HTTP Headers

You can configure the Forwarded, X-Forwarded-* and X-Real-IP headers of outbound requests with these options:

• Set headers:
  • forwarded.set_outbound.forwarded: sets the Forwarded header per RFC 7239 specifications, using the parameters for, by, host, and proto
  • forwarded.set_outbound.x-forwarded: sets X-Forwarded-For header to chain of IP addresses from the original client to the last proxy server
  • forwarded.set_outbound.x-real-ip: sets the X-Real-IP header to the original client IP address
• Preserve headers of the inbound request (use only if you trust the request source):
  • forwarded.preserve_inbound.forwarded: preserves the inbound Forwarded header
  • forwarded.preserve_inbound.x-forwarded: preserves the inbound X-Forwarded-For header
  • forwarded.preserve_inbound.x-real-ip: preserves the inbound X-Real-IP header

caution

Only preserve inbound headers if you trust the source of the inbound request to avoid spoofed headers.

Here's an example configuration:

Environment variables

GATE_HEADERS_FORWARDED_SET_OUTBOUND_FORWARDED=true
GATE_HEADERS_FORWARDED_SET_OUTBOUND_X_FORWARDED=true
GATE_HEADERS_FORWARDED_SET_OUTBOUND_X_REAL_IP=true

GATE_HEADERS_FORWARDED_PRESERVE_INBOUND_FORWARDED=true
GATE_HEADERS_FORWARDED_PRESERVE_INBOUND_X_FORWARDED=true
GATE_HEADERS_FORWARDED_PRESERVE_INBOUND_X_REAL_IP=true

HCL

gate = {
  headers = {
    forwarded = {
      set_outbound = {
        forwarded   = true
        x-forwarded = true
        x-real-ip   = true
      }
      preserve_inbound = {
        forwarded   = true
        x-forwarded = true
        x-real-ip   = true
      }
    }
  }
}

JSON

{
  "gate": {
     "headers": {
      "forwarded": {
        "set_outbound": {
          "forwarded": true,
          "x-forwarded": true,
          "x-real-ip": true
        },
        "preserve_inbound": {
          "forwarded": true,
          "x-forwarded": true,
          "x-real-ip": true
        }
      }
    }
  }
}

TOML

[gate.headers]
forwarded.set_outbound.forwarded = true
forwarded.set_outbound.x-forwarded = true
forwarded.set_outbound.x-real-ip = true

forwarded.preserve_inbound.forwarded = true
forwarded.preserve_inbound.x-forwarded = true
forwarded.preserve_inbound.x-real-ip = true

YAML

gate:
  headers:
    forwarded:
      set_outbound:
        forwarded: true
        x-forwarded: true
        x-real-ip: true

      preserve_inbound:
        forwarded: true
        x-forwarded: true
        x-real-ip: true

To debug issues with the configuration of HTTP headers, use log level trace.

Disable Via headers

By default, Gate adds a Via header to all response. You can disable this behaviour with the following option:

Environment variables

GATE_HEADERS_VIA_DISABLED=true

HCL

gate = {
  headers = {
    via = {
      disabled = true
    }
  }

  // ...
}

JSON

{
  "gate": {
    "headers": {
      "via": {
        "disabled": true
      }
    }
    // ...

TOML

[gate.headers]
via.disabled = true

YAML

gate:
  headers:
    via:
      disabled: true