@robinmordasiewicz/f5xc-terraform-mcp 2.4.6 → 2.4.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/docs/resources/addon_subscription.md +5 -5
- package/dist/docs/resources/address_allocator.md +3 -3
- package/dist/docs/resources/advertise_policy.md +39 -39
- package/dist/docs/resources/alert_policy.md +6 -6
- package/dist/docs/resources/alert_receiver.md +57 -57
- package/dist/docs/resources/api_crawler.md +9 -9
- package/dist/docs/resources/api_testing.md +40 -40
- package/dist/docs/resources/apm.md +320 -320
- package/dist/docs/resources/app_api_group.md +10 -10
- package/dist/docs/resources/app_firewall.md +36 -36
- package/dist/docs/resources/app_setting.md +46 -46
- package/dist/docs/resources/app_type.md +3 -3
- package/dist/docs/resources/authentication.md +30 -30
- package/dist/docs/resources/aws_tgw_site.md +184 -184
- package/dist/docs/resources/aws_vpc_site.md +296 -296
- package/dist/docs/resources/azure_vnet_site.md +677 -677
- package/dist/docs/resources/bgp.md +20 -20
- package/dist/docs/resources/bgp_routing_policy.md +4 -4
- package/dist/docs/resources/cdn_cache_rule.md +68 -68
- package/dist/docs/resources/cdn_loadbalancer.md +1166 -1166
- package/dist/docs/resources/certificate.md +4 -4
- package/dist/docs/resources/child_tenant.md +2 -2
- package/dist/docs/resources/cloud_connect.md +35 -35
- package/dist/docs/resources/cloud_credentials.md +37 -37
- package/dist/docs/resources/cloud_link.md +16 -16
- package/dist/docs/resources/cluster.md +68 -68
- package/dist/docs/resources/cminstance.md +6 -6
- package/dist/docs/resources/code_base_integration.md +82 -82
- package/dist/docs/resources/container_registry.md +2 -2
- package/dist/docs/resources/data_type.md +12 -12
- package/dist/docs/resources/discovery.md +71 -71
- package/dist/docs/resources/dns_lb_health_check.md +5 -5
- package/dist/docs/resources/dns_load_balancer.md +25 -25
- package/dist/docs/resources/dns_zone.md +24 -877
- package/dist/docs/resources/endpoint.md +1 -1
- package/dist/docs/resources/enhanced_firewall_policy.md +33 -33
- package/dist/docs/resources/external_connector.md +32 -32
- package/dist/docs/resources/fast_acl.md +59 -59
- package/dist/docs/resources/fast_acl_rule.md +2 -2
- package/dist/docs/resources/filter_set.md +3 -3
- package/dist/docs/resources/fleet.md +359 -359
- package/dist/docs/resources/forward_proxy_policy.md +18 -18
- package/dist/docs/resources/gcp_vpc_site.md +280 -280
- package/dist/docs/resources/geo_location_set.md +1 -1
- package/dist/docs/resources/global_log_receiver.md +216 -216
- package/dist/docs/resources/healthcheck.md +2 -2
- package/dist/docs/resources/http_loadbalancer.md +2190 -2190
- package/dist/docs/resources/infraprotect_tunnel.md +9 -9
- package/dist/docs/resources/k8s_cluster.md +39 -39
- package/dist/docs/resources/k8s_cluster_role.md +10 -10
- package/dist/docs/resources/k8s_pod_security_policy.md +9 -9
- package/dist/docs/resources/log_receiver.md +11 -11
- package/dist/docs/resources/malicious_user_mitigation.md +4 -4
- package/dist/docs/resources/nat_policy.md +22 -22
- package/dist/docs/resources/network_connector.md +37 -37
- package/dist/docs/resources/network_firewall.md +15 -15
- package/dist/docs/resources/network_interface.md +78 -78
- package/dist/docs/resources/network_policy.md +21 -21
- package/dist/docs/resources/network_policy_view.md +7 -7
- package/dist/docs/resources/nfv_service.md +306 -306
- package/dist/docs/resources/oidc_provider.md +1 -1
- package/dist/docs/resources/origin_pool.md +151 -151
- package/dist/docs/resources/policy_based_routing.md +71 -71
- package/dist/docs/resources/protocol_inspection.md +8 -8
- package/dist/docs/resources/proxy.md +401 -401
- package/dist/docs/resources/rate_limiter_policy.md +4 -4
- package/dist/docs/resources/registration.md +1 -1
- package/dist/docs/resources/route.md +155 -155
- package/dist/docs/resources/secret_management_access.md +103 -103
- package/dist/docs/resources/secret_policy.md +7 -7
- package/dist/docs/resources/securemesh_site.md +274 -274
- package/dist/docs/resources/securemesh_site_v2.md +940 -940
- package/dist/docs/resources/sensitive_data_policy.md +3 -3
- package/dist/docs/resources/service_policy.md +154 -154
- package/dist/docs/resources/service_policy_rule.md +51 -51
- package/dist/docs/resources/subnet.md +7 -7
- package/dist/docs/resources/tcp_loadbalancer.md +138 -138
- package/dist/docs/resources/tenant_configuration.md +1 -1
- package/dist/docs/resources/ticket_tracking_system.md +2 -2
- package/dist/docs/resources/tunnel.md +16 -16
- package/dist/docs/resources/udp_loadbalancer.md +56 -56
- package/dist/docs/resources/virtual_host.md +146 -146
- package/dist/docs/resources/virtual_network.md +7 -7
- package/dist/docs/resources/voltshare_admin_policy.md +22 -22
- package/dist/docs/resources/voltstack_site.md +778 -778
- package/dist/docs/resources/waf_exclusion_policy.md +22 -22
- package/dist/docs/resources/workload.md +2226 -2226
- package/package.json +1 -1
|
@@ -93,17 +93,17 @@ In addition to all arguments above, the following attributes are exported:
|
|
|
93
93
|
|
|
94
94
|
An [`active_forward_proxy_policies`](#active-forward-proxy-policies) block supports the following:
|
|
95
95
|
|
|
96
|
-
<a id="
|
|
96
|
+
<a id="policies-42e2f7"></a>• [`forward_proxy_policies`](#policies-42e2f7) - Optional Block<br>Forward Proxy Policies. Ordered List of Forward Proxy Policies active<br>See [Forward Proxy Policies](#policies-42e2f7) below.
|
|
97
97
|
|
|
98
98
|
#### Active Forward Proxy Policies Forward Proxy Policies
|
|
99
99
|
|
|
100
|
-
A [`forward_proxy_policies`](#
|
|
100
|
+
A [`forward_proxy_policies`](#policies-42e2f7) block (within [`active_forward_proxy_policies`](#active-forward-proxy-policies)) supports the following:
|
|
101
101
|
|
|
102
|
-
<a id="
|
|
102
|
+
<a id="name-c2d06e"></a>• [`name`](#name-c2d06e) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
103
103
|
|
|
104
|
-
<a id="
|
|
104
|
+
<a id="namespace-63e125"></a>• [`namespace`](#namespace-63e125) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
105
105
|
|
|
106
|
-
<a id="
|
|
106
|
+
<a id="tenant-e68ab4"></a>• [`tenant`](#tenant-e68ab4) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
107
107
|
|
|
108
108
|
#### Dynamic Proxy
|
|
109
109
|
|
|
@@ -131,247 +131,247 @@ A [`http_proxy`](#dynamic-proxy-http-proxy) block (within [`dynamic_proxy`](#dyn
|
|
|
131
131
|
|
|
132
132
|
A [`more_option`](#dynamic-proxy-http-proxy-more-option) block (within [`dynamic_proxy.http_proxy`](#dynamic-proxy-http-proxy)) supports the following:
|
|
133
133
|
|
|
134
|
-
<a id="
|
|
134
|
+
<a id="policy-dc12bf"></a>• [`buffer_policy`](#policy-dc12bf) - Optional Block<br>Buffer Configuration. Some upstream applications are not capable of handling streamed data. This config enables buffering the entire request before sending to upstream application. We can specify the maximum buffer size and buffer interval with this config. Buffering can be enabled and disabled at VirtualHost and Route levels Route level buffer configuration takes precedence<br>See [Buffer Policy](#policy-dc12bf) below.
