HeaderRewrites

microgateway.airlock.com/v1alpha1

HeaderRewrites is the Schema for the headerrewrites API

apiVersion: microgateway.airlock.com/v1alpha1
kind: HeaderRewrites
metadata:
  name: header-rewrites-example
spec:
  request:
    allow:
      matchingHeaders:
        # To reduce the attack surface, drop all request headers except:
        # - those in the built-in standard headers list (Accept, Cookie, etc.)
        # - those in the built-in tracing headers list (Traceparent, B3, X-B3-*, etc.)
        # - X-CSRF-TOKEN
        builtIn:
          standardHeaders: true
          tracingHeaders: true
        custom:
          - name: Allow X-CSRF-Token header
            headers:
              - name:
                  matcher:
                    exact: X-CSRF-TOKEN
    remove:
      # Remove the "X-Forwarded-Host" header and those in the built-in
      # alternative forwarded headers list from the request.
      builtIn:
        alternativeForwardedHeaders: true
      custom:
        - name: Remove X-Forwarded-Host
          headers:
            - name:
                matcher:
                  exact: X-Forwarded-Host
    add:
      # Inject a custom header into the request if the request condition matches.
      custom:
        - name: Add headers with TLS information of the downstream connection to member requests
          headers:
            - name: X-TLS-DOWNSTREAM-PEER-CERT
              value: "%DOWNSTREAM_PEER_CERT%"
          mode: OverwriteOrAdd
          requestConditions:
            path:
              matcher:
                regex: ^/member/
  response:
    allow:
      # Allow all response headers.
      allHeaders: {}
    remove:
      # Remove the headers in the built-in auth basic list from the response.
      builtIn:
        auth:
          basic: true
    add:
      # Inject a custom header into the response.
      custom:
        - name: Add application version as header
          headers:
            - name: X-APP-VERSION
              value: "3.7.4"
          mode: OverwriteOrAdd
apiVersion: microgateway.airlock.com/v1alpha1
kind: HeaderRewrites
metadata:
  name: default
spec: 
  settings: 
    operationalMode: Production
  request: 
    allow: 
      matchingHeaders: 
        builtIn: 
          standardHeaders: true
          tracingHeaders: false
    remove: 
      builtIn: 
        alternativeForwardedHeaders: true
    add: {}
  response: 
    allow: 
      allHeaders: {}
    remove: 
      builtIn: 
        informationLeakage: 
          server: true
          application: true
        auth: 
          basic: false
          ntlm: true
          negotiate: true
        permissiveCors: true
    add: 
      builtIn: 
        xFrameOptions: true
        hsts: true
        hstsPreload: false
        csp: true
        xContentTypeOptions: true
        referrerPolicy: true
        featurePolicy: false
        permissionsPolicy: true

HeaderRewrites

Field Type Description Required Default Allowed Values
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata yes
spec object Specification of the desired header rewriting behavior. no

HeaderRewrites.spec

Field Type Description Required Default Allowed Values
request object Request defines manipulations on upstream request headers. no
response object Response defines manipulations on upstream response headers. no
settings object Settings configures the HeaderRewrites filter. no

HeaderRewrites.spec.request

Field Type Description Required Default Allowed Values
add object Add defines which request headers will be added before forwarding to the upstream. no
allow object Allow defines which request headers will be forwarded to the upstream.
This can either be allHeaders or matchingHeaders.
Default: matchingHeaders: {…}		 no matchingHeaders{...} allHeaders{}, matchingHeaders{}
remove object Remove defines which request headers will be removed before forwarding to the upstream. no

HeaderRewrites.spec.request.add

Field Type Description Required Default Allowed Values
custom object[] Custom allows configuring additional upstream request headers.
Add selected headers.		 no

HeaderRewrites.spec.request.add.custom[]

Field Type Description Required Default Allowed Values
headers object[] Headers to add. yes
mode enum Mode defines the header addition strategy. no AddIfAbsent AddIfAbsent, OverwriteOrAdd
name string Name describing the configured operation. yes
requestConditions object RequestConditions defines additional request properties which must be matched in order for this operation to be applied. no

