The Inheaders filter sets up HTTP request headers on all incoming traffic. The headers that will be applied by this filter are outlined in the table below. Inheaders should only be configured on TLS-enabled Listeners to allow Impersonation. See the Impersonation docs for more information on how Inheaders and Impersonation work together.
How To Enable Inheaders on the Edge Proxy
In your-org/greymatter-core
repository, open gm/outputs/edge.cue
and set _enable_inheaders
to true
within the #listener
object as shown below:
edge_config: [
#listener & {
listener_key: defaults.edge.key
_gm_observables_topic: defaults.edge.key
_is_ingress: true
_enable_oidc_authentication: false
_enable_rbac: false
_enable_fault_injection: false
_enable_ext_authz: false
_enable_inheaders: true
},
Upon enabling the Inheaders filter, the following headers will be applied to requests passing through the Edge Proxy:
USER_DN
- Certificate’s DN value (ifuser_dn
header exists in the incoming request, this filter will not alter the header value).SSL_CLIENT_S_DN
- Certificate’s DN value.EXTERNAL_SYS_DN
- Certificate’s DN value (only if the incoming request hasuser_dn
header set).X-REAL-IP
- The remote address of the incoming request.X-FORWARDED-FOR
- Certificate’s DN value.
Example
When the configuration above is applied and Inheaders are enabled, the following mesh configuration will exist in the mesh:
"active_http_filters": [
"gm.inheaders"
],