WSO2EI: Preventing HTTP headers in HTTP responses

Posted by Philip Akyempon on 1 Nov, 2018

Guidelines for the administration of WSO2 products includes security1 recommendation for the production environment.  An advice is to update the default “Server” value of the product to prevent exposing information about the WSO2 product stack through HTTP header responses. I think this recommendation should apply to HTTP headers from ‘actual’ backend services as well. In this blog post, I will demonstrate how to prevent the exposure of backend services HTTP headers in WSO2 EI proxy responses. I shall also show how the solution can interfere with a requirement of a SOAPv1.2 proxy service.

Read More

Topics: SOAP, WSO2 EI, Axis2, Web Service Security, HTTP Headers

WS-Security: Signing of messages

Posted by Jan Timmerman on 14 Dec, 2017

Our friend Rob Blaauboer already produced a nice blog about securing proxies in WSO2 on a transport level. 

This time we’re going to discuss a less commonly used property. How to sign SOAP messages on the message level according to the WS-Security signing and encryption.

Read More

Topics: WSO2, SOAP

From REST to SOAP in WSO2 ESB and WSO2 API Manager

Posted by Rob Blaauboer on 15 Jun, 2017

The WSO2 Enterprise Service Bus allows you to connect systems that normally would not be able to communicate. This inability comes for instance from a perspective that the systems do not speak each other’s language.

An example: system A has a client number consisting of 6 digits where system B has 8 digits. Or of course any permutation of this or a host of other issues that hinder communication. In this WSO2 Tutorial we will show you how to create a REST to SOAP in WSO2 ESB and WSO2 API manager

Read More