Skip to main content
Skip table of contents

Header Allow/Deny

The Header Allow/Deny Policy allows the user to control which incoming requests may be forwarded to the backend service. Permission is granted by adding values for a header.

When a request is received, the policy examines the HTTP headers. The configured rules are applied using a regular expression against the names and values. If these are permitted, the request is passed unmodified to the backend API. If they are not allowed, an HTTP 403 response is returned and the call to the backend service is not executed.

Configuration Options

Option

Description

Possible ValuesDefault
Header Name
Name of the HTTP header, e.g. HostAny string.-
Allow request if header is missingDetermines whether the request is considered if a header is missing.true/falsefalse
Allow request if no rules matchDetermines whether the request is considered if no rule applies.true/falsefalse
Header Rules
Allow request if value matchesDetermines whether the request is considered if the value applies.true/falsefalse
Header Value RegexDefines the header value.Any regex.-
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.