Presence of L7-Policy-URL header in failed requests
search cancel

Presence of L7-Policy-URL header in failed requests


Article ID: 42917


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway



The Layer 7 Gateway may return a certain header in a SOAP Fault Response when a published service request fails due to policy violations. You may see the "L7-Policy-URL" header in the response from the Gateway. This header contains a URL that makes the published service policy available to external entities.?This behavior is caused by the Customize SOAP Fault Response assertion. This is useful for troubleshooting or debugging policy violations by allowing a developer to download the published service policy for inspection.

In a production environment, it may be undesirable to allow all parties access to the full policy and we would recommend that this behavior be disabled in production. Disabling this behavior can be done via the Layer 7 Policy Manager. To do so:

  1. Log into the Layer 7 Policy Manager as a user able to edit the policy returning the undesirable?header.
  2. Open the published service policy for editing.
  3. Locate the "Customize SOAP Fault Response" assertion returning the SOAP fault with the undesirable header.
  4. Open the assertion properties.
  5. Uncheck "Include the policy download URL..."
  6. Close the assertion properties.
Once modified, you can send another request to the published service in the same manner that failed originally and see that the L7-Policy-URL header is no longer present when a SOAP Fault is returned by that policy.


Component: APIGTW