Add how-to for configuring XFF handling #279
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
simu
requested changes
Oct 3, 2023
There was a problem hiding this comment.
This page should be part of https://github.com/appuio/managed-openshift-docs (the end-user docs for APPUiO Managed OCP4, available at https://docs.appuio.ch/managed-openshift/) and not kb.vshn.ch/oc4.
|
|
||
| == Annotating the route | ||
|
|
||
| Forwarded header handling is configured by annotating the `Route` object. |
There was a problem hiding this comment.
Probably makes sense to note that the annotations can also be set on Ingress objects which are managed by the ingresstoroute controller
| @@ -0,0 +1,26 @@ | |||
| = Configuring X-Forwarded-For handling | |||
|
|
|||
| This how-to explains how to configure the ingress' handling of the forwarded headers (`Forwarded` and `X-Forwarded-For`) on a per-route basis. | |||
There was a problem hiding this comment.
Suggested change
| This how-to explains how to configure the ingress' handling of the forwarded headers (`Forwarded` and `X-Forwarded-For`) on a per-route basis. | |
| This how-to explains how to customize how the forwarding headers (`Forwarded` and `X-Forwarded-For`) are handled by the OpenShift ingress router on a per-route basis. |
|
|
||
| == Possible behaviours | ||
|
|
||
| * *`append`*: By default, the ingress is configured to append the headers to any existing headers. If `Forwarded` and `X-Forwarded-For` headers are already present when the ingress receives a request, the existing values are preserved, and new values are appended by the ingress. |
There was a problem hiding this comment.
Suggested change
| * *`append`*: By default, the ingress is configured to append the headers to any existing headers. If `Forwarded` and `X-Forwarded-For` headers are already present when the ingress receives a request, the existing values are preserved, and new values are appended by the ingress. | |
| * *`append`*: By default, the OpenShift router is configured to append the headers to any existing headers. | |
| If `Forwarded` and `X-Forwarded-For` headers are already present when the OpenShift router receives a request, the existing values are preserved, and new values are appended by the router. |
| == Possible behaviours | ||
|
|
||
| * *`append`*: By default, the ingress is configured to append the headers to any existing headers. If `Forwarded` and `X-Forwarded-For` headers are already present when the ingress receives a request, the existing values are preserved, and new values are appended by the ingress. | ||
| * *`replace`*: If forwarded header handling is set to `replace`, any existing forwarded headers are discarded. Only the headers set by the ingress will be available. |
There was a problem hiding this comment.
Suggested change
| * *`replace`*: If forwarded header handling is set to `replace`, any existing forwarded headers are discarded. Only the headers set by the ingress will be available. | |
| * *`replace`*: If forwarded header handling is set to `replace`, any existing forwarded headers are discarded. | |
| Only the headers set by the OpenShift router will be available. |
|
|
||
| == Possible behaviours | ||
|
|
||
| * *`append`*: By default, the ingress is configured to append the headers to any existing headers. If `Forwarded` and `X-Forwarded-For` headers are already present when the ingress receives a request, the existing values are preserved, and new values are appended by the ingress. |
There was a problem hiding this comment.
Consider using the following formatting:
Suggested change
| * *`append`*: By default, the ingress is configured to append the headers to any existing headers. If `Forwarded` and `X-Forwarded-For` headers are already present when the ingress receives a request, the existing values are preserved, and new values are appended by the ingress. | |
| `append`:: By default, the ingress is configured to append the headers to any existing headers. If `Forwarded` and `X-Forwarded-For` headers are already present when the ingress receives a request, the existing values are preserved, and new values are appended by the ingress. |
|
|
||
| * *`append`*: By default, the ingress is configured to append the headers to any existing headers. If `Forwarded` and `X-Forwarded-For` headers are already present when the ingress receives a request, the existing values are preserved, and new values are appended by the ingress. | ||
| * *`replace`*: If forwarded header handling is set to `replace`, any existing forwarded headers are discarded. Only the headers set by the ingress will be available. | ||
| * *`never`*: If forwarded header handling is set to `never`, the ingress will never set these headers, and leave any existing headers untouched. |
There was a problem hiding this comment.
Suggested change
| * *`never`*: If forwarded header handling is set to `never`, the ingress will never set these headers, and leave any existing headers untouched. | |
| * *`never`*: If forwarded header handling is set to `never`, the OpenShift router will never set these headers, and leave any existing headers untouched. |
| * *`append`*: By default, the ingress is configured to append the headers to any existing headers. If `Forwarded` and `X-Forwarded-For` headers are already present when the ingress receives a request, the existing values are preserved, and new values are appended by the ingress. | ||
| * *`replace`*: If forwarded header handling is set to `replace`, any existing forwarded headers are discarded. Only the headers set by the ingress will be available. | ||
| * *`never`*: If forwarded header handling is set to `never`, the ingress will never set these headers, and leave any existing headers untouched. | ||
| * *`if-none`*: If forwarded header handling is set to `if-none`, the ingress will only set the headers if they're not already present. If any headers are present, they're left unchanged. |
There was a problem hiding this comment.
Suggested change
| * *`if-none`*: If forwarded header handling is set to `if-none`, the ingress will only set the headers if they're not already present. If any headers are present, they're left unchanged. | |
| * *`if-none`*: If forwarded header handling is set to `if-none`, the OpenShift router will only set the headers if they're not already present. | |
| If any headers are present, they're left unchanged. |
|
Closed in favor of appuio/managed-openshift-docs#7 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.