Header Allow/Deny

The Header Allow/Deny Policy allows the user to control which incoming requests may be forwarded to the backend service. Permission is granted by adding values for a header.

When a request is received, the policy examines the HTTP headers. The configured rules are applied using a regular expression against the names and values.

If these are permitted, the request is passed unmodified to the backend API.

If they are not allowed, an HTTP 403 response is returned and the call to the backend service is not executed.

Configuration

Option Description Possible Values Default

Header Name

Name of the HTTP header, e.g. Host

Any string.

-

Allow request if header is missing

Determines whether the request is considered if a header is missing.

true/false

false

Allow request if no rules match

Determines whether the request is considered if no rule applies.

true/false

false

Header Rules

Allow request if value matches

Determines whether the request is considered if the value applies.

true/false

false

Header Value Regex

Defines the header value.

Any regex.

-