HeaderRewrites.spec.request.add.custom[].headers[]

Field Type Description Required Default Allowed Values
name string Name defines the name of a header. yes
value string Value defines the value of a header. yes

HeaderRewrites.spec.request.add.custom[].requestConditions

Field Type Description Required Default Allowed Values
header object Header defines the matching headers of a request. no
invert bool Invert indicates whether the request condition should be inverted. no false true, false
mediaType object MediaType defines the matching media type from the content-type header of a request. no
method enum[] Method defines the matching methods of a request. no GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS, TRACE
path object Path defines the matching path of a request. no
remoteIP object RemoteIP defines the matching remote IPs of a request. no

HeaderRewrites.spec.request.add.custom[].requestConditions.header

Field Type Description Required Default Allowed Values
name object Name defines the name of a header. no
value object Value defines the value of a header. no

HeaderRewrites.spec.request.add.custom[].requestConditions.header.name

Field Type Description Required Default Allowed Values
matcher object Matcher defines the way to match a string. In comparison to a normal StringMatcher, a value is always matched ignoring the case and can’t be inverted. yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.add.custom[].requestConditions.header.name.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.add.custom[].requestConditions.header.value

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.add.custom[].requestConditions.header.value.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.add.custom[].requestConditions.mediaType

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.add.custom[].requestConditions.mediaType.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.add.custom[].requestConditions.path

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.add.custom[].requestConditions.path.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.add.custom[].requestConditions.remoteIP

Field Type Description Required Default Allowed Values
cidrRanges string[] CIDRRanges defines the IPv4 or IPv6 CIDR ranges, e.g. 196.148.3.128/26 or 2001:db8::/28. yes
invert bool Invert indicates whether the match should be inverted. no false true, false

HeaderRewrites.spec.request.allow

Field Type Description Required Default Allowed Values
allHeaders object AllHeaders specifies that all request headers should be forwarded. no
matchingHeaders object MatchingHeaders specifies which request headers should be forwarded. no

HeaderRewrites.spec.request.allow.matchingHeaders

Field Type Description Required Default Allowed Values
builtIn object BuiltIn allows configuring a set of predefined upstream request headers. no
custom object[] Custom allows configuring additional upstream request headers. no

HeaderRewrites.spec.request.allow.matchingHeaders.builtIn

Field Type Description Required Default Allowed Values
standardHeaders bool StandardHeaders defines whether the request headers which are forwarded to the upstream will be restricted to a set of common request headers.
Allows headers:
  • Accept
  • Accept-Charset
  • Accept-Language
  • Access-Control-Request-Headers
  • Access-Control-Request-Method
  • Authorization
  • Cache-Control
  • Content-Length
  • Content-Type
  • Connection (if value matches: Upgrade)
  • Cookie
  • DNT
  • Grpc-Accept-Encoding
  • Grpc-Encoding
  • Grpc-Message-Type
  • Grpc-Timeout
  • Host
  • If-Match
  • If-Modified-Since
  • If-None-Match
  • If-Range
  • If-Unmodified-Since
  • Last-Event-ID
  • Origin
  • Pragma
  • Range
  • Referer
  • Sec-Metadata
  • Sec-WebSocket-Extensions
  • Sec-WebSocket-Key
  • Sec-WebSocket-Protocol
  • Sec-WebSocket-Version
  • SOAPAction
  • Te (if value matches: trailers)
  • UA-CPU
  • Upgrade (if value matches: websocket)
  • Upgrade-Insecure-Requests
  • User-Agent
  • Via
  • X-Correlation-ID
  • X-Do-Not-Track
  • X-Requested-With
  • X-Request-ID
  • X-Same-Domain
  • X-WAP-Profile
  • X-WAP-Profile-Diff
 no true true, false
tracingHeaders bool TracingHeaders defines whether to allow common tracing headers to be forwarded to the upstream.
Allows headers:
  • Traceparent
  • Tracestate
  • B3
  • X-B3-Traceid
  • X-B3-Spanid
  • X-B3-Parentspanid
  • X-B3-Sampled
  • X-B3-Flags
 no false true, false

