HeaderRewrites

microgateway.airlock.com/v1alpha1

HeaderRewrites is the Schema for the headerrewrites API

apiVersion: microgateway.airlock.com/v1alpha1
kind: HeaderRewrites
metadata:
  name: ...
spec:
  ...

apiVersion: microgateway.airlock.com/v1alpha1
kind: HeaderRewrites
metadata:
  name: default
spec: 
  settings: 
    operationalMode: Production
  request: 
    allow: 
      matchingHeaders: 
        builtIn: 
          standardHeaders: true
    remove: 
      builtIn: 
        alternativeForwardedHeaders: true
    add: {}
  response: 
    allow: 
      allHeaders: {}
    remove: 
      builtIn: 
        informationLeakage: 
          server: true
          application: true
        auth: 
          basic: false
          ntlm: true
          negotiate: true
        permissiveCors: true
    add: 
      builtIn: 
        xFrameOptions: true
        hsts: true
        hstsPreload: false
        csp: true
        xContentTypeOptions: true
        referrerPolicy: true
        featurePolicy: true

HeaderRewrites

Field Type Description Required Default Allowed Values
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata yes
spec object Specification of the desired header rewriting behavior. no

HeaderRewrites.spec

Field Type Description Required Default Allowed Values
request object Request defines manipulations on upstream request headers. no
response object Response defines manipulations on upstream response headers. no
settings object Settings configures the HeaderRewrites filter. no

HeaderRewrites.spec.request

Field Type Description Required Default Allowed Values
add object Add defines which request headers will be added before forwarding to the upstream. no
allow object Allow defines which request headers will be forwarded to the upstream. This can either be allHeaders or matchingHeaders. Default: matchingHeaders: {…} no matchingHeaders{...} allHeaders{}, matchingHeaders{}
remove object Remove defines which request headers will be removed before forwarding to the upstream. no

HeaderRewrites.spec.request.add

Field Type Description Required Default Allowed Values
custom object[] Custom allows configuring additional upstream request headers. Add selected headers. no

HeaderRewrites.spec.request.add.custom[]

Field Type Description Required Default Allowed Values
headers object[] Headers to add. yes
mode enum Mode defines the header addition strategy. no AddIfAbsent AddIfAbsent, OverwriteOrAdd
name string Name describing the configured operation. yes

HeaderRewrites.spec.request.add.custom[].headers[]

Field Type Description Required Default Allowed Values
name string Name defines the name of a header. yes
value string Value defines the value of a header. yes

HeaderRewrites.spec.request.allow

Field Type Description Required Default Allowed Values
allHeaders object AllHeaders specifies that all request headers should be forwarded. no
matchingHeaders object MatchingHeaders specifies which request headers should be forwarded. no

HeaderRewrites.spec.request.allow.matchingHeaders

Field Type Description Required Default Allowed Values
builtIn object BuiltIn allows configuring a set of predefined upstream request headers. no
custom object[] Custom allows configuring additional upstream request headers. no

HeaderRewrites.spec.request.allow.matchingHeaders.builtIn

Field Type Description Required Default Allowed Values
standardHeaders bool StandardHeaders defines whether the request headers which are forwarded to the upstream will be restricted to a set of common request headers. no true true, false

HeaderRewrites.spec.request.allow.matchingHeaders.custom[]

Field Type Description Required Default Allowed Values
headers object[] Headers to allow. yes
name string Name describing the configured operation. Must be unique. yes

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].headers[]

Field Type Description Required Default Allowed Values
name object Name defines the name of a header. no
value object Value defines the value of a header. no

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].headers[].name

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].headers[].name.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
exact string Exact defines an explicit match on the string specified here. Only one of exact, prefix, suffix, regex or contains can be set. no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used (https://github.com/google/re2/wiki/Syntax). Only one of exact, prefix, suffix, regex or contains can be set. no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].headers[].value

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].headers[].value.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
exact string Exact defines an explicit match on the string specified here. Only one of exact, prefix, suffix, regex or contains can be set. no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used (https://github.com/google/re2/wiki/Syntax). Only one of exact, prefix, suffix, regex or contains can be set. no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no

