Check HTTP header
Use the check-header policy to enforce that a request has a specified HTTP header. You can optionally check to see if the header has a specific value or check for a range of allowed values. If the check fails, the policy terminates request processing and returns the HTTP status code and error message specified by the policy.
XML<check-header name="header name" failed-check-httpcode="code" failed-check-error-message="message" ignore-case="true"><value>Value1</value><value>Value2</value></check-header>
XML<check-header name="Authorization" failed-check-httpcode="401" failed-check-error-message="Not authorized" ignore-case="false"><value>f6dc69a089844cf6b2019bae6d36fac8</value></check-header>
Name | Description | Required |
| Root element. | Yes |
| Allowed HTTP header value. When multiple value elements are specified, the check is considered a success if any one of the values is a match. | No |
Name | Description | Required | Default |
| Error message to return in the HTTP response body if the header doesn't exist or has an invalid value. This message must have any special characters properly escaped. | Yes | N/A |
| HTTP Status code to return if the header doesn't exist or has an invalid value. | Yes | N/A |
| The name of the HTTP Header to check. | Yes | N/A |
| Can be set to True or False. If set to True case is ignored when the header value is compared against the set of acceptable values. | Yes | N/A |
This policy can be used in the following policy sections and scopes.
Policy sections: inbound, outbound
Policy scopes: all scopes
XML<policies><inbound><check-header name="Authorization" failed-check-httpcode="401" failed-check-error-message="Not authorized" ignore-case="false"><value>f6dc69a089844cf6b2019bae6d36fac8</value></check-header></inbound></policies>
This policy can be used in the inbound policy scopes.
Questions? We're always happy to help with any issues you might have! Send us an email to support@youngapp.co or request the demo with our sales team!