HeaderRewrites.spec.request.allow.matchingHeaders.custom[]

Field Type Description Required Default Allowed Values
headers object[] Headers to allow. yes
name string Name describing the configured operation. Must be unique. yes
requestConditions object RequestConditions defines additional request properties which must be matched in order for this operation to be applied. no

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].headers[]

Field Type Description Required Default Allowed Values
name object Name defines the name of a header. no
value object Value defines the value of a header. no

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].headers[].name

Field Type Description Required Default Allowed Values
matcher object Matcher defines the way to match a string. In comparison to a normal StringMatcher, a value is always matched ignoring the case and can’t be inverted. yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].headers[].name.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].headers[].value

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].headers[].value.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].requestConditions

Field Type Description Required Default Allowed Values
header object Header defines the matching headers of a request. no
invert bool Invert indicates whether the request condition should be inverted. no false true, false
mediaType object MediaType defines the matching media type from the content-type header of a request. no
method enum[] Method defines the matching methods of a request. no GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS, TRACE
path object Path defines the matching path of a request. no
remoteIP object RemoteIP defines the matching remote IPs of a request. no

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].requestConditions.header

Field Type Description Required Default Allowed Values
name object Name defines the name of a header. no
value object Value defines the value of a header. no

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].requestConditions.header.name

Field Type Description Required Default Allowed Values
matcher object Matcher defines the way to match a string. In comparison to a normal StringMatcher, a value is always matched ignoring the case and can’t be inverted. yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].requestConditions.header.name.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].requestConditions.header.value

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].requestConditions.header.value.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].requestConditions.mediaType

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].requestConditions.mediaType.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].requestConditions.path

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].requestConditions.path.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.allow.matchingHeaders.custom[].requestConditions.remoteIP

Field Type Description Required Default Allowed Values
cidrRanges string[] CIDRRanges defines the IPv4 or IPv6 CIDR ranges, e.g. 196.148.3.128/26 or 2001:db8::/28. yes
invert bool Invert indicates whether the match should be inverted. no false true, false

HeaderRewrites.spec.request.remove

Field Type Description Required Default Allowed Values
builtIn object BuiltIn allows configuring a set of predefined upstream request headers. no
custom object[] Custom allows configuring additional upstream request headers. no

HeaderRewrites.spec.request.remove.builtIn

Field Type Description Required Default Allowed Values
alternativeForwardedHeaders bool AlternativeForwardedHeaders removes downstream request headers which could potentially
be abused to alter the upstream’s view of the remote connection.
Removes headers:
  • Front-End-Https
 no true true, false

HeaderRewrites.spec.request.remove.custom[]

Field Type Description Required Default Allowed Values
headers object[] Headers to remove. yes
name string Name describing the configured operation. Must be unique. yes
requestConditions object RequestConditions defines additional request properties which must be matched in order for this operation to be applied. no

HeaderRewrites.spec.request.remove.custom[].headers[]

Field Type Description Required Default Allowed Values
name object Name defines the name of a header. no
value object Value defines the value of a header. no

HeaderRewrites.spec.request.remove.custom[].headers[].name

Field Type Description Required Default Allowed Values
matcher object Matcher defines the way to match a string. In comparison to a normal StringMatcher, a value is always matched ignoring the case and can’t be inverted. yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.remove.custom[].headers[].name.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.remove.custom[].headers[].value

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.remove.custom[].headers[].value.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.remove.custom[].requestConditions

Field Type Description Required Default Allowed Values
header object Header defines the matching headers of a request. no
invert bool Invert indicates whether the request condition should be inverted. no false true, false
mediaType object MediaType defines the matching media type from the content-type header of a request. no
method enum[] Method defines the matching methods of a request. no GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS, TRACE
path object Path defines the matching path of a request. no
remoteIP object RemoteIP defines the matching remote IPs of a request. no