|
|
135
135
|
|
|
136
|
-
<a id="
|
|
136
|
+
<a id="params-c9d1d2"></a>• [`compression_params`](#params-c9d1d2) - Optional Block<br>Compression Parameters. Enables loadbalancer to compress dispatched data from an upstream service upon client request. The content is compressed and then sent to the client with the appropriate headers if either response and request allow. Only GZIP compression is supported. By default compression will be skipped when: A request does NOT contain accept-encoding header. A request includes accept-encoding header, but it does not contain “gzip” or “*”. A request includes accept-encoding with “gzip” or “*” with the weight “q=0”. Note that the “gzip” will have a higher weight then “*”. For example, if accept-encoding is “gzip;q=0,*;q=1”, the filter will not compress. But if the header is set to “*;q=0,gzip;q=1”, the filter will compress. A request whose accept-encoding header includes “identity”. A response contains a content-encoding header. A response contains a cache-control header whose value includes “no-transform”. A response contains a transfer-encoding header whose value includes “gzip”. A response does not contain a content-type value that matches one of the selected mime-types, which default to application/javascript, application/JSON, application/xhtml+XML, image/svg+XML, text/CSS, text/HTML, text/plain, text/XML. Neither content-length nor transfer-encoding headers are present in the response. Response size is smaller than 30 bytes (only applicable when transfer-encoding is not chunked). When compression is applied: The content-length is removed from response headers. Response headers contain “transfer-encoding: chunked” and do not contain “content-encoding” header. The “vary: accept-encoding” header is inserted on every response. GZIP Compression Level: A value which is optimal balance between speed of compression and amount of compression is chosen<br>See [Compression Params](#params-c9d1d2) below.
|
|
137
137
|
|
|
138
|
-
<a id="
|
|
138
|
+
<a id="errors-be4463"></a>• [`custom_errors`](#errors-be4463) - Optional Block<br>Custom Error Responses. Map of integer error codes as keys and string values that can be used to provide custom HTTP pages for each error code. Key of the map can be either response code class or HTTP Error code. Response code classes for key is configured as follows 3 -- for 3xx response code class 4 -- for 4xx response code class 5 -- for 5xx response code class Value of the map is string which represents custom HTTP responses. Specific response code takes preference when both response code and response code class matches for a request
|
|
139
139
|
|
|
140
|
-
<a id="
|
|
140
|
+
<a id="pages-241bd8"></a>• [`disable_default_error_pages`](#pages-241bd8) - Optional Bool<br>Disable Default Error Pages. Disable the use of default F5XC error pages
|
|
141
141
|
|
|
142
|
-
<a id="
|
|
142
|
+
<a id="normalize-343080"></a>• [`disable_path_normalize`](#normalize-343080) - Optional Block<br>Enable this option
|
|
143
143
|
|
|
144
|
-
<a id="
|
|
144
|
+
<a id="normalize-19a976"></a>• [`enable_path_normalize`](#normalize-19a976) - Optional Block<br>Enable this option
|
|
145
145
|
|
|
146
|
-
<a id="
|
|
146
|
+
<a id="timeout-14c486"></a>• [`idle_timeout`](#timeout-14c486) - Optional Number<br>Idle Timeout. The amount of time that a stream can exist without upstream or downstream activity, in milliseconds. The stream is terminated with a HTTP 504 (Gateway Timeout) error code if no upstream response header has been received, otherwise the stream is reset
|
|
147
147
|
|
|
148
|
-
<a id="
|
|
148
|
+
<a id="size-302702"></a>• [`max_request_header_size`](#size-302702) - Optional Number<br>Maximum Request Header Size. The maximum request header size for downstream connections, in KiB. A HTTP 431 (Request Header Fields Too Large) error code is sent for requests that exceed this size. If multiple load balancers share the same advertise_policy, the highest value configured across all such load balancers is used for all the load balancers in question
|
|
149
149
|
|
|
150
|
-
<a id="
|
|
150
|
+
<a id="add-a872f8"></a>• [`request_cookies_to_add`](#add-a872f8) - Optional Block<br>Add Cookies in Cookie Header. Cookies are key-value pairs to be added to HTTP request being routed towards upstream. Cookies specified at this level are applied after cookies from matched Route are applied<br>See [Request Cookies To Add](#add-a872f8) below.
|
|
151
151
|
|
|
152
|
-
<a id="
|
|
152
|
+
<a id="remove-411cd3"></a>• [`request_cookies_to_remove`](#remove-411cd3) - Optional List<br>Remove Cookies from Cookie Header. List of keys of Cookies to be removed from the HTTP request being sent towards upstream
|
|
153
153
|
|
|
154
|
-
<a id="
|
|
154
|
+
<a id="add-3661bf"></a>• [`request_headers_to_add`](#add-3661bf) - Optional Block<br>Add Request Headers. Headers are key-value pairs to be added to HTTP request being routed towards upstream. Headers specified at this level are applied after headers from matched Route are applied<br>See [Request Headers To Add](#add-3661bf) below.
|
|
155
155
|
|
|
156
|
-
<a id="
|
|
156
|
+
<a id="remove-031e38"></a>• [`request_headers_to_remove`](#remove-031e38) - Optional List<br>Remove Request Headers. List of keys of Headers to be removed from the HTTP request being sent towards upstream
|
|
157
157
|
|
|
158
|
-
<a id="
|
|
158
|
+
<a id="add-9ca95a"></a>• [`response_cookies_to_add`](#add-9ca95a) - Optional Block<br>Add Set-Cookie Headers. Cookies are name-value pairs along with optional attribute parameters to be added to HTTP response being sent towards downstream. Cookies specified at this level are applied after cookies from matched Route are applied<br>See [Response Cookies To Add](#add-9ca95a) below.
|
|
159
159
|
|
|
160
|
-
<a id="
|
|
160
|
+
<a id="remove-09fdc6"></a>• [`response_cookies_to_remove`](#remove-09fdc6) - Optional List<br>Remove Cookies from Set-Cookie Headers. List of name of Cookies to be removed from the HTTP response being sent towards downstream. Entire set-cookie header will be removed
|
|
161
161
|
|
|
162
|
-
<a id="
|
|
162
|
+
<a id="add-91639a"></a>• [`response_headers_to_add`](#add-91639a) - Optional Block<br>Add Response Headers. Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied after headers from matched Route are applied<br>See [Response Headers To Add](#add-91639a) below.
|
|
163
163
|
|
|
164
|
-
<a id="
|
|
164
|
+
<a id="remove-8ec5bc"></a>• [`response_headers_to_remove`](#remove-8ec5bc) - Optional List<br>Remove Response Headers. List of keys of Headers to be removed from the HTTP response being sent towards downstream
|
|
165
165
|
|
|
166
166
|
#### Dynamic Proxy HTTP Proxy More Option Buffer Policy
|
|
167
167
|
|
|
168
|
-
A [`buffer_policy`](#
|
|
168
|
+
A [`buffer_policy`](#policy-dc12bf) block (within [`dynamic_proxy.http_proxy.more_option`](#dynamic-proxy-http-proxy-more-option)) supports the following:
|
|
169
169
|
|
|
170
|
-
<a id="
|
|
170
|
+
<a id="disabled-58d7eb"></a>• [`disabled`](#disabled-58d7eb) - Optional Bool<br>Disable. Disable buffering for a particular route. This is useful when virtual-host has buffering, but we need to disable it on a specific route. The value of this field is ignored for virtual-host
|
|
171
171
|
|
|
172
|
-
<a id="
|
|
172
|
+
<a id="bytes-a69ae9"></a>• [`max_request_bytes`](#bytes-a69ae9) - Optional Number<br>Max Request Bytes. The maximum request size that the filter will buffer before the connection manager will stop buffering and return a RequestEntityTooLarge (413) response
|
|
173
173
|
|
|
174
174
|
#### Dynamic Proxy HTTP Proxy More Option Compression Params
|
|
175
175
|
|
|
176
|
-
A [`compression_params`](#
|
|
176
|
+
A [`compression_params`](#params-c9d1d2) block (within [`dynamic_proxy.http_proxy.more_option`](#dynamic-proxy-http-proxy-more-option)) supports the following:
|
|
177
177
|
|
|
178
|
-
<a id="
|
|
178
|
+
<a id="length-acd260"></a>• [`content_length`](#length-acd260) - Optional Number Defaults to `30`<br>Content Length. Minimum response length, in bytes, which will trigger compression. The
|
|
179
179
|
|
|
180
|
-
<a id="
|
|
180
|
+
<a id="type-596051"></a>• [`content_type`](#type-596051) - Optional List<br>Content Type. Set of strings that allows specifying which mime-types yield compression When this field is not defined, compression will be applied to the following mime-types: 'application/javascript' 'application/JSON', 'application/xhtml+XML' 'image/svg+XML' 'text/CSS' 'text/HTML' 'text/plain' 'text/XML'
|
|
181
181
|
|
|
182
|
-
<a id="
|
|
182
|
+
<a id="header-eba324"></a>• [`disable_on_etag_header`](#header-eba324) - Optional Bool<br>Disable On Etag Header. If true, disables compression when the response contains an etag header. When it is false, weak etags will be preserved and the ones that require strong validation will be removed
|
|
183
183
|
|
|
184
|
-
<a id="
|
|
184
|
+
<a id="header-c1b850"></a>• [`remove_accept_encoding_header`](#header-c1b850) - Optional Bool<br>Remove Accept-Encoding Header. If true, removes accept-encoding from the request headers before dispatching it to the upstream so that responses do not get compressed before reaching the filter
|
|
185
185
|
|
|
186
186
|
#### Dynamic Proxy HTTP Proxy More Option Request Cookies To Add
|
|
187
187
|
|
|
188
|
-
A [`request_cookies_to_add`](#
|
|
188
|
+
A [`request_cookies_to_add`](#add-a872f8) block (within [`dynamic_proxy.http_proxy.more_option`](#dynamic-proxy-http-proxy-more-option)) supports the following:
|
|
189
189
|
|
|
190
|
-
<a id="
|
|
190
|
+
<a id="name-9fa714"></a>• [`name`](#name-9fa714) - Optional String<br>Name. Name of the cookie in Cookie header
|
|
191
191
|
|
|
192
|
-
<a id="
|
|
192
|
+
<a id="overwrite-4b4cf0"></a>• [`overwrite`](#overwrite-4b4cf0) - Optional Bool Defaults to `do`<br>Overwrite. Should the value be overwritten? If true, the value is overwritten to existing values. not overwrite
|
|
193
193
|
|
|
194
|
-
<a id="
|
|
194
|
+
<a id="value-ce6641"></a>• [`secret_value`](#value-ce6641) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Secret Value](#value-ce6641) below.
