headers section:

[Headers]

Count=2

Header1=Host

Header2=User-Agent

Individual and Default Header Sections

The table below lists the parameters against which headers are checked once they pass the checks defined in the General section; sample sections follow. All the parameters that are described in the table have to appear in each header section; they also appear in the Default section.

By default, the file HdrRuleSet.ini holds the following header sections:

  • Host—name of the host requesting to connect.

  • User-Agent—type of browser.

  • Default:Header—default header section.

For each specific header section you add to the file, you have to configure the Headers section, accordingly.

HdrRuleSet.ini–Individual and Default Header Parameters

Parameter Description

Length

Length of the header value, in characters. The value defined here cannot exceed the value defined in the General section.

Type

Type of header value:

  • Integer

  • Real

  • String

Value

Depends on the header value type, as defined in Type, as follows:

  • For strings, enter a regular expression that defines the acceptable values. For a description of regular expressions, refer to Appendix B: “Regex++, Regular Expression Syntax”.

  • For Integer and Real parameters, use a comma to separate values, and use a colon to represent a range of values.

AllowedAppearances

Not applicable

Sample header sections, including the Default header section:

[Host]

Length=200

Type=String

Value=([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-])+/)

AllowedAppearances=1

[User-Agent]

Length=100

Type=String

Value=.*

AllowedAppearances=1

[Default:Header]

Length=200

Type=String

Value=.*

AllowedAppearances=1

Cookie parameters are only applicable if, in the General section, ParseCookies has a value of Yes (as described in the table above). They are defined in three types of sections, as follows:

  • The Cookies section defines the number and names of cookies that are subsequently defined in individual cookies sections. It is described in Cookies Section.

  • For each cookie defined in the Cookies section, the HdrRuleSet.ini file holds a section, where the section name is the cookie name as defined in the Cookies section.

    For example: if in the Cookies section Cookie1 has a value of UID, the next section in the file is named UID, and it defines the parameters of the UID cookie.

  • Cookies that are not defined in the Cookies section and for which no individual section is configured are checked against the following default cookie section: Default:Cookie. Both the individual and the default sections are described in Individual and Default Cookie Parameters.

Cookies Section

The table below describes the parameters in the Cookies section; be sure to read the note that follows before you configure this section. A sample section follows.

HdrRuleSet.ini–Cookies Section Parameters

Parameter Description

Count

Number of cookies for which individual cookie sections are configured in the file.

Cookie#

Cookie definitions: each line defines the sequential number and name of the cookie for which individual check parameters are defined in the file.

Important

IAG checks only cookies that are defined in the Cookies section against the individual cookie sections, first according to the number of cookies defined in the Count parameter, then according to the cookie definitions.

  • If the number of individual cookie sections that are defined in the file exceeds the number defined in the Cookies section either in the Count parameter or in the cookie definitions, IAG ignores the excessive cookie sections and checks the cookies against the default cookie parameters.

  • If the number of cookies defined in this section—either in the Count parameter or in the cookie definitions—exceeds the number of cookie sections, IAG will not check any cookies.

For Example :

  • If Count = 2 and Cookie1 and Cookie2 are defined in this section, only the cookies that are configured in the first two individual cookie sections will be checked against their sections. Additional cookies will be checked against the default section, even if an individual cookie section is configured in the file for them.

  • If Count = 1 and Cookie1 and Cookie2 are defined in this section, only the cookie that is configured in the first individual cookie section will be checked against the individual section.

  • If Cookie1 and Cookie2 are defined in the Cookies section but an individual cookie section is defined for Cookie1 only, no cookies will be checked.

A sample Cookies section:

[Cookies]

Count=1

Cookie1=UID

The table below lists the parameters against which cookies are checked once they pass the checks defined in the General section; sample sections follow. All the parameters that are described in the table have to appear in each cookie section; they also appear in the Default section.

By default, the file HdrRuleSet.ini holds the following cookie section:

  • UID—configuration of the UID cookie.

For each specific cookie section you add to the file, you have to configure the Cookies section, accordingly.

HdrRuleSet.ini–Individual and Default Cookie Parameters

Parameter Description

Length

Length of the cookie value, in characters. The value defined here cannot exceed the value defined in the General section.

Type

Type of cookie value:

  • Integer

  • Real

  • String

Value

Depends on the cookie value type, as defined in Type, as follows:

  • For strings, enter a regular expression that defines the acceptable values. For a description of regular expressions, refer to Appendix B: “Regex++, Regular Expression Syntax”.

  • For Integer and Real parameters, use a comma to separate values, and use a colon to represent a range of values.

AllowedAppearances

Not applicable

Sample cookie sections, including the Default cookie section:

[UID]

Length=200

Type=String

Value=.*

AllowedAppearances=1

[Default:Cookie]

Length=200

Type=String

Value=.*

AllowedAppearances=1

.