Header Allow/Deny

The Header Allow/Deny Policy allows the user to control which incoming requests may be forwarded to the backend service. Permission is granted by adding values for a header.

When a request is received, the policy examines the HTTP headers. The configured rules are applied using a regular expression against the names and values.

If these are permitted, the request is passed unmodified to the backend API.

If they are not allowed, an HTTP 403 response is returned and the call to the backend service is not executed.

Configuration

Option	Description	Possible Values	Default
Header Name	Name of the HTTP header, e.g. Host	Any string.	-
Allow request if header is missing	Determines whether the request is considered if a header is missing.	true/false	false
Allow request if no rules match	Determines whether the request is considered if no rule applies.	true/false	false
Header Rules
Allow request if value matches	Determines whether the request is considered if the value applies.	true/false	false
Header Value Regex	Defines the header value.	Any regex.	-

Option

Description

Possible Values

Default

Header Name

Name of the HTTP header, e.g. Host

Any string.

Allow request if header is missing

Determines whether the request is considered if a header is missing.

true/false

false

Allow request if no rules match

Determines whether the request is considered if no rule applies.

true/false

false

Header Rules

Allow request if value matches

Determines whether the request is considered if the value applies.

true/false

false

Header Value Regex

Defines the header value.

Any regex.