|
|
195
195
|
|
|
196
|
-
<a id="
|
|
196
|
+
<a id="value-cc351d"></a>• [`value`](#value-cc351d) - Optional String<br>Value. Value of the Cookie header
|
|
197
197
|
|
|
198
198
|
#### Dynamic Proxy HTTP Proxy More Option Request Cookies To Add Secret Value
|
|
199
199
|
|
|
200
|
-
A [`secret_value`](#
|
|
200
|
+
A [`secret_value`](#value-ce6641) block (within [`dynamic_proxy.http_proxy.more_option.request_cookies_to_add`](#add-a872f8)) supports the following:
|
|
201
201
|
|
|
202
|
-
<a id="
|
|
202
|
+
<a id="info-c47605"></a>• [`blindfold_secret_info`](#info-c47605) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-c47605) below.
|
|
203
203
|
|
|
204
|
-
<a id="
|
|
204
|
+
<a id="info-aebb29"></a>• [`clear_secret_info`](#info-aebb29) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-aebb29) below.
|
|
205
205
|
|
|
206
206
|
#### Dynamic Proxy HTTP Proxy More Option Request Cookies To Add Secret Value Blindfold Secret Info
|
|
207
207
|
|
|
208
|
-
A [`blindfold_secret_info`](#
|
|
208
|
+
A [`blindfold_secret_info`](#info-c47605) block (within [`dynamic_proxy.http_proxy.more_option.request_cookies_to_add.secret_value`](#value-ce6641)) supports the following:
|
|
209
209
|
|
|
210
|
-
<a id="
|
|
210
|
+
<a id="provider-6e2fe4"></a>• [`decryption_provider`](#provider-6e2fe4) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
211
211
|
|
|
212
|
-
<a id="
|
|
212
|
+
<a id="location-5af68a"></a>• [`location`](#location-5af68a) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
213
213
|
|
|
214
|
-
<a id="
|
|
214
|
+
<a id="provider-94eb47"></a>• [`store_provider`](#provider-94eb47) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
215
215
|
|
|
216
216
|
#### Dynamic Proxy HTTP Proxy More Option Request Cookies To Add Secret Value Clear Secret Info
|
|
217
217
|
|
|
218
|
-
A [`clear_secret_info`](#
|
|
218
|
+
A [`clear_secret_info`](#info-aebb29) block (within [`dynamic_proxy.http_proxy.more_option.request_cookies_to_add.secret_value`](#value-ce6641)) supports the following:
|
|
219
219
|
|
|
220
|
-
<a id="
|
|
220
|
+
<a id="ref-166aeb"></a>• [`provider_ref`](#ref-166aeb) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
221
221
|
|
|
222
|
-
<a id="
|
|
222
|
+
<a id="url-f57563"></a>• [`url`](#url-f57563) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
223
223
|
|
|
224
224
|
#### Dynamic Proxy HTTP Proxy More Option Request Headers To Add
|
|
225
225
|
|
|
226
|
-
A [`request_headers_to_add`](#
|
|
226
|
+
A [`request_headers_to_add`](#add-3661bf) block (within [`dynamic_proxy.http_proxy.more_option`](#dynamic-proxy-http-proxy-more-option)) supports the following:
|
|
227
227
|
|
|
228
|
-
<a id="
|
|
228
|
+
<a id="append-7cbdc2"></a>• [`append`](#append-7cbdc2) - Optional Bool Defaults to `do`<br>Append. Should the value be appended? If true, the value is appended to existing values. not append
|
|
229
229
|
|
|
230
|
-
<a id="
|
|
230
|
+
<a id="name-f9c73b"></a>• [`name`](#name-f9c73b) - Optional String<br>Name. Name of the HTTP header
|
|
231
231
|
|
|
232
|
-
<a id="
|
|
232
|
+
<a id="value-b59cb1"></a>• [`secret_value`](#value-b59cb1) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Secret Value](#value-b59cb1) below.
|
|
233
233
|
|
|
234
|
-
<a id="
|
|
234
|
+
<a id="value-c61e93"></a>• [`value`](#value-c61e93) - Optional String<br>Value. Value of the HTTP header
|
|
235
235
|
|
|
236
236
|
#### Dynamic Proxy HTTP Proxy More Option Request Headers To Add Secret Value
|
|
237
237
|
|
|
238
|
-
A [`secret_value`](#
|
|
238
|
+
A [`secret_value`](#value-b59cb1) block (within [`dynamic_proxy.http_proxy.more_option.request_headers_to_add`](#add-3661bf)) supports the following:
|
|
239
239
|
|
|
240
|
-
<a id="
|
|
240
|
+
<a id="info-194179"></a>• [`blindfold_secret_info`](#info-194179) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-194179) below.
|
|
241
241
|
|
|
242
|
-
<a id="
|
|
242
|
+
<a id="info-119525"></a>• [`clear_secret_info`](#info-119525) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-119525) below.
