Transform policies modify requests and responses as they flow through your Cloudmersive Reverse Proxy Server. You can add multiple transform policies to a single reverse proxy server and each policy operates independently. Transform policies can rewrite URLs, modify headers, control redirects, manage cookies, and alter response content.

Overview

The following transform policies are available:

Redirect

• Transform Redirect
• Response Redirect on Request Path
• HTTP to HTTPS Redirect

Header Management

• Remove Response Header
• Remove All Request Headers
• Set Response Header
• Set Request Header
• Replace (Conditionally) Request Header
• Host Header Override

URL Rewriting

• Request URL Replace
• Request URL Append
• Default Document Request Rewrite

Response Modification

• Response Content Replace
• Response Insert Head Tag

Cookie Management

• Remove Cookie Domain
• Set Cookie Domain

CORS

• CORS Response

Routing

• Target Server Override

Each policy is described in detail in the sections below, including its purpose and configuration parameters.

Common Configuration Parameters

Every transform policy supports the following common configuration parameters:

• Match Host - Optional. An exact host name to match against. When specified, the policy only applies to requests matching this host. Leave blank to apply to all hosts.
• Match Path (Exact) - Optional. An exact path to match against. When specified, the policy only applies to requests matching this path. Leave blank to apply to all paths.
• Transform Mode - Controls how the transform is applied: Streaming processes the response as it is received, while Complete waits for the full response before applying the transform. Default: Complete.

Redirect Policies

Transform Redirect

Rewrites redirect responses (e.g., 301, 302) from the backend server by replacing components of the redirect location URL such as the scheme, host, port, and path.

Policy-Specific Parameters:

• Match Path (Substring) - Optional. A substring partial path to match against.
• New Scheme - Optional. New scheme/protocol value (e.g., https://) to replace the existing scheme in the redirect location.
• New Host - Optional. New host value (e.g., www.mywebsite.com) to replace the existing host in the redirect location.
• New Port - Optional. New port value (e.g., 80) to replace the existing port in the redirect location.
• New Path (Full Path) - Optional. New fully-qualified path value (e.g., /home/index.html) to replace the existing path in the redirect location.
• New Path (Substring Replace) - Optional. New substring replacement of the matched substring path value in the redirect location.
• Clear Response Content Body on Redirect - When enabled, clears the response body content on redirect. Recommended.

Response Redirect on Request Path

Issues a redirect response to the client based on matching the incoming request path. Supports the same redirect location rewriting parameters as the Transform Redirect policy.

Policy-Specific Parameters:

• Match Path (Substring) - Optional. A substring partial path to match against.
• New Scheme - Optional. New scheme/protocol value (e.g., https://) to replace the existing scheme in the redirect location.
• New Host - Optional. New host value (e.g., www.mywebsite.com) to replace the existing host in the redirect location.
• New Port - Optional. New port value (e.g., 80) to replace the existing port in the redirect location.
• New Path (Full Path) - Optional. New fully-qualified path value (e.g., /home/index.html) to replace the existing path in the redirect location.
• New Path (Substring Replace) - Optional. New substring replacement of the matched substring path value in the redirect location.
• Clear Response Content Body on Redirect - When enabled, clears the response body content on redirect. Recommended.

HTTP to HTTPS Redirect

Automatically redirects all HTTP requests to HTTPS by rewriting the scheme. No additional configuration is required beyond the common parameters.

Policy-Specific Parameters: None (uses common parameters only).

Header Management Policies

Remove Response Header

Removes a specific header from the backend server's response before it is returned to the client.

Policy-Specific Parameters:

• Header Name - Required. The name of the response header to remove.

Remove All Request Headers

Removes all headers from the incoming request before forwarding it to the backend server. This is useful for stripping client-provided headers in environments where you want full control over what headers reach the origin.

Policy-Specific Parameters: None (uses common parameters only).

Set Response Header

Adds or overwrites a header on the response before it is returned to the client.

Policy-Specific Parameters:

• Header Name - Required. The name of the response header to set.
• Header Value - Required. The value of the response header to set.

Set Request Header

Adds or overwrites a header on the incoming request before it is forwarded to the backend server.

Policy-Specific Parameters:

• Header Name - Required. The name of the request header to set.
• Header Value - Required. The value of the request header to set.

