End of Sale Notice:

F5 NGINX is announcing the End of Sale (EoS) for NGINX Management Suite API Connectivity Manager Module, effective January 1, 2024.

F5 maintains generous lifecycle policies that allow customers to continue support and receive product updates. Existing API Connectivity Manager Module customers can continue to use the product past the EoS date. License renewals are not available after September 30, 2024.

See our End of Sale announcement for more details.

Proxy Request Headers

Learn how to use F5 NGINX Management Suite API Connectivity Manager to set request headers to send to your backend services.

Overview

In API Connectivity Manager, you can apply policies to an API Gateway to further enhance their configuration to meet your requirements.

Policies added at the proxy level are applied to all routes within that proxy.

For an overview of the different policy types and available policies, refer to the consult the Learn about Policies topic.


About the Policy

The Proxy Request Headers policy allows users to pass default and custom request headers to backend services.

This policy is enabled by default when you publish an API Proxy.

Intended Audience

This guide is intended for API Owners — the individuals or teams who are responsible for designing, creating, and maintaining APIs.


Before You Begin

To complete the steps in this guide, you need the following:


Policy Settings

The following table lists the configurable settings and their default values for the policy.

Field Type Possible Values Description Required Default
proxyDefaultHeadersToBackend boolean true,
false

When set to true, the default headers are passed to backend services.

For more information, refer to the Default Headers section.

No True
proxyCustomHeadersToBackend.
key
string Example: my-header The name of the HTTP header. Yes N/A
proxyCustomHeadersToBackend.
value
string Example: var.test

The value of the HTTP header.

For more information, refer to the Header Value Prefixes section.

Yes N/A
proxyCustomHeadersToBackend.
isSensitive
boolean true,
false
When set to false, the header will not appear in logs. No False

Default Headers

Note:
When proxyDefaultHeadersToBackend is true, the following headers are applied.
Header Description
Accept-Encoding Set to an empty string.
Host Set to the IP address of the machine proxying the request.
X-Real-IP Set to the IP client’s address.
Connection Set to an empty string.

Header Value Prefixes

Note:
When adding a custom header to proxyCustomHeadersToBackend, include one of the following prefixes for the value setting.
Prefix Example Description
var var.content_length Pass a valid NGINX variable.
header header.referrer Pass a header from the client request.
client client.IP Pass a value from the client if a Basic Auth or API Key policy has been configured.
stringValue stringValue.MyString Pass a static string.
token token.sub Pass a value from the JSON Web Token (JWT) if the OAuth2 JWT Assertion policy has been configured.

Applying the Policy

You can apply this policy using either the web interface or the REST API.



See Also:

You can use tools such as curl or Postman to interact with the API Connectivity Manager REST API. The API URL follows the format https://<NMS_FQDN>/api/acm/<API_VERSION> and must include authentication information with each call. For more information about authentication options, please refer to the API Overview.

To apply the Proxy Request Headers policy using the REST API, send an HTTP PUT request to the Proxies endpoint.

Method Endpoint
PUT /services/workspaces/{SERVICE_WORKSPACE_NAME}/proxies
JSON request
{
  "policies": {
    "proxy-request-headers": [
      {
        "action": {
          "proxyHeaders": {
            "proxyDefaultHeadersToBackend": true,
            "proxyCustomHeadersToBackend": [
              {
                "key": "my-custom-header",
                "value": "stringValue.myValue",
                "isSensitive": true
              }
            ]
          }
        }
      }
    ]
  }
}

This JSON configures a policy for handling proxy request headers. It instructs the proxy to forward the default headers to the backend, and also to forward a custom header, my-custom-header, with a specific value, stringValue.myValue. The custom header is marked as sensitive, meaning it won’t show up in the logs.

  1. In a web browser, go to the FQDN for your F5 NGINX Management Suite host and log in. Then, from the Launchpad menu, select API Connectivity Manager.

  2. On the left menu, select Services.

  3. Select a workspace in the list that contains the API Proxy you want to update.

  4. On the workspace overview page, on the API Proxies tab, locate the API Proxy you want to update. Select the Actions menu (represented by an ellipsis, ...), then select Edit Proxy.

  5. On the left menu, select API Proxy > Advanced > Policies.

  6. On the Advanced > Policies page, on the API Proxy tab, locate Proxy Request Headers. Select the Actions menu (represented by an ellipsis, ...), then select Edit Policy.

  7. Toggle Set Default Headers on or off to include default headers or not. This setting is enabled by default.

  8. To add custom headers, select Add Custom Header, then complete the necessary fields:

    • Header: The name of the custom HTTP header.

    • Value: The value of the custom HTTP header.

      The value must include one of the following prefixes:

      • var.
      • header.
      • client.
      • stingValue.
      • token.

      For example, to pass a static string for the value, you might type stringValue.<my-value> for the value.

      To learn more about the prefix options and formatting requirements, refer to the Header Value Prefixes section.

    • Is Sensitive: Turn on to prevent writing the custom header to logs.

  9. Select Save to apply the policy to the API Proxy.

  10. Select Save and Publish to deploy the configuration to the API Proxy.