|
|
243
243
|
|
|
244
244
|
#### Dynamic Proxy HTTP Proxy More Option Request Headers To Add Secret Value Blindfold Secret Info
|
|
245
245
|
|
|
246
|
-
A [`blindfold_secret_info`](#
|
|
246
|
+
A [`blindfold_secret_info`](#info-194179) block (within [`dynamic_proxy.http_proxy.more_option.request_headers_to_add.secret_value`](#value-b59cb1)) supports the following:
|
|
247
247
|
|
|
248
|
-
<a id="
|
|
248
|
+
<a id="provider-aff7d3"></a>• [`decryption_provider`](#provider-aff7d3) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
249
249
|
|
|
250
|
-
<a id="
|
|
250
|
+
<a id="location-9eaf7a"></a>• [`location`](#location-9eaf7a) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
251
251
|
|
|
252
|
-
<a id="
|
|
252
|
+
<a id="provider-af5cde"></a>• [`store_provider`](#provider-af5cde) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
253
253
|
|
|
254
254
|
#### Dynamic Proxy HTTP Proxy More Option Request Headers To Add Secret Value Clear Secret Info
|
|
255
255
|
|
|
256
|
-
A [`clear_secret_info`](#
|
|
256
|
+
A [`clear_secret_info`](#info-119525) block (within [`dynamic_proxy.http_proxy.more_option.request_headers_to_add.secret_value`](#value-b59cb1)) supports the following:
|
|
257
257
|
|
|
258
|
-
<a id="
|
|
258
|
+
<a id="ref-d80107"></a>• [`provider_ref`](#ref-d80107) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
259
259
|
|
|
260
|
-
<a id="
|
|
260
|
+
<a id="url-588206"></a>• [`url`](#url-588206) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
261
261
|
|
|
262
262
|
#### Dynamic Proxy HTTP Proxy More Option Response Cookies To Add
|
|
263
263
|
|
|
264
|
-
A [`response_cookies_to_add`](#
|
|
264
|
+
A [`response_cookies_to_add`](#add-9ca95a) block (within [`dynamic_proxy.http_proxy.more_option`](#dynamic-proxy-http-proxy-more-option)) supports the following:
|
|
265
265
|
|
|
266
|
-
<a id="
|
|
266
|
+
<a id="domain-08783a"></a>• [`add_domain`](#domain-08783a) - Optional String<br>Add Domain. Add domain attribute
|
|
267
267
|
|
|
268
|
-
<a id="
|
|
268
|
+
<a id="expiry-6a734b"></a>• [`add_expiry`](#expiry-6a734b) - Optional String<br>Add expiry. Add expiry attribute
|
|
269
269
|
|
|
270
|
-
<a id="
|
|
270
|
+
<a id="httponly-dd776b"></a>• [`add_httponly`](#httponly-dd776b) - Optional Block<br>Enable this option
|
|
271
271
|
|
|
272
|
-
<a id="
|
|
272
|
+
<a id="partitioned-ccfc66"></a>• [`add_partitioned`](#partitioned-ccfc66) - Optional Block<br>Enable this option
|
|
273
273
|
|
|
274
|
-
<a id="
|
|
274
|
+
<a id="path-118771"></a>• [`add_path`](#path-118771) - Optional String<br>Add path. Add path attribute
|
|
275
275
|
|
|
276
|
-
<a id="
|
|
276
|
+
<a id="secure-d40bba"></a>• [`add_secure`](#secure-d40bba) - Optional Block<br>Enable this option
|
|
277
277
|
|
|
278
|
-
<a id="
|
|
278
|
+
<a id="domain-6cf3f1"></a>• [`ignore_domain`](#domain-6cf3f1) - Optional Block<br>Enable this option
|
|
279
279
|
|
|
280
|
-
<a id="
|
|
280
|
+
<a id="expiry-c0b405"></a>• [`ignore_expiry`](#expiry-c0b405) - Optional Block<br>Enable this option
|
|
281
281
|
|
|
282
|
-
<a id="
|
|
282
|
+
<a id="httponly-6e1f25"></a>• [`ignore_httponly`](#httponly-6e1f25) - Optional Block<br>Enable this option
|
|
283
283
|
|
|
284
|
-
<a id="
|
|
284
|
+
<a id="age-ccc973"></a>• [`ignore_max_age`](#age-ccc973) - Optional Block<br>Enable this option
|
|
285
285
|
|
|
286
|
-
<a id="
|
|
286
|
+
<a id="partitioned-d62000"></a>• [`ignore_partitioned`](#partitioned-d62000) - Optional Block<br>Enable this option
|
|
287
287
|
|
|
288
|
-
<a id="
|
|
288
|
+
<a id="path-c41359"></a>• [`ignore_path`](#path-c41359) - Optional Block<br>Enable this option
|
|
289
289
|
|
|
290
|
-
<a id="
|
|
290
|
+
<a id="samesite-ad6396"></a>• [`ignore_samesite`](#samesite-ad6396) - Optional Block<br>Enable this option
|
|
291
291
|
|
|
292
|
-
<a id="
|
|
292
|
+
<a id="secure-6680d6"></a>• [`ignore_secure`](#secure-6680d6) - Optional Block<br>Enable this option
|
|
293
293
|
|
|
294
|
-
<a id="
|
|
294
|
+
<a id="value-885f6c"></a>• [`ignore_value`](#value-885f6c) - Optional Block<br>Enable this option
|
|
295
295
|
|
|
296
|
-
<a id="
|
|
296
|
+
<a id="value-6b6157"></a>• [`max_age_value`](#value-6b6157) - Optional Number<br>Add Max Age. Add max age attribute
|
|
297
297
|
|
|
298
|
-
<a id="
|
|
298
|
+
<a id="name-26628a"></a>• [`name`](#name-26628a) - Optional String<br>Name. Name of the cookie in Cookie header
|
|
299
299
|
|
|
300
|
-
<a id="
|
|
300
|
+
<a id="overwrite-813b7a"></a>• [`overwrite`](#overwrite-813b7a) - Optional Bool Defaults to `do`<br>Overwrite. Should the value be overwritten? If true, the value is overwritten to existing values. not overwrite
|
|
301
301
|
|
|
302
|
-
<a id="
|
|
302
|
+
<a id="lax-c3cb8c"></a>• [`samesite_lax`](#lax-c3cb8c) - Optional Block<br>Enable this option
|
|
303
303
|
|
|
304
|
-
<a id="
|
|
304
|
+
<a id="none-6eb774"></a>• [`samesite_none`](#none-6eb774) - Optional Block<br>Enable this option
|
|
305
305
|
|
|
306
|
-
<a id="
|
|
306
|
+
<a id="strict-e2c697"></a>• [`samesite_strict`](#strict-e2c697) - Optional Block<br>Enable this option
|
|
307
307
|
|
|
308
|
-
<a id="
|
|
308
|
+
<a id="value-f2f686"></a>• [`secret_value`](#value-f2f686) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Secret Value](#value-f2f686) below.
|
|
309
309
|
|
|
310
|
-
<a id="
|
|
310
|
+
<a id="value-3542a3"></a>• [`value`](#value-3542a3) - Optional String<br>Value. Value of the Cookie header
|
|
311
311
|
|
|
312
312
|
#### Dynamic Proxy HTTP Proxy More Option Response Cookies To Add Secret Value
|
|
313
313
|
|
|
314
|
-
A [`secret_value`](#
|
|
314
|
+
A [`secret_value`](#value-f2f686) block (within [`dynamic_proxy.http_proxy.more_option.response_cookies_to_add`](#add-9ca95a)) supports the following:
|
|
315
315
|
|
|
316
|
-
<a id="
|
|
316
|
+
<a id="info-1b6e67"></a>• [`blindfold_secret_info`](#info-1b6e67) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-1b6e67) below.
|
|
317
317
|
|
|
318
|
-
<a id="
|
|
318
|
+
<a id="info-bbd78a"></a>• [`clear_secret_info`](#info-bbd78a) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-bbd78a) below.
|
|
319
319
|
|
|
320
320
|
#### Dynamic Proxy HTTP Proxy More Option Response Cookies To Add Secret Value Blindfold Secret Info
|
|
321
321
|
|
|
322
|
-
A [`blindfold_secret_info`](#
|
|
322
|
+
A [`blindfold_secret_info`](#info-1b6e67) block (within [`dynamic_proxy.http_proxy.more_option.response_cookies_to_add.secret_value`](#value-f2f686)) supports the following:
|
|
323
323
|
|
|
324
|
-
<a id="
|
|
324
|
+
<a id="provider-182990"></a>• [`decryption_provider`](#provider-182990) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
325
325
|
|
|
326
|
-
<a id="
|
|
326
|
+
<a id="location-10d8d6"></a>• [`location`](#location-10d8d6) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
327
327
|
|
|
328
|
-
<a id="
|
|
328
|
+
<a id="provider-78495f"></a>• [`store_provider`](#provider-78495f) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
329
329
|
|
|
330
330
|
#### Dynamic Proxy HTTP Proxy More Option Response Cookies To Add Secret Value Clear Secret Info
|
|
331
331
|
|
|
332
|
-
A [`clear_secret_info`](#
|
|
332
|
+
A [`clear_secret_info`](#info-bbd78a) block (within [`dynamic_proxy.http_proxy.more_option.response_cookies_to_add.secret_value`](#value-f2f686)) supports the following:
|
|
333
333
|
|
|
334
|
-
<a id="
|
|
334
|
+
<a id="ref-1dfa6c"></a>• [`provider_ref`](#ref-1dfa6c) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
335
335
|
|
|
336
|
-
<a id="
|
|
336
|
+
<a id="url-bc1d03"></a>• [`url`](#url-bc1d03) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
337
337
|
|
|
338
338
|
#### Dynamic Proxy HTTP Proxy More Option Response Headers To Add
|
|
339
339
|
|
|
340
|
-
A [`response_headers_to_add`](#
|
|
340
|
+
A [`response_headers_to_add`](#add-91639a) block (within [`dynamic_proxy.http_proxy.more_option`](#dynamic-proxy-http-proxy-more-option)) supports the following:
|
|
341
341
|
|
|
342
|
-
<a id="
|
|
342
|
+
<a id="append-a43849"></a>• [`append`](#append-a43849) - Optional Bool Defaults to `do`<br>Append. Should the value be appended? If true, the value is appended to existing values. not append
|
|
343
343
|
|
|
344
|
-
<a id="
|
|
344
|
+
<a id="name-d9f09b"></a>• [`name`](#name-d9f09b) - Optional String<br>Name. Name of the HTTP header
|
|
345
345
|
|
|
346
|
-
<a id="
|
|
346
|
+
<a id="value-daf041"></a>• [`secret_value`](#value-daf041) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Secret Value](#value-daf041) below.
