Skip to main content
Feedback

Strip Headers Policy

Description

  • The Strip Headers policy strips permissible HTTP headers in the backend target service API request/response.
  • API Management needs to cast/strip sensitive info in HTTP header either reaching to target backend server or from backend response.

Usage

  • Sample configuration

    headers:Server

  • Before without Policy, response will contain backend server detail

    < Server: Jetty(8.1.3.v20120522)

  • After applying Policy, backend response will appear as follows.

    < Server: Mashery Proxy>

Design and Implementation

error

note

Implementation Details

  • While pre-processing the request, the Policy retrieves the configured headers in preInput and searches for the configured headers within the target request. If the header is found, the Policy removes that header (key, value pair) from the target request.

  • While post-processing the response, the Policy retrieves the configured headers in postInput and searches for the configured headers within the target response. If the header is found then Policy removes that header (key, value pair) from the target response.

Configuring Endpoint Processing

To configure Strip Header call processing for an endpoint:

  1. From the API Management Control Center dashboard, navigate to Design > API Definitions, then click the desired API definition from the list.

  2. Click an existing endpoint on the Endpoints page.

  3. Click Call Transformations in the left-hand menu.

  4. On the Call Transformations page, specify the following information in these fields:

    1. Processing Adapter: Mashery_Proxy_Processor_StripHeaders

    2. Perform Pre-Processing: Enabled

    3. Data to make available for pre-processing: headers:<comma separated headers field>

      Example:

      headers:Server

error

  1. Click Save when done.
On this Page