The Header Allow/Deny Policy allows the user to control which incoming requests may be forwarded to the backend service. Permission is granted by adding values for a header.
When a request is received, the policy examines the HTTP headers. The configured rules are applied using a regular expression against the names and values. If these are permitted, the request is passed unmodified to the backend API. If they are not allowed, an HTTP 403 response is returned and the call to the backend service is not executed.
Configuration Options
Option
Description
Possible Values
Default
Header Name
Name of the HTTP header, e.g. Host
Any string.
-
Allow request if header is missing
Determines whether the request is considered if a header is missing.
true/false
false
Allow request if no rules match
Determines whether the request is considered if no rule applies.
true/false
false
Header Rules
Allow request if value matches
Determines whether the request is considered if the value applies.