|
|
347
347
|
|
|
348
|
-
<a id="
|
|
348
|
+
<a id="value-428d7d"></a>• [`value`](#value-428d7d) - Optional String<br>Value. Value of the HTTP header
|
|
349
349
|
|
|
350
350
|
#### Dynamic Proxy HTTP Proxy More Option Response Headers To Add Secret Value
|
|
351
351
|
|
|
352
|
-
A [`secret_value`](#
|
|
352
|
+
A [`secret_value`](#value-daf041) block (within [`dynamic_proxy.http_proxy.more_option.response_headers_to_add`](#add-91639a)) supports the following:
|
|
353
353
|
|
|
354
|
-
<a id="
|
|
354
|
+
<a id="info-fc0cf5"></a>• [`blindfold_secret_info`](#info-fc0cf5) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-fc0cf5) below.
|
|
355
355
|
|
|
356
|
-
<a id="
|
|
356
|
+
<a id="info-8946b7"></a>• [`clear_secret_info`](#info-8946b7) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-8946b7) below.
|
|
357
357
|
|
|
358
358
|
#### Dynamic Proxy HTTP Proxy More Option Response Headers To Add Secret Value Blindfold Secret Info
|
|
359
359
|
|
|
360
|
-
A [`blindfold_secret_info`](#
|
|
360
|
+
A [`blindfold_secret_info`](#info-fc0cf5) block (within [`dynamic_proxy.http_proxy.more_option.response_headers_to_add.secret_value`](#value-daf041)) supports the following:
|
|
361
361
|
|
|
362
|
-
<a id="
|
|
362
|
+
<a id="provider-cfd697"></a>• [`decryption_provider`](#provider-cfd697) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
363
363
|
|
|
364
|
-
<a id="
|
|
364
|
+
<a id="location-e68812"></a>• [`location`](#location-e68812) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
365
365
|
|
|
366
|
-
<a id="
|
|
366
|
+
<a id="provider-1c24b4"></a>• [`store_provider`](#provider-1c24b4) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
367
367
|
|
|
368
368
|
#### Dynamic Proxy HTTP Proxy More Option Response Headers To Add Secret Value Clear Secret Info
|
|
369
369
|
|
|
370
|
-
A [`clear_secret_info`](#
|
|
370
|
+
A [`clear_secret_info`](#info-8946b7) block (within [`dynamic_proxy.http_proxy.more_option.response_headers_to_add.secret_value`](#value-daf041)) supports the following:
|
|
371
371
|
|
|
372
|
-
<a id="
|
|
372
|
+
<a id="ref-7e7d99"></a>• [`provider_ref`](#ref-7e7d99) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
373
373
|
|
|
374
|
-
<a id="
|
|
374
|
+
<a id="url-85d846"></a>• [`url`](#url-85d846) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
375
375
|
|
|
376
376
|
#### Dynamic Proxy HTTPS Proxy
|
|
377
377
|
|
|
@@ -385,373 +385,373 @@ A [`https_proxy`](#dynamic-proxy-https-proxy) block (within [`dynamic_proxy`](#d
|
|
|
385
385
|
|
|
386
386
|
A [`more_option`](#dynamic-proxy-https-proxy-more-option) block (within [`dynamic_proxy.https_proxy`](#dynamic-proxy-https-proxy)) supports the following:
|
|
387
387
|
|
|
388
|
-
<a id="
|
|
388
|
+
<a id="policy-5af133"></a>• [`buffer_policy`](#policy-5af133) - Optional Block<br>Buffer Configuration. Some upstream applications are not capable of handling streamed data. This config enables buffering the entire request before sending to upstream application. We can specify the maximum buffer size and buffer interval with this config. Buffering can be enabled and disabled at VirtualHost and Route levels Route level buffer configuration takes precedence<br>See [Buffer Policy](#policy-5af133) below.
|
|
389
389
|
|
|
390
|
-
<a id="
|
|
390
|
+
<a id="params-013546"></a>• [`compression_params`](#params-013546) - Optional Block<br>Compression Parameters. Enables loadbalancer to compress dispatched data from an upstream service upon client request. The content is compressed and then sent to the client with the appropriate headers if either response and request allow. Only GZIP compression is supported. By default compression will be skipped when: A request does NOT contain accept-encoding header. A request includes accept-encoding header, but it does not contain “gzip” or “*”. A request includes accept-encoding with “gzip” or “*” with the weight “q=0”. Note that the “gzip” will have a higher weight then “*”. For example, if accept-encoding is “gzip;q=0,*;q=1”, the filter will not compress. But if the header is set to “*;q=0,gzip;q=1”, the filter will compress. A request whose accept-encoding header includes “identity”. A response contains a content-encoding header. A response contains a cache-control header whose value includes “no-transform”. A response contains a transfer-encoding header whose value includes “gzip”. A response does not contain a content-type value that matches one of the selected mime-types, which default to application/javascript, application/JSON, application/xhtml+XML, image/svg+XML, text/CSS, text/HTML, text/plain, text/XML. Neither content-length nor transfer-encoding headers are present in the response. Response size is smaller than 30 bytes (only applicable when transfer-encoding is not chunked). When compression is applied: The content-length is removed from response headers. Response headers contain “transfer-encoding: chunked” and do not contain “content-encoding” header. The “vary: accept-encoding” header is inserted on every response. GZIP Compression Level: A value which is optimal balance between speed of compression and amount of compression is chosen<br>See [Compression Params](#params-013546) below.
|
|
391
391
|
|
|
392
|
-
<a id="
|
|
392
|
+
<a id="errors-01c21a"></a>• [`custom_errors`](#errors-01c21a) - Optional Block<br>Custom Error Responses. Map of integer error codes as keys and string values that can be used to provide custom HTTP pages for each error code. Key of the map can be either response code class or HTTP Error code. Response code classes for key is configured as follows 3 -- for 3xx response code class 4 -- for 4xx response code class 5 -- for 5xx response code class Value of the map is string which represents custom HTTP responses. Specific response code takes preference when both response code and response code class matches for a request
|
|
393
393
|
|
|
394
|
-
<a id="
|
|
394
|
+
<a id="pages-9edd65"></a>• [`disable_default_error_pages`](#pages-9edd65) - Optional Bool<br>Disable Default Error Pages. Disable the use of default F5XC error pages
|
|
395
395
|
|
|
396
|
-
<a id="
|
|
396
|
+
<a id="normalize-780e38"></a>• [`disable_path_normalize`](#normalize-780e38) - Optional Block<br>Enable this option
|
|
397
397
|
|
|
398
|
-
<a id="
|
|
398
|
+
<a id="normalize-a240ab"></a>• [`enable_path_normalize`](#normalize-a240ab) - Optional Block<br>Enable this option
|
|
399
399
|
|
|
400
|
-
<a id="
|
|
400
|
+
<a id="timeout-1062ad"></a>• [`idle_timeout`](#timeout-1062ad) - Optional Number<br>Idle Timeout. The amount of time that a stream can exist without upstream or downstream activity, in milliseconds. The stream is terminated with a HTTP 504 (Gateway Timeout) error code if no upstream response header has been received, otherwise the stream is reset
|
|
401
401
|
|
|
402
|
-
<a id="
|
|
402
|
+
<a id="size-620c3f"></a>• [`max_request_header_size`](#size-620c3f) - Optional Number<br>Maximum Request Header Size. The maximum request header size for downstream connections, in KiB. A HTTP 431 (Request Header Fields Too Large) error code is sent for requests that exceed this size. If multiple load balancers share the same advertise_policy, the highest value configured across all such load balancers is used for all the load balancers in question
|
|
403
403
|
|
|
404
|
-
<a id="
|
|
404
|
+
<a id="add-1b5bcd"></a>• [`request_cookies_to_add`](#add-1b5bcd) - Optional Block<br>Add Cookies in Cookie Header. Cookies are key-value pairs to be added to HTTP request being routed towards upstream. Cookies specified at this level are applied after cookies from matched Route are applied<br>See [Request Cookies To Add](#add-1b5bcd) below.
