Define content management policies
    • PDF

    Define content management policies

    • PDF

    Article summary

    You can use Glasswall Halo to achieve seamless process flow optimisation, empowering you to efficiently manage content management policies.

    Why Content Management?

    By defining content management policies, or policies for short, you can use a powerful set of configuration flags that control the treatment of files and their contents during the CDR process.

    In diverse system scenarios, the need for varying content management flags can arise. Glasswall Halo's flexibility allows you to apply different sets of flags for each situation, accommodating multiple use cases within a single system and efficiently handling edge case scenarios without manual intervention.

    You can also manage policies programmatically, eliminating the overhead of storing and maintaining changes between versions. With a unified integration point, you can easily manage policies by name and effortlessly request file rebuilds, streamlining your processes and reducing the amount of code needed for executing requests against Glasswall Halo.

    API Documentation

    To use a defined policy in a request, you have two options.

    • You can create a named policy using the provided API calls.
    • Or if you prefer a more straightforward approach, you can directly use the default policy that comes pre-installed with all Glasswall Halo installations.
      • Managing the default policy is easy through the Glasswall Halo portal, which offers a user-friendly interface to customize it according to your needs.
      • By setting the default policy through the portal, it will automatically be utilised in any API call for file rebuilding, provided that a dynamic or named policy is not explicitly specified.

    For more information please refer to our API Documentation.

    API Authentication

    Learn how to authenticate Glasswall Halo

    Glasswall Halo Events

    1. To create a new policy, use the following API call in the Policy Management API, with your desired policy settings in the Request body.

      POST api/v1/policies/{policyname}
      
      {
          "policySettings":{
               "PdfContentManagement":{
               "Acroform":1,
               "ActionsAll":1,
               "EmbeddedFiles":1,
               "EmbeddedImages":1,
               "ExternalHyperlinks":1,
               "InternalHyperlinks":1,
               "Javascript":1,
               "Metadata":1,
               "Watermark":"",
               "DigitalSignatures":1,
               "ValueOutsideReasonableLimits":1,
               "RetainExportedStreams":1
            },
            "WordContentManagement":{
               "DynamicDataExchange":1,
               "EmbeddedFiles":1,
               "EmbeddedImages":1,
               "ExternalHyperlinks":1,
               "InternalHyperlinks":1,
               "Macros":1,
               "Metadata":1,
               "ReviewComments":1
            },
            "ExcelContentManagement":{
               "DynamicDataExchange":1,
               "EmbeddedFiles":1,
               "EmbeddedImages":1,
               "ExternalHyperlinks":1,
               "InternalHyperlinks":1,
               "Macros":1,
               "Metadata":1,
               "ReviewComments":1,
               "Connections":1
            },
            "PowerPointContentManagement":{
               "EmbeddedFiles":1,
               "EmbeddedImages":1,
               "ExternalHyperlinks":1,
               "InternalHyperlinks":1,
               "Macros":1,
               "Metadata":1,
               "ReviewComments":1
            },
            "ArchiveConfig":{
               "bmp":1,
               "doc":1,
               "docx":1,
               "emf":1,
               "gif":1,
               "jpeg":1,
               "wav":1,
               "elf":1,
               "pe":1,
               "mp4":1,
               "mpg":1,
               "pdf":1,
               "png":1,
               "ppt":1,
               "pptx":1,
               "tiff":1,
               "wmf":1,
               "xls":1,
               "xlsx":1,
               "mp3":1,
               "rtf":1,
               "coff":1,
               "macho":1,
               "unknown":1
            },
            "SvgConfig":{
               "ForeignObjects":1,
               "Hyperlinks":1,
               "Scripts":1
            },
            "WebpConfig":{
               "Metadata":1
            },
            "TiffConfig":{
               "GeoTiff":1
            }
          }
      }
      
    2. If you prefer not to create a new policy but instead update the existing default policy, you can do this by sending the new policy settings in the Request body to the following endpoint:

      PUT api/v1/policies/default
      
    3. Once you have successfully created or edited your policy, you can use it in your requests within Glasswall Halo. Refer to the next section to learn how to apply a specific policy to a rebuild request.

    By following these steps, you can easily manage policies and tailor them to suit your requirements in Glasswall Halo.

    Request Construction

    Glasswall Halo offers three ways to use policies:

    • Default
    • Named
    • Dynamic

    Each approach can be applied to specific CDR Endpoints:

    Default Policy

    The default policy is the pre-installed policy that comes with Glasswall Halo. While it can be edited, if no other policy is specified in the request, this default policy is used during file processing. If the Policy Management API is not available, a "sanitise all" policy is applied as a fallback – applying the most restrictive policy possible. Sending a request to the following endpoints without content management flags in the Request body will apply the default policy to the processing:

    POST api/v3/cdr-file
    POST api/v3/cdr
    

    Named Policy

    When using a named policy, you submit a request with the policy name as a query parameter in the URL. The platform will then look up the named policy, which should have been previously created, and apply it accordingly.

