Code development platform for open source projects from the European Union institutions 🔵 EU Login authentication by SMS has been phased out. To see alternatives please check here

Skip to content

Add new field `behavior` to model `HttpHeader`

Netbox Version Plugin Version
v3.6.9 v0.25.1

Actual Behavior

A Reverse Proxy Mapping can have "HTTP Headers" entities attached to it. At RPS squad, we implemented this to mean:

Set the header on the request to upstream or response to client

Desired Behavior

We want to be able to:

  • set header, if said header was already present it is not overridden
  • replace header, if said header was already present it is overridden
  • append to header, if said header was already present, the value is appended to it, otherwise we set it (similar to how the X-Forwarded-For header behave)
  • remove header, if said header was present it is hidden

Use Case 1: Set header if not present

Settings in Netbox:

Header Name Header Value Behavior Apply To
Foo fizzbuzz Set Request

Scenario:

  • Client sends a header:
    1. Client sends request to mapping with header Foo: bar
    2. Reverse Proxy does nothing, as configured in Netbox
    3. Upstream receives Foo: bar
  • Client does not send a header:
    1. Client sends request to mapping with no header
    2. Reverse Proxy sets the header to fizzbuzz, as configured in Netbox
    3. Upstream receives Foo: fizzbuzz

Use case 2: Replace header

Settings in Netbox:

Header Name Header Value Behavior Apply To
Foo fizzbuzz Replace Request

Scenario:

  1. Client sends request to mapping (optionally) with header Foo: bar
  2. Reverse Proxy replaces the header to fizzbuzz, as configured in Netbox
  3. Upstream receives Foo: fizzbuzz

Use case 3: Append to header

Settings in Netbox:

Header Name Header Value Behavior Apply To
Foo baz Append Request

Scenario:

  • Client sends a header:
    1. Client sends request to mapping with header Foo: bar
    2. Reverse Proxy appends baz to the header, as configured in Netbox
    3. Upstream receives Foo: bar,baz
  • Client does not send a header:
    1. Client sends request to mapping with no header
    2. Reverse proxy appends baz to the header, as configured in Netbox
    3. Upstream receives Foo: baz

Use case 4: Remove header

Settings in Netbox:

Header Name Header Value Behavior Apply To
Foo - Remove Request

Scenario:

  1. Malicious client sends request to mapping with header Remote-User: admin
  2. Reverse Proxy removes the Remote-User header, as configured in Netbox
  3. Upstream does not receive Remote-User header

Proposal: add new field behavior to HttpHeader model

The HttpHeader model should have a new field behavior, which is a VARCHAR that can be set to one of the following values:

  • set
  • replace
  • append
  • remove

The field should defaults to replace (for backward compatibility).

Edited by David Jose DELASSUS

For further information about the platform and support, please see https://code.europa.eu/info/about