|
|
405
405
|
|
|
406
|
-
<a id="
|
|
406
|
+
<a id="remove-cfd658"></a>• [`request_cookies_to_remove`](#remove-cfd658) - Optional List<br>Remove Cookies from Cookie Header. List of keys of Cookies to be removed from the HTTP request being sent towards upstream
|
|
407
407
|
|
|
408
|
-
<a id="
|
|
408
|
+
<a id="add-0332ff"></a>• [`request_headers_to_add`](#add-0332ff) - Optional Block<br>Add Request Headers. Headers are key-value pairs to be added to HTTP request being routed towards upstream. Headers specified at this level are applied after headers from matched Route are applied<br>See [Request Headers To Add](#add-0332ff) below.
|
|
409
409
|
|
|
410
|
-
<a id="
|
|
410
|
+
<a id="remove-606625"></a>• [`request_headers_to_remove`](#remove-606625) - Optional List<br>Remove Request Headers. List of keys of Headers to be removed from the HTTP request being sent towards upstream
|
|
411
411
|
|
|
412
|
-
<a id="
|
|
412
|
+
<a id="add-dd9473"></a>• [`response_cookies_to_add`](#add-dd9473) - Optional Block<br>Add Set-Cookie Headers. Cookies are name-value pairs along with optional attribute parameters to be added to HTTP response being sent towards downstream. Cookies specified at this level are applied after cookies from matched Route are applied<br>See [Response Cookies To Add](#add-dd9473) below.
|
|
413
413
|
|
|
414
|
-
<a id="
|
|
414
|
+
<a id="remove-5d52c7"></a>• [`response_cookies_to_remove`](#remove-5d52c7) - Optional List<br>Remove Cookies from Set-Cookie Headers. List of name of Cookies to be removed from the HTTP response being sent towards downstream. Entire set-cookie header will be removed
|
|
415
415
|
|
|
416
|
-
<a id="
|
|
416
|
+
<a id="add-db908d"></a>• [`response_headers_to_add`](#add-db908d) - Optional Block<br>Add Response Headers. Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied after headers from matched Route are applied<br>See [Response Headers To Add](#add-db908d) below.
|
|
417
417
|
|
|
418
|
-
<a id="
|
|
418
|
+
<a id="remove-27e742"></a>• [`response_headers_to_remove`](#remove-27e742) - Optional List<br>Remove Response Headers. List of keys of Headers to be removed from the HTTP response being sent towards downstream
|
|
419
419
|
|
|
420
420
|
#### Dynamic Proxy HTTPS Proxy More Option Buffer Policy
|
|
421
421
|
|
|
422
|
-
A [`buffer_policy`](#
|
|
422
|
+
A [`buffer_policy`](#policy-5af133) block (within [`dynamic_proxy.https_proxy.more_option`](#dynamic-proxy-https-proxy-more-option)) supports the following:
|
|
423
423
|
|
|
424
|
-
<a id="
|
|
424
|
+
<a id="disabled-e7ba98"></a>• [`disabled`](#disabled-e7ba98) - Optional Bool<br>Disable. Disable buffering for a particular route. This is useful when virtual-host has buffering, but we need to disable it on a specific route. The value of this field is ignored for virtual-host
|
|
425
425
|
|
|
426
|
-
<a id="
|
|
426
|
+
<a id="bytes-7ef8da"></a>• [`max_request_bytes`](#bytes-7ef8da) - Optional Number<br>Max Request Bytes. The maximum request size that the filter will buffer before the connection manager will stop buffering and return a RequestEntityTooLarge (413) response
|
|
427
427
|
|
|
428
428
|
#### Dynamic Proxy HTTPS Proxy More Option Compression Params
|
|
429
429
|
|
|
430
|
-
A [`compression_params`](#
|
|
430
|
+
A [`compression_params`](#params-013546) block (within [`dynamic_proxy.https_proxy.more_option`](#dynamic-proxy-https-proxy-more-option)) supports the following:
|
|
431
431
|
|
|
432
|
-
<a id="
|
|
432
|
+
<a id="length-6f9398"></a>• [`content_length`](#length-6f9398) - Optional Number Defaults to `30`<br>Content Length. Minimum response length, in bytes, which will trigger compression. The
|
|
433
433
|
|
|
434
|
-
<a id="
|
|
434
|
+
<a id="type-3ddae9"></a>• [`content_type`](#type-3ddae9) - Optional List<br>Content Type. Set of strings that allows specifying which mime-types yield compression When this field is not defined, compression will be applied to the following mime-types: 'application/javascript' 'application/JSON', 'application/xhtml+XML' 'image/svg+XML' 'text/CSS' 'text/HTML' 'text/plain' 'text/XML'
|
|
435
435
|
|
|
436
|
-
<a id="
|
|
436
|
+
<a id="header-889176"></a>• [`disable_on_etag_header`](#header-889176) - Optional Bool<br>Disable On Etag Header. If true, disables compression when the response contains an etag header. When it is false, weak etags will be preserved and the ones that require strong validation will be removed
|
|
437
437
|
|
|
438
|
-
<a id="
|
|
438
|
+
<a id="header-4466c4"></a>• [`remove_accept_encoding_header`](#header-4466c4) - Optional Bool<br>Remove Accept-Encoding Header. If true, removes accept-encoding from the request headers before dispatching it to the upstream so that responses do not get compressed before reaching the filter
|
|
439
439
|
|
|
440
440
|
#### Dynamic Proxy HTTPS Proxy More Option Request Cookies To Add
|
|
441
441
|
|
|
442
|
-
A [`request_cookies_to_add`](#
|
|
442
|
+
A [`request_cookies_to_add`](#add-1b5bcd) block (within [`dynamic_proxy.https_proxy.more_option`](#dynamic-proxy-https-proxy-more-option)) supports the following:
|
|
443
443
|
|
|
444
|
-
<a id="
|
|
444
|
+
<a id="name-72cbb0"></a>• [`name`](#name-72cbb0) - Optional String<br>Name. Name of the cookie in Cookie header
|
|
445
445
|
|
|
446
|
-
<a id="
|
|
446
|
+
<a id="overwrite-06d573"></a>• [`overwrite`](#overwrite-06d573) - Optional Bool Defaults to `do`<br>Overwrite. Should the value be overwritten? If true, the value is overwritten to existing values. not overwrite
|
|
447
447
|
|
|
448
|
-
<a id="
|
|
448
|
+
<a id="value-6045be"></a>• [`secret_value`](#value-6045be) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Secret Value](#value-6045be) below.
|
|
449
449
|
|
|
450
|
-
<a id="
|
|
450
|
+
<a id="value-ad88ec"></a>• [`value`](#value-ad88ec) - Optional String<br>Value. Value of the Cookie header
|
|
451
451
|
|
|
452
452
|
#### Dynamic Proxy HTTPS Proxy More Option Request Cookies To Add Secret Value
|
|
453
453
|
|
|
454
|
-
A [`secret_value`](#
|
|
454
|
+
A [`secret_value`](#value-6045be) block (within [`dynamic_proxy.https_proxy.more_option.request_cookies_to_add`](#add-1b5bcd)) supports the following:
|
|
455
455
|
|
|
456
|
-
<a id="
|
|
456
|
+
<a id="info-29fb7b"></a>• [`blindfold_secret_info`](#info-29fb7b) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-29fb7b) below.
|
|
457
457
|
|
|
458
|
-
<a id="
|
|
458
|
+
<a id="info-0bb306"></a>• [`clear_secret_info`](#info-0bb306) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-0bb306) below.
