Each policy element defines an access policy for a given URL pattern. The pattern is specified by means of the url
For each incoming request, the proxy applies the policy with the best URL match. If no matching policy is found, the proxy refuses the request. If a policy is found, the subelements of the policy element are applied to check whether or not the request can be accepted.
The following subelements are defined:
This element is mandatory. Use it to define the list of HTTP methods that can be used to access resources in the target domain. These HTTP methods are GET, HEAD, POST, PUT, DELETE. The proxy denies requests that use HTTP methods that are not on this list. Specify each HTTP method by using a separate method element. headers
This element is optional. Use it to define the list of header names that you want the proxy to forward to the target domain. Specify each header name by using a separate header element. The header names can include wildcard characters. If you do not define any headers, the proxy forwards a set of default headers that match the following name expressions: Cache-Control, Pragma, User-Agent, Accept*, and Content*. cookies
Note: If you define a new header, the proxy does not forward any of the default headers, and you must specify all the headers that you need. Also, if you want to forward only a portion of the default headers, you must define at least one new header and then specify the default headers that you want to forward using User-Agent.
Note: The value Cookies is not allowed. Use the cookies element to specify the cookie-forwarding behavior for the policy instead.
This element is optional. Use it to define a list of cookie names that identify the cookies that you want the proxy to forward to the target domain. In order to forward cookies, the proxy filters the value of the cookie header according to the defined cookie names. If you do not specify any cookie names, the proxy does not forward any cookies. Specify each cookie name by using a separate cookie element. mime-types
This element is optional. Use it to specify the list of accepted MIME types. The MIME types refer to the response that the proxy receives from the target server. If you specify at least one MIME type, the proxy accepts only responses with a Content-Type response header that matches one of the specified MIME types. If you do not specify a MIME type, the proxy accepts all responses. Specify each MIME type using a separate mime-type element. Using wildcard characters when specifying MIME types can be useful, as servers might append the character encoding to the MIME type. For example, if you specify text/html*, the proxy also accepts responses with Content-Type: text/html; charset=utf-8. users
This element is optional. Use it to define the user roles against which you want the proxy to check the request. If you specify AllAuthenticatedUsers, the proxy verifies that the request was sent by an authenticated user. Otherwise the proxy rejects the request. Specify each user role by using a separate users element.
Parent topic: Configuring elements of proxy-config.xml