HeaderRewrites.spec.request.remove

Field Type Description Required Default Allowed Values
builtIn object BuiltIn allows configuring a set of predefined upstream request headers. no
custom object[] Custom allows configuring additional upstream request headers. no

HeaderRewrites.spec.request.remove.builtIn

Field Type Description Required Default Allowed Values
alternativeForwardedHeaders bool AlternativeForwardedHeaders removes downstream request headers which could potentially be abused to alter the upstream’s view of the remote connection: Front-End-Https. no true true, false

HeaderRewrites.spec.request.remove.custom[]

Field Type Description Required Default Allowed Values
headers object[] Headers to remove. yes
name string Name describing the configured operation. Must be unique. yes

HeaderRewrites.spec.request.remove.custom[].headers[]

Field Type Description Required Default Allowed Values
name object Name defines the name of a header. no
value object Value defines the value of a header. no

HeaderRewrites.spec.request.remove.custom[].headers[].name

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.remove.custom[].headers[].name.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
exact string Exact defines an explicit match on the string specified here. Only one of exact, prefix, suffix, regex or contains can be set. no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used (https://github.com/google/re2/wiki/Syntax). Only one of exact, prefix, suffix, regex or contains can be set. no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no

HeaderRewrites.spec.request.remove.custom[].headers[].value

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.remove.custom[].headers[].value.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
exact string Exact defines an explicit match on the string specified here. Only one of exact, prefix, suffix, regex or contains can be set. no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used (https://github.com/google/re2/wiki/Syntax). Only one of exact, prefix, suffix, regex or contains can be set. no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no

HeaderRewrites.spec.response

Field Type Description Required Default Allowed Values
add object Add defines which response headers will be added before forwarding to the downstream. no
allow object Allow defines which response headers will be forwarded to the downstream. This can either be allHeaders or matchingHeaders. Default: allHeaders: {} no allHeaders{...} allHeaders{}, matchingHeaders{}
remove object Remove defines which response headers will be removed before forwarding to the downstream. no

HeaderRewrites.spec.response.add

Field Type Description Required Default Allowed Values
builtIn object BuiltIn allows configuring a set of predefined upstream response headers. no
custom object[] Custom allows configuring additional upstream response headers. no

HeaderRewrites.spec.response.add.builtIn

Field Type Description Required Default Allowed Values
csp bool CSP sets a content security policy which allows only same-origin requests except for images if the ‘Content-Security-Policy’ header is not set by the upstream. no true true, false
featurePolicy bool FeaturePolicy sets a feature policy which prevents cross-origin use of several browser features if the ‘Feature-Policy’ header is not set by the upstream. no true true, false
hsts bool HSTS enforces the use of HTTPS if the ‘Strict-Transport-Security’ header is not already set by the upstream. no true true, false
hstsPreload bool HSTSPreload enforces the use of HTTPS including for subdomains and enables HSTS preload. no false true, false
referrerPolicy bool ReferrerPolicy ensures that no ‘Referer’ header is sent for cross-origin requests if the ‘Referrer-Policy’ header is not set by the upstream. no true true, false
xContentTypeOptions bool XContentTypeOptions sets ‘X-Content-Type-Options’ to ’nosniff’ if it is not set by the upstream. no true true, false
xFrameOptions bool XFrameOptions sets ‘X-Frame-Options’ to SAMEORIGIN if it is not set by the upstream. no true true, false

HeaderRewrites.spec.response.add.custom[]

Field Type Description Required Default Allowed Values
headers object[] Headers to add. yes
mode enum Mode defines the header addition strategy. no AddIfAbsent AddIfAbsent, OverwriteOrAdd
name string Name describing the configured operation. yes

HeaderRewrites.spec.response.add.custom[].headers[]

Field Type Description Required Default Allowed Values
name string Name defines the name of a header. yes
value string Value defines the value of a header. yes

HeaderRewrites.spec.response.allow

Field Type Description Required Default Allowed Values
allHeaders object AllHeaders specifies that all response headers should be forwarded. no
matchingHeaders object MatchingHeaders specifies which response headers should be forwarded. no