|
|
459
459
|
|
|
460
460
|
#### Dynamic Proxy HTTPS Proxy More Option Request Cookies To Add Secret Value Blindfold Secret Info
|
|
461
461
|
|
|
462
|
-
A [`blindfold_secret_info`](#
|
|
462
|
+
A [`blindfold_secret_info`](#info-29fb7b) block (within [`dynamic_proxy.https_proxy.more_option.request_cookies_to_add.secret_value`](#value-6045be)) supports the following:
|
|
463
463
|
|
|
464
|
-
<a id="
|
|
464
|
+
<a id="provider-068d69"></a>• [`decryption_provider`](#provider-068d69) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
465
465
|
|
|
466
|
-
<a id="
|
|
466
|
+
<a id="location-b1d6d8"></a>• [`location`](#location-b1d6d8) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
467
467
|
|
|
468
|
-
<a id="
|
|
468
|
+
<a id="provider-e1da40"></a>• [`store_provider`](#provider-e1da40) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
469
469
|
|
|
470
470
|
#### Dynamic Proxy HTTPS Proxy More Option Request Cookies To Add Secret Value Clear Secret Info
|
|
471
471
|
|
|
472
|
-
A [`clear_secret_info`](#
|
|
472
|
+
A [`clear_secret_info`](#info-0bb306) block (within [`dynamic_proxy.https_proxy.more_option.request_cookies_to_add.secret_value`](#value-6045be)) supports the following:
|
|
473
473
|
|
|
474
|
-
<a id="
|
|
474
|
+
<a id="ref-012399"></a>• [`provider_ref`](#ref-012399) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
475
475
|
|
|
476
|
-
<a id="
|
|
476
|
+
<a id="url-9b0063"></a>• [`url`](#url-9b0063) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
477
477
|
|
|
478
478
|
#### Dynamic Proxy HTTPS Proxy More Option Request Headers To Add
|
|
479
479
|
|
|
480
|
-
A [`request_headers_to_add`](#
|
|
480
|
+
A [`request_headers_to_add`](#add-0332ff) block (within [`dynamic_proxy.https_proxy.more_option`](#dynamic-proxy-https-proxy-more-option)) supports the following:
|
|
481
481
|
|
|
482
|
-
<a id="
|
|
482
|
+
<a id="append-f1fa51"></a>• [`append`](#append-f1fa51) - Optional Bool Defaults to `do`<br>Append. Should the value be appended? If true, the value is appended to existing values. not append
|
|
483
483
|
|
|
484
|
-
<a id="
|
|
484
|
+
<a id="name-866e07"></a>• [`name`](#name-866e07) - Optional String<br>Name. Name of the HTTP header
|
|
485
485
|
|
|
486
|
-
<a id="
|
|
486
|
+
<a id="value-844a57"></a>• [`secret_value`](#value-844a57) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Secret Value](#value-844a57) below.
|
|
487
487
|
|
|
488
|
-
<a id="
|
|
488
|
+
<a id="value-28cfab"></a>• [`value`](#value-28cfab) - Optional String<br>Value. Value of the HTTP header
|
|
489
489
|
|
|
490
490
|
#### Dynamic Proxy HTTPS Proxy More Option Request Headers To Add Secret Value
|
|
491
491
|
|
|
492
|
-
A [`secret_value`](#
|
|
492
|
+
A [`secret_value`](#value-844a57) block (within [`dynamic_proxy.https_proxy.more_option.request_headers_to_add`](#add-0332ff)) supports the following:
|
|
493
493
|
|
|
494
|
-
<a id="
|
|
494
|
+
<a id="info-235140"></a>• [`blindfold_secret_info`](#info-235140) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-235140) below.
|
|
495
495
|
|
|
496
|
-
<a id="
|
|
496
|
+
<a id="info-2c92f9"></a>• [`clear_secret_info`](#info-2c92f9) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-2c92f9) below.
|
|
497
497
|
|
|
498
498
|
#### Dynamic Proxy HTTPS Proxy More Option Request Headers To Add Secret Value Blindfold Secret Info
|
|
499
499
|
|
|
500
|
-
A [`blindfold_secret_info`](#
|
|
500
|
+
A [`blindfold_secret_info`](#info-235140) block (within [`dynamic_proxy.https_proxy.more_option.request_headers_to_add.secret_value`](#value-844a57)) supports the following:
|
|
501
501
|
|
|
502
|
-
<a id="
|
|
502
|
+
<a id="provider-9a17a7"></a>• [`decryption_provider`](#provider-9a17a7) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
503
503
|
|
|
504
|
-
<a id="
|
|
504
|
+
<a id="location-ea5ee1"></a>• [`location`](#location-ea5ee1) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
505
505
|
|
|
506
|
-
<a id="
|
|
506
|
+
<a id="provider-ff3d40"></a>• [`store_provider`](#provider-ff3d40) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
507
507
|
|
|
508
508
|
#### Dynamic Proxy HTTPS Proxy More Option Request Headers To Add Secret Value Clear Secret Info
|
|
509
509
|
|
|
510
|
-
A [`clear_secret_info`](#
|
|
510
|
+
A [`clear_secret_info`](#info-2c92f9) block (within [`dynamic_proxy.https_proxy.more_option.request_headers_to_add.secret_value`](#value-844a57)) supports the following:
|
|
511
511
|
|
|
512
|
-
<a id="
|
|
512
|
+
<a id="ref-88d66f"></a>• [`provider_ref`](#ref-88d66f) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
513
513
|
|
|
514
|
-
<a id="
|
|
514
|
+
<a id="url-af773d"></a>• [`url`](#url-af773d) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
515
515
|
|
|
516
516
|
#### Dynamic Proxy HTTPS Proxy More Option Response Cookies To Add
|
|
517
517
|
|
|
518
|
-
A [`response_cookies_to_add`](#
|
|
518
|
+
A [`response_cookies_to_add`](#add-dd9473) block (within [`dynamic_proxy.https_proxy.more_option`](#dynamic-proxy-https-proxy-more-option)) supports the following:
|
|
519
519
|
|
|
520
|
-
<a id="
|
|
520
|
+
<a id="domain-bb40b7"></a>• [`add_domain`](#domain-bb40b7) - Optional String<br>Add Domain. Add domain attribute
|
|
521
521
|
|
|
522
|
-
<a id="
|
|
522
|
+
<a id="expiry-3ac22c"></a>• [`add_expiry`](#expiry-3ac22c) - Optional String<br>Add expiry. Add expiry attribute
|
|
523
523
|
|
|
524
|
-
<a id="
|
|
524
|
+
<a id="httponly-365800"></a>• [`add_httponly`](#httponly-365800) - Optional Block<br>Enable this option
|
|
525
525
|
|
|
526
|
-
<a id="
|
|
526
|
+
<a id="partitioned-f58591"></a>• [`add_partitioned`](#partitioned-f58591) - Optional Block<br>Enable this option
|
|
527
527
|
|
|
528
|
-
<a id="
|
|
528
|
+
<a id="path-d545b7"></a>• [`add_path`](#path-d545b7) - Optional String<br>Add path. Add path attribute
|
|
529
529
|
|
|
530
|
-
<a id="
|
|
530
|
+
<a id="secure-c374f3"></a>• [`add_secure`](#secure-c374f3) - Optional Block<br>Enable this option
|
|
531
531
|
|
|
532
|
-
<a id="
|
|
532
|
+
<a id="domain-67347f"></a>• [`ignore_domain`](#domain-67347f) - Optional Block<br>Enable this option
|
|
533
533
|
|
|
534
|
-
<a id="
|
|
534
|
+
<a id="expiry-c76728"></a>• [`ignore_expiry`](#expiry-c76728) - Optional Block<br>Enable this option
|
|
535
535
|
|
|
536
|
-
<a id="
|
|
536
|
+
<a id="httponly-32f941"></a>• [`ignore_httponly`](#httponly-32f941) - Optional Block<br>Enable this option
|
|
537
537
|
|
|
538
|
-
<a id="
|
|
538
|
+
<a id="age-cb1a3b"></a>• [`ignore_max_age`](#age-cb1a3b) - Optional Block<br>Enable this option
|
|
539
539
|
|
|
540
|
-
<a id="
|
|
540
|
+
<a id="partitioned-c83fca"></a>• [`ignore_partitioned`](#partitioned-c83fca) - Optional Block<br>Enable this option
|
|
541
541
|
|
|
542
|
-
<a id="
|
|
542
|
+
<a id="path-12aff8"></a>• [`ignore_path`](#path-12aff8) - Optional Block<br>Enable this option
|
|
543
543
|
|
|
544
|
-
<a id="
|
|
544
|
+
<a id="samesite-2e0036"></a>• [`ignore_samesite`](#samesite-2e0036) - Optional Block<br>Enable this option
|
|
545
545
|
|
|
546
|
-
<a id="
|
|
546
|
+
<a id="secure-1c3d65"></a>• [`ignore_secure`](#secure-1c3d65) - Optional Block<br>Enable this option
|
|
547
547
|
|
|
548
|
-
<a id="
|
|
548
|
+
<a id="value-076f8a"></a>• [`ignore_value`](#value-076f8a) - Optional Block<br>Enable this option
|
|
549
549
|
|
|
550
|
-
<a id="
|
|
550
|
+
<a id="value-fb3fd6"></a>• [`max_age_value`](#value-fb3fd6) - Optional Number<br>Add Max Age. Add max age attribute
|
|
551
551
|
|
|
552
|
-
<a id="
|
|
552
|
+
<a id="name-873a5a"></a>• [`name`](#name-873a5a) - Optional String<br>Name. Name of the cookie in Cookie header
|
|
553
553
|
|
|
554
|
-
<a id="
|
|
554
|
+
<a id="overwrite-43e915"></a>• [`overwrite`](#overwrite-43e915) - Optional Bool Defaults to `do`<br>Overwrite. Should the value be overwritten? If true, the value is overwritten to existing values. not overwrite
|
|
555
555
|
|
|
556
|
-
<a id="
|
|
556
|
+
<a id="lax-c6b5ca"></a>• [`samesite_lax`](#lax-c6b5ca) - Optional Block<br>Enable this option
|
|
557
557
|
|
|
558
|
-
<a id="
|
|
558
|
+
<a id="none-b9d918"></a>• [`samesite_none`](#none-b9d918) - Optional Block<br>Enable this option
|
|
559
559
|
|
|
560
|
-
<a id="
|
|
560
|
+
<a id="strict-612562"></a>• [`samesite_strict`](#strict-612562) - Optional Block<br>Enable this option
|
|
561
561
|
|
|
562
|
-
<a id="
|
|
562
|
+
<a id="value-de62ba"></a>• [`secret_value`](#value-de62ba) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Secret Value](#value-de62ba) below.
