diff --git a/docs/reference/readme.md b/docs/reference/readme.md index 7d91bd9d4..6d8a88ffc 100644 --- a/docs/reference/readme.md +++ b/docs/reference/readme.md @@ -1125,11 +1125,13 @@ A request to `https://from.example.com/admin` would be forwarded to `https://to. - Optional - Example: `host_rewrite: "example.com"` -The `host` header can be customized via 3 mutually exclusive options: +The `host` header can be preserved via the `preserve_host_header` setting or customized via 3 mutually exclusive options: -1. `host_rewrite` which will rewrite the host to a new literal value. -2. `host_rewrite_header` which will rewrite the host to match an incoming header value. -3. `host_path_regex_rewrite_pattern`, `host_path_regex_rewrite_substitution` which will rewrite the host according to a regex matching the path. For example with the following config: +1. `preserve_host_header` when enabled, this option will pass the host header from the incoming request to the proxied host, instead of the destination hostname. It's an optional parameter of type `bool` that defaults to `false`. + See [ProxyPreserveHost](http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#proxypreservehost). +2. `host_rewrite` which will rewrite the host to a new literal value. +3. `host_rewrite_header` which will rewrite the host to match an incoming header value. +4. `host_path_regex_rewrite_pattern`, `host_path_regex_rewrite_substitution` which will rewrite the host according to a regex matching the path. For example with the following config: ```yaml host_path_regex_rewrite_pattern: "^/(.+)/.+$" @@ -1138,7 +1140,7 @@ The `host` header can be customized via 3 mutually exclusive options: Would rewrite the host header to `example.com` given the path `/example.com/some/path`. -These options correspond to the envoy route action host related options, which can be found [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto.html#config-route-v3-routeaction). +The 2nd, 3rd and 4th options correspond to the envoy route action host related options, which can be found [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto.html#config-route-v3-routeaction). ### Public Access @@ -1201,17 +1203,6 @@ See the [envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/ Policy timeout establishes the per-route timeout value. Cannot exceed global timeout values. -### Preserve Host Header -- `yaml`/`json` setting: `preserve_host_header` -- Type: `bool` -- Optional -- Default: `false` - -When enabled, this option will pass the host header from the incoming request to the proxied host, instead of the destination hostname. - -See [ProxyPreserveHost](http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#proxypreservehost). - - ### Set Request Headers - Config File Key: `set_request_headers` - Type: map of `strings` key value pairs diff --git a/docs/reference/settings.yaml b/docs/reference/settings.yaml index 030604c12..8b3e2f521 100644 --- a/docs/reference/settings.yaml +++ b/docs/reference/settings.yaml @@ -1246,6 +1246,7 @@ settings: "host_rewrite_header", "host_path_regex_rewrite_pattern", "host_path_regex_rewrite_substitution", + "preserve_host_header", ] attributes: | - `yaml`/`json` settings: `host_rewrite`, `host_rewrite_header`, `host_path_regex_rewrite_pattern`, `host_path_regex_rewrite_substitution` @@ -1253,11 +1254,13 @@ settings: - Optional - Example: `host_rewrite: "example.com"` doc: | - The `host` header can be customized via 3 mutually exclusive options: + The `host` header can be preserved via the `preserve_host_header` setting or customized via 3 mutually exclusive options: - 1. `host_rewrite` which will rewrite the host to a new literal value. - 2. `host_rewrite_header` which will rewrite the host to match an incoming header value. - 3. `host_path_regex_rewrite_pattern`, `host_path_regex_rewrite_substitution` which will rewrite the host according to a regex matching the path. For example with the following config: + 1. `preserve_host_header` when enabled, this option will pass the host header from the incoming request to the proxied host, instead of the destination hostname. It's an optional parameter of type `bool` that defaults to `false`. + See [ProxyPreserveHost](http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#proxypreservehost). + 2. `host_rewrite` which will rewrite the host to a new literal value. + 3. `host_rewrite_header` which will rewrite the host to match an incoming header value. + 4. `host_path_regex_rewrite_pattern`, `host_path_regex_rewrite_substitution` which will rewrite the host according to a regex matching the path. For example with the following config: ```yaml host_path_regex_rewrite_pattern: "^/(.+)/.+$" @@ -1266,7 +1269,7 @@ settings: Would rewrite the host header to `example.com` given the path `/example.com/some/path`. - These options correspond to the envoy route action host related options, which can be found [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto.html#config-route-v3-routeaction). + The 2nd, 3rd and 4th options correspond to the envoy route action host related options, which can be found [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto.html#config-route-v3-routeaction). - name: "Public Access" keys: ["allow_public_unauthenticated_access"] attributes: | @@ -1327,17 +1330,6 @@ settings: - Default: `30s` doc: | Policy timeout establishes the per-route timeout value. Cannot exceed global timeout values. - - name: "Preserve Host Header" - keys: ["preserve_host_header"] - attributes: | - - `yaml`/`json` setting: `preserve_host_header` - - Type: `bool` - - Optional - - Default: `false` - doc: | - When enabled, this option will pass the host header from the incoming request to the proxied host, instead of the destination hostname. - - See [ProxyPreserveHost](http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#proxypreservehost). - name: "Set Request Headers" keys: ["set_request_headers"] attributes: | @@ -1619,4 +1611,4 @@ settings: Be aware that any RSA based signature method may be an order of magnitude lower than [elliptic curve] variants like EdDSA (`ed25519`) and ECDSA (`ES256`). For more information, checkout [this article](https://www.scottbrady91.com/JOSE/JWTs-Which-Signing-Algorithm-Should-I-Use). shortdoc: | - Signing Key Algorithm is the algorithm used to sign a user's attestation JWT. + Signing Key Algorithm is the algorithm used to sign a user's attestation JWT. \ No newline at end of file