Define Application: Proxy
Define Application: Proxy
The Identity-Aware Web Application Firewall acts as an HTTP-proxy. In doing to, it can inject an identity-flow (authentication on behalf of) as well as rewrite/rework various HTTP constructs to make them accurate relative to an external environment.
Typically there is no configuration required in this section, however, you may use it to tweak for individual applications as needed.
Include User Context Headers
If the ‘Include User Context Headers’ is set, several headers are added to the request, allowing the upstream web server to infer user and role. these include:
{
"headers": {
"Remote-Org-Id": "5kX8JJdQ3CzXXXXXXXX",
"Remote-User": "user@agilicus.com",
"Remote-User-Id": "XGMKWs5SXXXXXX",
"X-Agilicus-External-Id": "-",
"X-Agilicus-Member-Of": "[\"wiki-editors\"]",
"X-Gateway-Org": "5kX8JJdQ3CzXXXXXXXX",
"X-Gateway-Primary-Role": "self",
"X-Gateway-Roles": "{\"httpbin\":[\"self\"],\"urn:api:agilicus:users\":[\"self\"]}",
"X-Gateway-Tokenid": "Hwx6vUZPXXXXXXXX",
"X-Gateway-User": "XGMKWs5SXXXXXX",
"X-Gateway-User-Email": "user@agilicus.com",
"X-Roles-Matched": "true",
"X-Token-Valid": "true"
}
}
HTTP Media Type Rewrite
It is common for certain body documents to have embedded components linking to the internal name of the host. This could include a JSON search result, showing http://internal instead of https://external.example.com, it could include XML, HTML, CSV, etc.
In this section, we can add specific Media (MIME) types. If they are set, the contents will be rewritten to match the external coordinates.

HTTP (Host) Names Rewrite
The internal host may have multiple names. This can occur with e.g. virtual machines (‘intranet’ is also ‘vweb01’) and these names internally might be used interchangeably. In this section we add a set of hosts that, if present, will be rewritten to the external name.

HTTP Response Header Overrides
Set Header
This allows setting an arbitrary header to an arbitrary value.
Append Header
This allows appending a value to an existing response header.
Remove Header
This will remove a header from the response. It may be used to e.g. remove private internal information or version leakage.
Remove Match
This feature allows removing entire header lines matching some criteria. If your response included:
Host: foobar
Host: foo
Then, if we put in ‘Name’: ‘Host’ and value ‘foo’, both lines are removed. If we put in value ‘bar’ only the first line is removed. A regex is allowed here, so we could put in e.g. ‘fo.*’.
Parameter Rewrite Filter
This feature allows overwriting specific GET parameters. E.g. if the URL is https://www?foo=bar, you can rewrite this to foo=baz. It also allows deflate (e.g. decompress) and base64-encoded.
HTTP Request Header Overrides
The Request Overrides operate in the same fashion as the Response Overrides.
Proxied Service Configuration
This field should not be used in normal circumstances. It allows proxying to an external host (e.g. for demonstration purposes).
Related Configuration
Return to Product Configuration
- VNC Desktop
- Agilicus Connector – NanoPI R5S
- Agilicus AnyX Product Updates
- Agilicus Connector – Microsoft Windows
- Sign-In Errors
- Time Synchronisation
- Locked-Down Networks Certificate Revocation
- Signup: Firewall Configuration
- Geo-Location-Based Access Control
- Agilicus Connector Sign-In
- Resources – Overview, Concepts
- Connect to VTScada – Adding a Web Application
- Web Application Security
- Administrative Users
- Define Application: Proxy
- Authorisation rules
- Real VNC & Raspberry Pi
- Connector Install: Raspberry Pi
- Kubernetes Connector Install
- Linux, FreeBSD, Embedded Connector Install
- Connector Install: Ubiquity EdgeRouter X
- Audit Destinations
- Agilicus Connector Install: MikroTik RouterOS
- Connector Install: Netgate SG-1100 pfSense
- Identity Group Mapping
- Billing
- Auto-Create Users From Specific Domain With Google Workplace
- Organisation
- Authentication Audit
- Authentication Issuer – Custom Identity
- Signup
- Microsoft ClickOnce
- Groups
- Agilicus Connector Windows Cluster
- Launchers
- Forwarding
- Usage Metrics
- Service Accounts
- Identity & Authentication Methods
- Content Security Policy
- Users
- Sign-In Theming
- Sign in With Apple
- Azure Active Directory
- Sign in With Microsoft
- Agilicus Launcher (Desktop)
- Agilicus-Connector
- Zero-Trust SSH Access
- Theory of Operation: CNAME + DOMAIN
- Zero-Trust Desktop Access
- Command Line API Access
- Applications
- Permissions
- Profile
- Multi-Factor Authentication
- Authentication Rules
- Application Request Access
- OpenWRT Connector Install
- Synology Connector Install
- Authentication Clients
- Authentication Rules
- Shares
- Services
- Resource Permissions
- Resource Groups
- Legacy Active Directory