Early Request Validator rule

Rule to perform generic validation steps on requests before authentication

Performs generic validation steps on requests before authentication and returns customized responses. You can use this rule independently or together with the Authorized Request Validator rule rule. For example, if a task requires a particular HTTP header, this rule can validate the header before incurring the cost of executing the pipeline. Although both rules have the same configuration options, they execute at different times:
  • The Early Request Validator rule executes before authentication.
  • The Authorized Request Validator rule executes after authorization.

Rule fields include:

Field Description
When this rule should be applied An expression that defines one or more conditions that must be true for the rule to execute.

Example: The expression request.method == "POST" causes the rule to execute only on POST requests.

Validation Checks Checks to perform on the request.
Condition An expression that should return true to abort the request.
Note:

You can't use the request.remoteUser or request.isUserInRole() functions with the Early Request Validator rule, which is applied before authentication. Instead, use the Authorized Request Validator rule and set the Condition parameter to the Boolean returned by these functions.

Default value: False

Example: isNaN(parseInt(request.headers['X-My-Header']))
Status The HTTP Status code to use in the response.

Default value: 400 (Bad Request)

Example: 413 (Request Entity Too Large)
Response

Example:

To return a custom HTML page:

{
    'Content-Type': 'text/html',
    entity: 'Bad request, see <a href="https://doc.example.com">here</a> for more details'
}

To return a Location header for a 3xx status code:

{
		Location: 'http://example.com/other'
}
Description

A customizable description. Default value: Requests are being validated against specified rule