HeaderRewrites.spec.request.remove.custom[].requestConditions.header

Field Type Description Required Default Allowed Values
name object Name defines the name of a header. no
value object Value defines the value of a header. no

HeaderRewrites.spec.request.remove.custom[].requestConditions.header.name

Field Type Description Required Default Allowed Values
matcher object Matcher defines the way to match a string. In comparison to a normal StringMatcher, a value is always matched ignoring the case and can’t be inverted. yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.remove.custom[].requestConditions.header.name.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.remove.custom[].requestConditions.header.value

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.remove.custom[].requestConditions.header.value.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.remove.custom[].requestConditions.mediaType

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.remove.custom[].requestConditions.mediaType.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.remove.custom[].requestConditions.path

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.request.remove.custom[].requestConditions.path.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.request.remove.custom[].requestConditions.remoteIP

Field Type Description Required Default Allowed Values
cidrRanges string[] CIDRRanges defines the IPv4 or IPv6 CIDR ranges, e.g. 196.148.3.128/26 or 2001:db8::/28. yes
invert bool Invert indicates whether the match should be inverted. no false true, false

HeaderRewrites.spec.response

Field Type Description Required Default Allowed Values
add object Add defines which response headers will be added before forwarding to the downstream. no
allow object Allow defines which response headers will be forwarded to the downstream.
This can either be allHeaders or matchingHeaders.
Default: allHeaders: {}		 no allHeaders{...} allHeaders{}, matchingHeaders{}
remove object Remove defines which response headers will be removed before forwarding to the downstream. no

HeaderRewrites.spec.response.add

Field Type Description Required Default Allowed Values
builtIn object BuiltIn allows configuring a set of predefined upstream response headers. no
custom object[] Custom allows configuring additional upstream response headers. no

HeaderRewrites.spec.response.add.builtIn

Field Type Description Required Default Allowed Values
csp bool CSP sets a content security policy which allows only same-origin requests except for images
if the ‘Content-Security-Policy’ header is not set by the upstream.
Adds missing headers:
  • Content-Security-Policy: default-src 'self'; img-src *
 no true true, false
featurePolicy bool FeaturePolicy sets a feature policy which prevents cross-origin use of several browser features
if the ‘Feature-Policy’ header is not set by the upstream.
Deprecated: Use permissionsPolicy instead.
Adds missing headers:
  • Feature-Policy: accelerometer 'self'; ambient-light-sensor 'self'; autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; gyroscope 'self'; magnetometer 'self'; microphone 'self'; midi 'self'; payment 'self'; usb 'self'; xr-spatial-tracking 'self'
 no false true, false
hsts bool HSTS enforces the use of HTTPS if the ‘Strict-Transport-Security’ header is not already set by the upstream.
Adds missing headers:
  • Strict-Transport-Security: max-age=31536000
 no true true, false
hstsPreload bool HSTSPreload enforces the use of HTTPS including for subdomains and enables HSTS preload.
Sets headers:
  • Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
 no false true, false
permissionsPolicy bool PermissionsPolicy sets a permissions policy which prevents cross-origin use of several browser features
if the ‘Permissions-Policy’ header is not set by the upstream.
Adds missing headers:
  • Permissions-Policy: accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), camera=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), payment=(self), usb=(self), xr-spatial-tracking=(self)
 no true true, false
referrerPolicy bool ReferrerPolicy ensures that no ‘Referer’ header is sent for cross-origin requests
if the ‘Referrer-Policy’ header is not set by the upstream.
Adds missing headers:
  • Referrer-Policy: same-origin
 no true true, false
xContentTypeOptions bool XContentTypeOptions sets ‘X-Content-Type-Options’ to ’nosniff’ if it is not set by the upstream.
Adds missing headers:
  • X-Content-Type-Options: nosniff
 no true true, false
xFrameOptions bool XFrameOptions sets ‘X-Frame-Options’ to SAMEORIGIN if it is not set by the upstream.
Adds missing headers:
  • X-Frame-Options: SAMEORIGIN
 no true true, false

