The Header Allow/Deny Policy allows the user to control which incoming requests may be forwarded to the backend service. Permission is granted by adding values for a header.

When a request is received, the policy examines the HTTP headers. The configured rules are applied using a regular expression against the names and values. If these are permitted, the request is passed unmodified to the backend API. If they are not allowed, an HTTP 403 response is returned and the call to the backend service is not executed.

Configuration Options

Basic Configuration

Option	Description	Possible Values	Default
Header Name	Name of the HTTP header, e.g. Host	a string	-
Allow request if header is missing	Determines whether the request is accepted if a header is missing.	true false	false
Allow request if no rules match	Determines whether the request is considered if no rule applies.	true false	false
Rules
Allow request if value matches	Determines whether the request is considered if the value applies.	true false	false
Header Value Regex	Defines the header value. You can enter multiple regular expressions, use the button to add a new line and button to remove a line from the list. The regular expressions are processed in the displayed order from top to bottom. Use the buttons and to reorder the list. Regular expressions must be written in Java syntax.	a string	-
Click Add to create more rows in the table. Click Delete to remove selected rows.

On this Page:

Related Pages:

Policies
- Attaching Policies

Page tree

HEADERALLOWDENY

Configuration Options

Basic Configuration