End of Sale Notice:
F5 NGINX is announcing the End of Sale (EoS) for NGINX Management Suite API Connectivity Manager Module, effective January 1, 2024.
F5 maintains generous lifecycle policies that allow customers to continue support and receive product updates. Existing API Connectivity Manager Module customers can continue to use the product past the EoS date. License renewals are not available after September 30, 2024.
See our End of Sale announcement for more details.
Proxy Request Headers
Learn how to use F5 NGINX Management Suite API Connectivity Manager to set request headers to send to your backend services.
Overview
In API Connectivity Manager, you can apply policies to an API Gateway to further enhance their configuration to meet your requirements.
Policies added at the proxy level are applied to all routes within that proxy.
For an overview of the different policy types and available policies, refer to the consult the Learn about Policies topic.
About the Policy
The Proxy Request Headers policy allows users to pass default and custom request headers to backend services.
This policy is enabled by default when you publish an API Proxy.
Intended Audience
This guide is intended for API Owners — the individuals or teams who are responsible for designing, creating, and maintaining APIs.
Before You Begin
To complete the steps in this guide, you need the following:
- API Connectivity Manager is installed, licensed, and running.
- An API gateway environment
- A published API Gateway
Policy Settings
The following table lists the configurable settings and their default values for the policy.
Field | Type | Possible Values | Description | Required | Default |
---|---|---|---|---|---|
proxyDefaultHeadersToBackend |
boolean | true ,false |
When set to For more information, refer to the Default Headers section. |
No | True |
proxyCustomHeadersToBackend. key |
string | Example: my-header |
The name of the HTTP header. | Yes | N/A |
proxyCustomHeadersToBackend. value |
string | Example: var.test |
The value of the HTTP header. For more information, refer to the Header Value Prefixes section. |
Yes | N/A |
proxyCustomHeadersToBackend. isSensitive |
boolean | true ,false |
When set to false , the header will not appear in logs. |
No | False |
Default Headers
Note:
WhenproxyDefaultHeadersToBackend
istrue
, the following headers are applied.
Header | Description |
---|---|
Accept-Encoding |
Set to an empty string. |
Host |
Set to the IP address of the machine proxying the request. |
X-Real-IP |
Set to the IP client’s address. |
Connection |
Set to an empty string. |
Header Value Prefixes
Note:
When adding a custom header toproxyCustomHeadersToBackend,
include one of the following prefixes for thevalue
setting.
Prefix | Example | Description |
---|---|---|
var |
var.content_length | Pass a valid NGINX variable. |
header |
header.referrer | Pass a header from the client request. |
client |
client.IP | Pass a value from the client if a Basic Auth or API Key policy has been configured. |
stringValue |
stringValue.MyString | Pass a static string. |
token |
token.sub | Pass a value from the JSON Web Token (JWT) if the OAuth2 JWT Assertion policy has been configured. |
Applying the Policy
You can apply this policy using either the web interface or the REST API.
See Also:
You can use tools such as
curl
or Postman to interact with the API Connectivity Manager REST API. The API URL follows the formathttps://<NMS_FQDN>/api/acm/<API_VERSION>
and must include authentication information with each call. For more information about authentication options, please refer to the API Overview.
To apply the Proxy Request Headers policy using the REST API, send an HTTP PUT
request to the Proxies endpoint.
Method | Endpoint |
---|---|
PUT |
/services/workspaces/{SERVICE_WORKSPACE_NAME}/proxies |
JSON request
{
"policies": {
"proxy-request-headers": [
{
"action": {
"proxyHeaders": {
"proxyDefaultHeadersToBackend": true,
"proxyCustomHeadersToBackend": [
{
"key": "my-custom-header",
"value": "stringValue.myValue",
"isSensitive": true
}
]
}
}
}
]
}
}
This JSON configures a policy for handling proxy request headers. It instructs the proxy to forward the default headers to the backend, and also to forward a custom header, my-custom-header
, with a specific value, stringValue.myValue
. The custom header is marked as sensitive, meaning it won’t show up in the logs.
-
In a web browser, go to the FQDN for your F5 NGINX Management Suite host and log in. Then, from the Launchpad menu, select API Connectivity Manager.
-
On the left menu, select Services.
-
Select a workspace in the list that contains the API Proxy you want to update.
-
On the workspace overview page, on the API Proxies tab, locate the API Proxy you want to update. Select the Actions menu (represented by an ellipsis,
...
), then select Edit Proxy. -
On the left menu, select API Proxy > Advanced > Policies.
-
On the Advanced > Policies page, on the API Proxy tab, locate Proxy Request Headers. Select the Actions menu (represented by an ellipsis,
...
), then select Edit Policy. -
Toggle Set Default Headers on or off to include default headers or not. This setting is enabled by default.
-
To add custom headers, select Add Custom Header, then complete the necessary fields:
-
Header: The name of the custom HTTP header.
-
Value: The value of the custom HTTP header.
The value must include one of the following prefixes:
var.
header.
client.
stingValue.
token.
For example, to pass a static string for the value, you might type
stringValue.<my-value>
for the value.To learn more about the prefix options and formatting requirements, refer to the Header Value Prefixes section.
-
Is Sensitive: Turn on to prevent writing the custom header to logs.
-
-
Select Save to apply the policy to the API Proxy.
-
Select Save and Publish to deploy the configuration to the API Proxy.