HeaderRewrites.spec.response.add.custom[]

Field Type Description Required Default Allowed Values
headers object[] Headers to add. yes
mode enum Mode defines the header addition strategy. no AddIfAbsent AddIfAbsent, OverwriteOrAdd
name string Name describing the configured operation. yes
requestConditions object RequestConditions defines additional request properties which must be matched in order for this operation to be applied. no

HeaderRewrites.spec.response.add.custom[].headers[]

Field Type Description Required Default Allowed Values
name string Name defines the name of a header. yes
value string Value defines the value of a header. yes

HeaderRewrites.spec.response.add.custom[].requestConditions

Field Type Description Required Default Allowed Values
header object Header defines the matching headers of a request. no
invert bool Invert indicates whether the request condition should be inverted. no false true, false
mediaType object MediaType defines the matching media type from the content-type header of a request. no
method enum[] Method defines the matching methods of a request. no GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS, TRACE
path object Path defines the matching path of a request. no
remoteIP object RemoteIP defines the matching remote IPs of a request. no

HeaderRewrites.spec.response.add.custom[].requestConditions.header

Field Type Description Required Default Allowed Values
name object Name defines the name of a header. no
value object Value defines the value of a header. no

HeaderRewrites.spec.response.add.custom[].requestConditions.header.name

Field Type Description Required Default Allowed Values
matcher object Matcher defines the way to match a string. In comparison to a normal StringMatcher, a value is always matched ignoring the case and can’t be inverted. yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.add.custom[].requestConditions.header.name.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.add.custom[].requestConditions.header.value

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.add.custom[].requestConditions.header.value.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.add.custom[].requestConditions.mediaType

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.add.custom[].requestConditions.mediaType.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.add.custom[].requestConditions.path

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.add.custom[].requestConditions.path.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.add.custom[].requestConditions.remoteIP

Field Type Description Required Default Allowed Values
cidrRanges string[] CIDRRanges defines the IPv4 or IPv6 CIDR ranges, e.g. 196.148.3.128/26 or 2001:db8::/28. yes
invert bool Invert indicates whether the match should be inverted. no false true, false

HeaderRewrites.spec.response.allow

Field Type Description Required Default Allowed Values
allHeaders object AllHeaders specifies that all response headers should be forwarded. no
matchingHeaders object MatchingHeaders specifies which response headers should be forwarded. no

HeaderRewrites.spec.response.allow.matchingHeaders

Field Type Description Required Default Allowed Values
builtIn object BuiltIn allows configuring a set of predefined upstream response header. no
custom object[] Custom allows configuring additional upstream response headers. no

HeaderRewrites.spec.response.allow.matchingHeaders.builtIn

Field Type Description Required Default Allowed Values
standardHeaders bool StandardHeaders defines whether the response headers which are forwarded to the downstream will be restricted to a set of common response headers.
Allows headers:
  • Accept-Ranges
  • Access-Control-Allow-Credentials
  • Access-Control-Allow-Headers
  • Access-Control-Allow-Methods
  • Access-Control-Allow-Origin
  • Access-Control-Expose-Headers
  • Access-Control-Max-Age
  • Allow
  • Cache-Control
  • Content-Disposition
  • Content-Encoding
  • Content-Language
  • Content-Length
  • Content-Location
  • Content-MD5
  • Content-Range
  • Content-Security-Policy
  • Content-Type
  • Date
  • Etag
  • Expires
  • Feature-Policy
  • Grpc-Accept-Encoding
  • Grpc-Encoding
  • Grpc-Message
  • Grpc-Status
  • Permissions-Policy
  • Frame-Options
  • Last-Modified
  • Location
  • Pragma
  • Referrer-Policy
  • Refresh
  • Retry-After
  • Sec-WebSocket-Accept
  • Sec-WebSocket-Extensions
  • Sec-WebSocket-Protocol
  • Sec-WebSocket-Version
  • Strict-Transport-Security
  • Trailer
  • Transfer-Encoding
  • Vary
  • WWW-Authenticate
  • Warning
  • X-Content-Security-Policy
  • X-Content-Type-Options
  • X-Frame-Options
  • X-Permitted-Cross-Domain-Policies
  • X-UA-Compatible
  • X-WAP-Profile-Warning
  • X-WebKit-CSP
 no false true, false