Replace (Conditionally) Request Header

Conditionally replaces a request header value. Only applies the replacement when the current header value matches a specified match value.

Policy-Specific Parameters:

• Header Name - Required. The name of the request header to target.
• Header Match Value - Required. The current value of the header that must match for the replacement to occur.
• Header Replacement Value - Required. The new value to set on the header when the match value is found.

Host Header Override

Overrides the Host header on the request before it is forwarded to the backend server. This is useful when the backend server requires a specific Host header value that differs from the public-facing hostname.

Policy-Specific Parameters:

• New Host Name - Required. The new host name value to set in the Host header.

URL Rewriting Policies

Request URL Replace

Performs a find-and-replace on the request URL before forwarding to the backend server. Supports both substring and exact matching modes.

Policy-Specific Parameters:

• Match Mode - The matching strategy to use: Substring Match or Exact Match.
• Match String - Required. The string to match against in the original request URL.
• Replacement String - Required. The string to replace the matched string with in the new request URL.
• URL Substring Anti-Match - Optional. A list of URL substrings (one per line) that will prevent a match. If the request URL contains any of these substrings, the replacement will not be applied.

Request URL Append

Appends a string to the end of the request URL before forwarding to the backend server.

Policy-Specific Parameters:

• String to Append to URL - Required. The string to append to the request URL.

Default Document Request Rewrite

Rewrites requests for the root path or directory to a specified default document path. This is useful for serving a default page (e.g., index.html) when a directory is requested.

Policy-Specific Parameters:

• Default Document Path - The path to the default document (e.g., /index.html).

Response Modification Policies

Response Content Replace

Performs a find-and-replace on the response body content before it is returned to the client. Useful for rewriting URLs, hostnames, or other content within HTML or other text-based responses.

Policy-Specific Parameters:

• Target Content to Match - The content string to search for in the response body.
• Replacement Content - The content string to replace matched content with.
• Content Types - Optional. A list of Content-Type values to match against (one per line). Leave blank to match all content types.

Response Insert Head Tag

Inserts additional HTML content between the <Head> and </Head> tags in HTML responses. Non-HTML responses are not modified. This is useful for injecting analytics scripts, meta tags, or stylesheets.

Policy-Specific Parameters:

• Insert Head Tag - The HTML content to insert within the <Head> tag of HTML pages.

Cookie Management Policies

Remove Cookie Domain

Removes the domain attribute from Set-Cookie response headers. This is useful when the backend server sets cookies with a domain that differs from the public-facing domain of the proxy.

Policy-Specific Parameters: None (uses common parameters only).

Set Cookie Domain

Overrides the domain attribute on Set-Cookie response headers with a new domain value.

Policy-Specific Parameters:

• New Cookie Domain - The new domain value to set on Set-Cookie response headers.

CORS Policies

CORS Response

Adds Cross-Origin Resource Sharing (CORS) headers to responses, enabling browser-based cross-origin requests to your application.

Policy-Specific Parameters:

• Access Mode - The CORS access mode. Options: Allow All Requests.
• Access Control Allow Origin - The value for the Access-Control-Allow-Origin response header (e.g., * or a specific origin).
• Access Control Allow Headers - The value for the Access-Control-Allow-Headers response header (e.g., Content-Type, Authorization).
• Access Control Allow Credentials - The value for the Access-Control-Allow-Credentials response header (e.g., true).
• Access Control Allow Methods - The value for the Access-Control-Allow-Methods response header (e.g., GET, POST, PUT, DELETE, OPTIONS).
• Origin - The origin value to match against for CORS processing.

Routing Policies

Target Server Override

Overrides the destination backend server for matching requests, routing them to a different target server. This enables advanced routing scenarios such as splitting traffic across multiple backend servers based on URL patterns.

Policy-Specific Parameters:

• New Target Server - The new target server base path (e.g., https://myorigin2.mydomain.com).
• Match if any URL substrings do match - When enabled, the override activates if the request URL contains any of the specified substrings.
• URL Substring Inclusions - A list of URL substrings (one per line) that trigger the override when matched.
• Match if all URL substrings do not match - When enabled, the override activates if the request URL does not contain any of the specified substrings.
• URL Substring Exclusions - A list of URL substrings (one per line) that prevent the override when matched.