Package io.quarkus.vertx.http.runtime

Interface ProxyConfig

public interface ProxyConfig
Holds configuration related with proxy addressing forward.

  • Method Details

    • useProxyProtocol

      @WithDefault("false") boolean useProxyProtocol()
      Set whether the server should use the HA PROXY protocol when serving requests from behind a proxy. (see the PROXY Protocol). When set to true, the remote address returned will be the one from the actual connecting client. If it is set to false (default), the remote address returned will be the one from the proxy.

    • proxyAddressForwarding

      @WithDefault("false") boolean proxyAddressForwarding()
      If this is true then the address, scheme etc. will be set from headers forwarded by the proxy server, such as X-Forwarded-For. This should only be set if you are behind a proxy that sets these headers.

    • allowForwarded

      @WithDefault("false") boolean allowForwarded()
      If this is true and proxy address forwarding is enabled then the standard Forwarded header will be used. In case the not standard X-Forwarded-For header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with quarkus.http.proxy.allow-x-forwarded has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `Forwarded` or `X-Forwarded-*` headers from the client.

    • allowXForwarded

      Optional<Boolean> allowXForwarded()
      If either this or allow-forwarded are true and proxy address forwarding is enabled then the not standard Forwarded header will be used. In case the standard Forwarded header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with quarkus.http.proxy.allow-forwarded has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `Forwarded` or `X-Forwarded-*` headers from the client.

    • strictForwardedControl

      @WithDefault("true") boolean strictForwardedControl()
      When both Forwarded and X-Forwarded headers are enabled with allowForwarded() and allowXForwarded() respectively, enforce that the identical headers must have equal values.

    • forwardedPrecedence

      @WithDefault("forwarded") ProxyConfig.ForwardedPrecedence forwardedPrecedence()
      When both Forwarded and X-Forwarded headers are enabled with allowForwarded() and allowXForwarded() respectively, and strictForwardedControl() enforcing that the identical headers must have equal values is disabled, choose if it is Forwarded or X-Forwarded matching header value that is preferred.

      For example, if Forwarded has a precedence over X-Forwarded, Forwarded scheme is `http` and X-Forwarded scheme is `https`, then the final scheme value is `http`. If X-Forwarded has a precedence, then the final scheme value is 'https'.

    • enableForwardedHost

      @WithDefault("false") boolean enableForwardedHost()
      Enable override the received request's host through a forwarded host header.

    • forwardedHostHeader

      @WithDefault("X-Forwarded-Host") String forwardedHostHeader()
      Configure the forwarded host header to be used if override enabled.

    • enableForwardedPrefix

      @WithDefault("false") boolean enableForwardedPrefix()
      Enable prefix the received request's path with a forwarded prefix header.

    • forwardedPrefixHeader

      @WithDefault("X-Forwarded-Prefix") String forwardedPrefixHeader()
      Configure the forwarded prefix header to be used if prefixing enabled.

    • enableTrustedProxyHeader

      @WithDefault("false") boolean enableTrustedProxyHeader()
      Adds the header `X-Forwarded-Trusted-Proxy` if the request is forwarded by a trusted proxy. The value is `true` if the request is forwarded by a trusted proxy, otherwise `null`.

      The forwarded parser detects forgery attempts and if the incoming request contains this header, it will be removed from the request.

      The `X-Forwarded-Trusted-Proxy` header is a custom header, not part of the standard `Forwarded` header.

    • trustedProxies

      @ConfigDocDefault("All proxy addresses are trusted") Optional<List<@WithConverter(TrustedProxyCheckPartConverter.class) TrustedProxyCheck.TrustedProxyCheckPart>> trustedProxies()
      Configure the list of trusted proxy addresses. Received `Forwarded`, `X-Forwarded` or `X-Forwarded-*` headers from any other proxy address will be ignored. The trusted proxy address should be specified as the IP address (IPv4 or IPv6), hostname or Classless Inter-Domain Routing (CIDR) notation. Please note that Quarkus needs to perform DNS lookup for all hostnames during the request. For that reason, using hostnames is not recommended.

      Examples of a socket address in the form of `host` or `host:port`:

      • `127.0.0.1:8084`
      • `[0:0:0:0:0:0:0:1]`
      • `[0:0:0:0:0:0:0:1]:8084`
      • `[::]`
      • `localhost`
      • `localhost:8084`

      Examples of a CIDR notation:

      • `::/128`
      • `::/0`
      • `127.0.0.0/8`

      Please bear in mind that IPv4 CIDR won't match request sent from the IPv6 address and the other way around.