HeaderRewrites.spec.response.allow.matchingHeaders

Field Type Description Required Default Allowed Values
builtIn object BuiltIn allows configuring a set of predefined upstream response header. no
custom object[] Custom allows configuring additional upstream response headers. no

HeaderRewrites.spec.response.allow.matchingHeaders.builtIn

Field Type Description Required Default Allowed Values
standardHeaders bool StandardHeaders defines whether the response headers which are forwarded to the downstream will be restricted to a set of common response headers. no false true, false

HeaderRewrites.spec.response.allow.matchingHeaders.custom[]

Field Type Description Required Default Allowed Values
headers object[] Headers to allow. yes
name string Name describing the configured operation. Must be unique. yes

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].headers[]

Field Type Description Required Default Allowed Values
name object Name defines the name of a header. no
value object Value defines the value of a header. no

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].headers[].name

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].headers[].name.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
exact string Exact defines an explicit match on the string specified here. Only one of exact, prefix, suffix, regex or contains can be set. no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used (https://github.com/google/re2/wiki/Syntax). Only one of exact, prefix, suffix, regex or contains can be set. no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].headers[].value

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].headers[].value.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
exact string Exact defines an explicit match on the string specified here. Only one of exact, prefix, suffix, regex or contains can be set. no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used (https://github.com/google/re2/wiki/Syntax). Only one of exact, prefix, suffix, regex or contains can be set. no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no

HeaderRewrites.spec.response.remove

Field Type Description Required Default Allowed Values
builtIn object BuiltIn allows configuring a set of predefined upstream response headers. no
custom object[] Custom allows configuring additional upstream response headers. no

HeaderRewrites.spec.response.remove.builtIn

Field Type Description Required Default Allowed Values
auth object Auth defines the categories of headers concerning authentication. no
informationLeakage object InformationLeakage defines the categories of headers concerning information leakage. no
permissiveCors bool PermissiveCORS removes upstream response headers for CORS (Cross-Origin Resource Sharing) which have no restrictions and therefore reduce client-side security. no true true, false

HeaderRewrites.spec.response.remove.builtIn.auth

Field Type Description Required Default Allowed Values
basic bool Basic removes upstream response headers that advise clients to authenticate with Basic Authentication. no false true, false
ntlm bool NTLM removes upstream response headers that advise clients to authenticate with NTLM. By default, these headers are removed, because NTLM pass-through is not supported. no true true, false
negotiate bool Negotiate removes upstream response headers that advise clients to authenticate with Negotiate. no true true, false

HeaderRewrites.spec.response.remove.builtIn.informationLeakage

Field Type Description Required Default Allowed Values
application bool Application removes upstream response headers that leak information about the deployed software: X-AspNet-Version, X-AspNetMvc-Version, X-Generator, X-Powered-By. no true true, false
server bool Server removes upstream response headers that leak information about the server: Age, Link, P3P, Proxy-Authenticate, Server, Via. no true true, false

HeaderRewrites.spec.response.remove.custom[]

Field Type Description Required Default Allowed Values
headers object[] Headers to remove. yes
name string Name describing the configured remove operation. Must be unique. yes

HeaderRewrites.spec.response.remove.custom[].headers[]

Field Type Description Required Default Allowed Values
name object Name defines the name of a header. no
value object Value defines the value of a header. no

HeaderRewrites.spec.response.remove.custom[].headers[].name

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.remove.custom[].headers[].name.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
exact string Exact defines an explicit match on the string specified here. Only one of exact, prefix, suffix, regex or contains can be set. no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used (https://github.com/google/re2/wiki/Syntax). Only one of exact, prefix, suffix, regex or contains can be set. no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no

HeaderRewrites.spec.response.remove.custom[].headers[].value

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.remove.custom[].headers[].value.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
exact string Exact defines an explicit match on the string specified here. Only one of exact, prefix, suffix, regex or contains can be set. no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used (https://github.com/google/re2/wiki/Syntax). Only one of exact, prefix, suffix, regex or contains can be set. no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. no

HeaderRewrites.spec.settings

Field Type Description Required Default Allowed Values
operationalMode enum OperationalMode defines the behavior of the filter. In integration mode more information is logged about the requests and responses. no Production Production, Integration