Skip to main content
Skip table of contents

Header Allow/Deny

The Header Allow/Deny Policy allows the user to control which incoming requests may be forwarded to the backend service. Permission is granted by adding values for a header.

When a request is received, the policy examines the HTTP headers. The configured rules are applied using a regular expression against the names and values. If these are permitted, the request is passed unmodified to the backend API. If they are not allowed, an HTTP 403 response is returned and the call to the backend service is not executed.

Configuration Options

header_allow_deny_configuration.png

Basic Configuration

Option

Description

Possible Values

Default

Header Name

Name of the HTTP header, e.g. Host

a string

-

Allow request if header is missing

Determines whether the request is accepted if a header is missing.

  • true

  • false

false

Allow request if no rules match

Determines whether the request is considered if no rule applies.

  • true

  • false

false

Rules

Allow request if value matches

Determines whether the request is considered if the value applies.

  • true

  • false

false

Header Value Regex

Defines the header value.

  • You can enter multiple regular expressions, use the plus button to add a new line and option Delete to remove a line from the list.

  • The regular expressions are processed in the displayed order from top to bottom. Use the arrow buttons to reorder the list.

Regular expressions must be written in Java syntax.

a string

-

Click Add to create more rows in the table. Click Delete to remove selected rows.

Related Pages:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close