End of Sale Notice:
F5 NGINX is announcing the End of Sale (EoS) for NGINX Management Suite API Connectivity Manager Module, effective January 1, 2024.
F5 maintains generous lifecycle policies that allow customers to continue support and receive product updates. Existing API Connectivity Manager Module customers can continue to use the product past the EoS date. License renewals are not available after September 30, 2024.
See our End of Sale announcement for more details.
Request Header Specification
Learn how to set up the Request Header Specification policy in API Connectivity Manager to process headers with invalid characters.
Overview
In API Connectivity Manager, you can apply global policies to API Gateways and Developer Portals to ensure your organization’s security requirements are enforced.
When you add policies at the environment level, they will apply to all proxies hosted within that environment.
See the Learn about Policies topic for an overview of the different policy types and available policies.
About the Policy
Use the Request Header Specification policy to allow headers that would normally be considered invalid. This can be used to treat underscores as valid or allow all special header characters.
Intended Audience
This guide is meant for Infrastructure Administrators.
Infrastructure Administrators ensure uniform governance across an organization’s infrastructure by setting policies at the infrastructure level, enabling teams to build APIs without interruption while adhering to the organization’s standards.
Workflow for Applying Policy
To apply the policy or make changes to it, here’s what you need to do:
- Edit an existing environment or create a new one.
- Check the advanced settings for the environment to see if the policy has been applied.
- Edit the policy to make changes for each environment. Save and publish the changes.
Policy Settings
| Field | Type | Possible Values | Description | Required | Default Value |
|---|---|---|---|---|---|
invalidHeadersBehaviour |
string | Example:ALLOW_ALL |
This can be set to IGNORE_ALL (the default behavior for NGINX), ALLOW_UNDERSCORE, or ALLOW_ALL |
YES | ALLOW_ALL |
Applying the Policy
You can apply this policy using either the web interface or the REST API. Configuring the policy to invalidHeadersBehaviour: IGNORE_ALL will result in the same behavior as not applying the policy.
To create a Request Correlation ID policy using the REST API, send an HTTP POST request to the Environment endpoint.
| Method | Endpoint |
|---|---|
POST |
/infrastructure/workspaces/{workspace}/environments/{environment} |
JSON request
{
"policies": {
"request-correlation-id": [
{
"action": {
"invalidHeadersBehaviour": "ALLOW_ALL"
}
}
]
}
}
This JSON example defines a Request Header Specification policy.
To add a Request Header Specification policy using the web interface:
- In a web browser, go to the FQDN for your NGINX Management Suite host and log in. Then, from the Launchpad menu, select API Connectivity Manager.
- On the left menu, select Infrastructure.
- Choose the workspace that includes the environment for the cluster you want to add the policy to.
- Select the environment for your cluster.
- In the list of clusters, locate the cluster you want to add the policy to. On the Actions menu (represented by an ellipsis,
...), select Edit Advanced Config. - On the left menu, select Global Policies.
- From the list of policies, locate the Request Header Specification policy, then select Add Policy from the Actions menu (represented by an ellipsis,
...). - On the Request Header Specification form, choose which configuration is appropriate for your environment.
- Select Add to apply the policy to the cluster.
- Select Save and Submit to deploy the configuration.