ForwardedRequestFilter
Rebase the request URI to a computed scheme, host name, and port.
Use this filter to configure redirects when a request is forwarded by an upstream application such as a TLS offloader.
Usage
{
"name": string,
"type": "ForwardedRequestFilter",
"config": {
"scheme": runtime expression<string>,
"host": runtime expression<string>,
"port": runtime expression<number>
}
}
Properties
At least one of scheme
, host
, or port
must be configured.
"scheme"
: runtime expression<string>, optional-
The scheme to which the request is rebased, for example,
https
.Default: Not rebased to a different scheme
"host"
: runtime expression<string>, optional-
The host to which the request is rebased.
Default: Not rebased to a different host
"port"
: runtime expression<number>, optional-
The port to which the request is rebased.
Default: Not rebased to a different port
Example
In the following configuration, IG runs behind an AWS load balancer, to perform a login page redirect to an authentication party, using the original URI requested by the client.
IG can access the URI used by the load balancer to reach IG, but can’t access the original request URI.
The load balancer breaks the original request URI into the following headers, and adds them to the incoming request:
-
X-Forwarded-Proto
: Scheme -
X-Forwarded-Port
: Port -
Host
: Original host name, and possibly the port.
{
"type": "ForwardedRequestFilter",
"config": {
"scheme": "${request.headers['X-Forwarded-Proto'][0]}",
"host": "${split(request.headers['Host'][0], ':')[0]}",
"port": "${integer(request.headers['X-Forwarded-Port'][0])}"
}
}