Creating a Custom Header Resource Policy

By default, the rewriting engine only sends selected custom headers to browsers (clients) and backend servers. You can use custom header resource policies, however, to allow or deny custom headers for specific resources.

Note that custom header resource policies do not control standard HTTP headers such as Content-Type.

To write a custom header resource policy:

1.In the admin console, choose Users > Resource Policies > Web.

2.If your administrator view is not already configured to show rewriting policies, make the following modifications:

  1. Click the Customize button in the upper right corner of the page.
  2. Select the Rewriting check box.
  3. Select the Custom Headers check box below the Rewriting check box.
  4. Click OK.

3.Select the Rewriting > Custom Headers tab.

4.On the Custom Header Policies page, click New Policy.

5.Enter a name to label this policy (required) and a description of the policy (optional).

6.In the Resources section, specify the resources to which this policy applies.

7.In the Roles section, specify:

Policy applies to ALL roles - To apply this policy to all users.

Policy applies to SELECTED roles - To apply this policy only to users who are mapped to roles in the Selected roles list. Make sure to add roles to this list from the Available roles list.

Policy applies to all roles OTHER THAN those selected below - To apply this policy to all users except for those who map to the roles in the Selected roles list. Make sure to add roles to this list from the Available roles list.

8.In the Action section, specify:

Allow Custom Headers - Select this option to prevent the system from blocking the headers to browsers (clients) and backend servers.

Deny Custom Headers - Select this option to use the default custom header behavior on the system. When you select this option, the system blocks custom headers for added security.

Use Detailed Rules - To specify one or more detailed rules for this policy.

9.Click Save Changes.

10.On the Web Rewriting Policies page, order the policies according to how you want to evaluate them. Keep in mind that once the system matches the resource requested by the user to a resource in a policy's (or a detailed rule's) Resource list, it performs the specified action and stops processing policies.