StaticRequestFilter
Creates a new request, replacing any existing request. The request can include
an entity specified in the entity parameter. Alternatively, the request can
include a form, specified in the form parameter, which is included in an
entity encoded in application/x-www-form-urlencoded format if request method
is POST, or otherwise as (additional) query parameters in the URI. The
form and entity parameters cannot be used together when the method is set
to POST.
Usage
{
"name": string,
"type": "StaticRequestFilter",
"config": {
"method": configuration expression<string>,
"uri": runtime expression<url>,
"version": configuration expression<string>,
"headers": {
configuration expression<string>: [ runtime expression<string>, ... ], ...
},
"form": {
configuration expression<string>: [ runtime expression<string>, ... ], ...
},
"entity": runtime expression<string>
}
}Properties
"method": configuration expression<string>, required-
The HTTP method to be performed on the resource; for example,
GET. "uri": runtime expression<url>, required-
The fully-qualified URI of the resource being accessed; for example,
http://www.example.com/resource.txt.The result of the expression must be a string that represents a valid URI, but is not a real
java.net.URIobject. For example, it would be incorrect to use${request.uri}, which is not a string but a mutable URI. "version": configuration expression<string>, optional-
Protocol version.
Default:
"HTTP/1.1" "headers": map, optional-
One or more headers to set for a request, with the format
name: [ value, … ], where:In the following example, the header name is the value of the system variable defined in
cookieHeaderName. The header value is stored incontexts.ssoToken.value:"headers": { "${application['header1Name']}": [ "${application['header1Value'}" ] }Default: Empty
"form": map, optional-
A form to include in the request and/or
application/x-www-form-urlencodedentity, as name-value pairs, where:When a Request
methodisPOST,formis mutually exclusive withentity.Examples:
-
In the following example, the field parameter names and values are hardcoded in the form:
"form": { "username": [ "demo" ], "password": [ "password" ] } -
In the following example, the values take the first value of
usernameandpasswordprovided in the session:"form": { "username": [ "${session.username[0]}" ], "password": [ "${session.password[0]}" ] } -
In the following example, the name of the first field parameter takes the value of the expression
${application['formName']}when it is evaluated at startup. The values take the first value ofusernameandpasswordprovided in the session:"form": { "${application['formName']}": [ "${session.username[0]}" ], "${application['formPassword']}": [ "${session.password[0]}" ] }Default: Empty
-
"entity": runtime expression<string>, optional-
The message entity body to include in a request.
When a Request
methodisPOST,entityis mutually exclusive withform.Methods are provided for accessing the entity as byte, string, or JSON content. For information, refer to Entity.
Attackers during reconnaissance can use messages to identify information about a deployment. For security, limit the amount of information in messages, and avoid using words that help identify IG. Default: Empty
Example
In the following example, IG replaces the browser’s original HTTP GET request with an HTTP POST login request containing credentials to authenticate to the sample application. For information about how to set up and test this example, refer to the Getting started.
{
"handler": {
"type": "Chain",
"config": {
"filters": [
{
"type": "StaticRequestFilter",
"config": {
"method": "POST",
"uri": "http://app.example.com:8081/login",
"form": {
"username": [
"demo"
],
"password": [
"Ch4ng31t"
]
}
}
}
],
"handler": "ReverseProxyHandler"
}
},
"condition": "${find(request.uri.path, '^/static')}"
}