HeaderRewrites.spec.response.allow.matchingHeaders.custom[]

Field Type Description Required Default Allowed Values
headers object[] Headers to allow. yes
name string Name describing the configured operation. Must be unique. yes
requestConditions object RequestConditions defines additional request properties which must be matched in order for this operation to be applied. no

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].headers[]

Field Type Description Required Default Allowed Values
name object Name defines the name of a header. no
value object Value defines the value of a header. no

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].headers[].name

Field Type Description Required Default Allowed Values
matcher object Matcher defines the way to match a string. In comparison to a normal StringMatcher, a value is always matched ignoring the case and can’t be inverted. yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].headers[].name.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].headers[].value

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].headers[].value.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].requestConditions

Field Type Description Required Default Allowed Values
header object Header defines the matching headers of a request. no
invert bool Invert indicates whether the request condition should be inverted. no false true, false
mediaType object MediaType defines the matching media type from the content-type header of a request. no
method enum[] Method defines the matching methods of a request. no GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS, TRACE
path object Path defines the matching path of a request. no
remoteIP object RemoteIP defines the matching remote IPs of a request. no

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].requestConditions.header

Field Type Description Required Default Allowed Values
name object Name defines the name of a header. no
value object Value defines the value of a header. no

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].requestConditions.header.name

Field Type Description Required Default Allowed Values
matcher object Matcher defines the way to match a string. In comparison to a normal StringMatcher, a value is always matched ignoring the case and can’t be inverted. yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].requestConditions.header.name.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].requestConditions.header.value

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].requestConditions.header.value.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].requestConditions.mediaType

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].requestConditions.mediaType.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].requestConditions.path

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].requestConditions.path.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.allow.matchingHeaders.custom[].requestConditions.remoteIP

Field Type Description Required Default Allowed Values
cidrRanges string[] CIDRRanges defines the IPv4 or IPv6 CIDR ranges, e.g. 196.148.3.128/26 or 2001:db8::/28. yes
invert bool Invert indicates whether the match should be inverted. no false true, false

HeaderRewrites.spec.response.remove

Field Type Description Required Default Allowed Values
builtIn object BuiltIn allows configuring a set of predefined upstream response headers. no
custom object[] Custom allows configuring additional upstream response headers. no

HeaderRewrites.spec.response.remove.builtIn

Field Type Description Required Default Allowed Values
auth object Auth defines the categories of headers concerning authentication. no
informationLeakage object InformationLeakage defines the categories of headers concerning information leakage. no
permissiveCors bool PermissiveCORS removes upstream response headers for CORS (Cross-Origin Resource Sharing) which have no restrictions and therefore reduce client-side security.
Removes headers:
  • Access-Control-Allow-Origin (if value matches: (?i:^[[:blank:]]*\*[[:blank:]]*$))
 no true true, false

HeaderRewrites.spec.response.remove.builtIn.auth

Field Type Description Required Default Allowed Values
basic bool Basic removes upstream response headers that advise clients to authenticate with Basic Authentication.
Removes headers:
  • WWW-Authenticate (if value matches: (?i:^Basic.*))
 no false true, false
ntlm bool NTLM removes upstream response headers that advise clients to authenticate with NTLM.
By default, these headers are removed, because NTLM pass-through is not supported.
Removes headers:
  • WWW-Authenticate (if value matches: (?i:^NTLM.*))
 no true true, false
negotiate bool Negotiate removes upstream response headers that advise clients to authenticate with Negotiate.
Removes headers:
  • WWW-Authenticate (if value matches: (?i:^Negotiate.*))
 no true true, false