    To achieve this, send requests to the following URLs:

    POST api/v3/cdr-file?policyName={policyname}
    POST api/v3/cdr?policyName={policyname}
    

    As the default policy is essentially a named policy, you can pass 'default' as the query parameter value to apply the default policy during processing.

    Dynamic Policy

    The dynamic policy refers to passing the policy settings directly at the time of the request. You can make a request to the following URLs and include the Content Management Flags as part of the Request body to apply those specific settings during file processing. A dynamic policy takes precedence over any other policy if a policy name is also provided.

    POST api/v3/cdr-file
    POST api/v3/cdr
    
    {
       "ContentManagementFlags":{
          "PdfContentManagement":{
             "Acroform":1,
             "ActionsAll":1,
             "EmbeddedFiles":1,
             "EmbeddedImages":1,
             "ExternalHyperlinks":1,
             "InternalHyperlinks":1,
             "Javascript":1,
             "Metadata":1,
             "Watermark":"",
             "DigitalSignatures":1,
             "ValueOutsideReasonableLimits":1,
             "RetainExportedStreams":1
          },
          "WordContentManagement":{
             "DynamicDataExchange":1,
             "EmbeddedFiles":1,
             "EmbeddedImages":1,
             "ExternalHyperlinks":1,
             "InternalHyperlinks":1,
             "Macros":1,
             "Metadata":1,
             "ReviewComments":1
          },
          "ExcelContentManagement":{
             "DynamicDataExchange":1,
             "EmbeddedFiles":1,
             "EmbeddedImages":1,
             "ExternalHyperlinks":1,
             "InternalHyperlinks":1,
             "Macros":1,
             "Metadata":1,
             "ReviewComments":1,
             "Connections":1
          },
          "PowerPointContentManagement":{
             "EmbeddedFiles":1,
             "EmbeddedImages":1,
             "ExternalHyperlinks":1,
             "InternalHyperlinks":1,
             "Macros":1,
             "Metadata":1,
             "ReviewComments":1
          },
          "ArchiveConfig":{
             "bmp":1,
             "doc":1,
             "docx":1,
             "emf":1,
             "gif":1,
             "jpeg":1,
             "wav":1,
             "elf":1,
             "pe":1,
             "mp4":1,
             "mpg":1,
             "pdf":1,
             "png":1,
             "ppt":1,
             "pptx":1,
             "tiff":1,
             "wmf":1,
             "xls":1,
             "xlsx":1,
             "mp3":1,
             "rtf":1,
             "coff":1,
             "macho":1,
             "unknown":1
          },
          "SvgConfig":{
             "ForeignObjects":1,
             "Hyperlinks":1,
             "Scripts":1
          },
          "WebpConfig":{
             "Metadata":1
          },
          "TiffConfig":{
             "GeoTiff":1
          }
       }
    }
    

    By understanding and utilising these three policy approaches, you can effectively tailor Glasswall Halo's behaviour to meet your specific requirements during file processing.

    Response Handling

    As part of the response, you will receive not only the processed file as an output but also a set of headers. Among these headers, one key header is of particular interest: x-applied-policy. Viewing this header allows you to determine which policy was applied during the processing. The x-applied-policy header can take on the following values:

    • (name) the named policy that was applied
    • default the configured default policy was applied
    • service-dynamic a dynamic policy was submitted with the request and applied
    • glasswall-fallback the fallback policy was applied since the specified policy was not available

    By checking the value in the x-applied-policy header, you can determine which policy was used to process the file. This information is helpful for tracking and understanding the policy application in Glasswall Halo.

    Summary

    With the capability to apply various policies in different situations, Glasswall Halo empowers you to define policies tailored to your specific needs. By assigning names to these policies, you can seamlessly process different files with distinct rules, based on the business situation or the flow of your application.

    Some potential scenarios where this functionality proves valuable include:

    Email Flow

    In an email flow scenario, you could gain the flexibility to process files differently based on the sender and receiver. By employing named policies, you can define unique rules for files originating from specific senders or destined for particular recipients. This way, you can apply appropriate policies for different email sources and destinations.

    File Upload

    By using named policies, you can create rules tailored to specific IP addresses or ranges, ensuring that files from different sources undergo distinct processing based on their origins.

    User Roles and Permissions

    In a multi-user environment, you may have different user roles with varying levels of access and permissions. Based on the user's role, you might want to apply different policies to files uploaded or processed by them. For example, administrators could have more permissive policies for handling files, while regular users might have stricter policies in place.

    Geographical Locations

    Depending on the geographical location of the user or the server handling file uploads, you may wish to enforce specific policies to comply with local regulations or data protection laws. Different regions may have distinct data privacy requirements, and applying location-based policies ensures compliance with regional laws.

    With these versatile policy management capabilities, you can efficiently handle varying file processing requirements within your application, adapting to different contexts and scenarios. The ability to apply named policies empowers you to optimize file handling and security measures according to the specific needs of your business and the unique circumstances your application encounters.

    Quick Start

    To try Glasswall Halo yourself, please refer to our Quick Start Guide.


    Was this article helpful?