HeaderRewrites.spec.response.remove.builtIn.informationLeakage

Field Type Description Required Default Allowed Values
application bool Application removes upstream response headers that leak information about the deployed software.
Removes headers:
  • X-AspNet-Version
  • X-AspNetMvc-Version
  • X-Generator
  • X-Powered-By
 no true true, false
server bool Server removes upstream response headers that leak information about the server.
Removes headers:
  • Age
  • Link
  • P3P
  • Proxy-Authenticate
  • Server
  • Via
 no true true, false

HeaderRewrites.spec.response.remove.custom[]

Field Type Description Required Default Allowed Values
headers object[] Headers to remove. yes
name string Name describing the configured remove operation. Must be unique. yes
requestConditions object RequestConditions defines additional request properties which must be matched in order for this operation to be applied. no

HeaderRewrites.spec.response.remove.custom[].headers[]

Field Type Description Required Default Allowed Values
name object Name defines the name of a header. no
value object Value defines the value of a header. no

HeaderRewrites.spec.response.remove.custom[].headers[].name

Field Type Description Required Default Allowed Values
matcher object Matcher defines the way to match a string. In comparison to a normal StringMatcher, a value is always matched ignoring the case and can’t be inverted. yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.remove.custom[].headers[].name.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.remove.custom[].headers[].value

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.remove.custom[].headers[].value.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.remove.custom[].requestConditions

Field Type Description Required Default Allowed Values
header object Header defines the matching headers of a request. no
invert bool Invert indicates whether the request condition should be inverted. no false true, false
mediaType object MediaType defines the matching media type from the content-type header of a request. no
method enum[] Method defines the matching methods of a request. no GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS, TRACE
path object Path defines the matching path of a request. no
remoteIP object RemoteIP defines the matching remote IPs of a request. no

HeaderRewrites.spec.response.remove.custom[].requestConditions.header

Field Type Description Required Default Allowed Values
name object Name defines the name of a header. no
value object Value defines the value of a header. no

HeaderRewrites.spec.response.remove.custom[].requestConditions.header.name

Field Type Description Required Default Allowed Values
matcher object Matcher defines the way to match a string. In comparison to a normal StringMatcher, a value is always matched ignoring the case and can’t be inverted. yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.remove.custom[].requestConditions.header.name.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.remove.custom[].requestConditions.header.value

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.remove.custom[].requestConditions.header.value.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.remove.custom[].requestConditions.mediaType

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.remove.custom[].requestConditions.mediaType.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.remove.custom[].requestConditions.path

Field Type Description Required Default Allowed Values
matcher object yes exact{}, prefix{}, suffix{}, regex{}, contains{}

HeaderRewrites.spec.response.remove.custom[].requestConditions.path.matcher

Field Type Description Required Default Allowed Values
contains string Contains defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
exact string Exact defines an explicit match on the string specified here.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
ignoreCase bool IgnoreCase indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). no false true, false
prefix string Prefix defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
regex string Regex defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used.
The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex.
Only one of exact, prefix, suffix, regex or contains can be set.		 no
suffix string Suffix defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead.
Only one of exact, prefix, suffix, regex or contains can be set.		 no

HeaderRewrites.spec.response.remove.custom[].requestConditions.remoteIP

Field Type Description Required Default Allowed Values
cidrRanges string[] CIDRRanges defines the IPv4 or IPv6 CIDR ranges, e.g. 196.148.3.128/26 or 2001:db8::/28. yes
invert bool Invert indicates whether the match should be inverted. no false true, false

HeaderRewrites.spec.settings

Field Type Description Required Default Allowed Values
operationalMode enum OperationalMode defines the behavior of the filter. In integration mode more information is logged about the requests and responses. no Production Production, Integration