|
|
563
563
|
|
|
564
|
-
<a id="
|
|
564
|
+
<a id="value-8dc2bb"></a>• [`value`](#value-8dc2bb) - Optional String<br>Value. Value of the Cookie header
|
|
565
565
|
|
|
566
566
|
#### Dynamic Proxy HTTPS Proxy More Option Response Cookies To Add Secret Value
|
|
567
567
|
|
|
568
|
-
A [`secret_value`](#
|
|
568
|
+
A [`secret_value`](#value-de62ba) block (within [`dynamic_proxy.https_proxy.more_option.response_cookies_to_add`](#add-dd9473)) supports the following:
|
|
569
569
|
|
|
570
|
-
<a id="
|
|
570
|
+
<a id="info-514c21"></a>• [`blindfold_secret_info`](#info-514c21) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-514c21) below.
|
|
571
571
|
|
|
572
|
-
<a id="
|
|
572
|
+
<a id="info-7a2c83"></a>• [`clear_secret_info`](#info-7a2c83) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-7a2c83) below.
|
|
573
573
|
|
|
574
574
|
#### Dynamic Proxy HTTPS Proxy More Option Response Cookies To Add Secret Value Blindfold Secret Info
|
|
575
575
|
|
|
576
|
-
A [`blindfold_secret_info`](#
|
|
576
|
+
A [`blindfold_secret_info`](#info-514c21) block (within [`dynamic_proxy.https_proxy.more_option.response_cookies_to_add.secret_value`](#value-de62ba)) supports the following:
|
|
577
577
|
|
|
578
|
-
<a id="
|
|
578
|
+
<a id="provider-db3cc8"></a>• [`decryption_provider`](#provider-db3cc8) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
579
579
|
|
|
580
|
-
<a id="
|
|
580
|
+
<a id="location-14eece"></a>• [`location`](#location-14eece) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
581
581
|
|
|
582
|
-
<a id="
|
|
582
|
+
<a id="provider-f0aa83"></a>• [`store_provider`](#provider-f0aa83) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
583
583
|
|
|
584
584
|
#### Dynamic Proxy HTTPS Proxy More Option Response Cookies To Add Secret Value Clear Secret Info
|
|
585
585
|
|
|
586
|
-
A [`clear_secret_info`](#
|
|
586
|
+
A [`clear_secret_info`](#info-7a2c83) block (within [`dynamic_proxy.https_proxy.more_option.response_cookies_to_add.secret_value`](#value-de62ba)) supports the following:
|
|
587
587
|
|
|
588
|
-
<a id="
|
|
588
|
+
<a id="ref-db5db4"></a>• [`provider_ref`](#ref-db5db4) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
589
589
|
|
|
590
|
-
<a id="
|
|
590
|
+
<a id="url-641eba"></a>• [`url`](#url-641eba) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
591
591
|
|
|
592
592
|
#### Dynamic Proxy HTTPS Proxy More Option Response Headers To Add
|
|
593
593
|
|
|
594
|
-
A [`response_headers_to_add`](#
|
|
594
|
+
A [`response_headers_to_add`](#add-db908d) block (within [`dynamic_proxy.https_proxy.more_option`](#dynamic-proxy-https-proxy-more-option)) supports the following:
|
|
595
595
|
|
|
596
|
-
<a id="
|
|
596
|
+
<a id="append-4a420f"></a>• [`append`](#append-4a420f) - Optional Bool Defaults to `do`<br>Append. Should the value be appended? If true, the value is appended to existing values. not append
|
|
597
597
|
|
|
598
|
-
<a id="
|
|
598
|
+
<a id="name-8840ac"></a>• [`name`](#name-8840ac) - Optional String<br>Name. Name of the HTTP header
|
|
599
599
|
|
|
600
|
-
<a id="
|
|
600
|
+
<a id="value-e3f492"></a>• [`secret_value`](#value-e3f492) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Secret Value](#value-e3f492) below.
|
|
601
601
|
|
|
602
|
-
<a id="
|
|
602
|
+
<a id="value-012158"></a>• [`value`](#value-012158) - Optional String<br>Value. Value of the HTTP header
|
|
603
603
|
|
|
604
604
|
#### Dynamic Proxy HTTPS Proxy More Option Response Headers To Add Secret Value
|
|
605
605
|
|
|
606
|
-
A [`secret_value`](#
|
|
606
|
+
A [`secret_value`](#value-e3f492) block (within [`dynamic_proxy.https_proxy.more_option.response_headers_to_add`](#add-db908d)) supports the following:
|
|
607
607
|
|
|
608
|
-
<a id="
|
|
608
|
+
<a id="info-e47c89"></a>• [`blindfold_secret_info`](#info-e47c89) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-e47c89) below.
|
|
609
609
|
|
|
610
|
-
<a id="
|
|
610
|
+
<a id="info-05b2fe"></a>• [`clear_secret_info`](#info-05b2fe) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-05b2fe) below.
|
|
611
611
|
|
|
612
612
|
#### Dynamic Proxy HTTPS Proxy More Option Response Headers To Add Secret Value Blindfold Secret Info
|
|
613
613
|
|
|
614
|
-
A [`blindfold_secret_info`](#
|
|
614
|
+
A [`blindfold_secret_info`](#info-e47c89) block (within [`dynamic_proxy.https_proxy.more_option.response_headers_to_add.secret_value`](#value-e3f492)) supports the following:
|
|
615
615
|
|
|
616
|
-
<a id="
|
|
616
|
+
<a id="provider-dc8eff"></a>• [`decryption_provider`](#provider-dc8eff) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
617
617
|
|
|
618
|
-
<a id="
|
|
618
|
+
<a id="location-b8c733"></a>• [`location`](#location-b8c733) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
619
619
|
|
|
620
|
-
<a id="
|
|
620
|
+
<a id="provider-8cc7c8"></a>• [`store_provider`](#provider-8cc7c8) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
621
621
|
|
|
622
622
|
#### Dynamic Proxy HTTPS Proxy More Option Response Headers To Add Secret Value Clear Secret Info
|
|
623
623
|
|
|
624
|
-
A [`clear_secret_info`](#
|
|
624
|
+
A [`clear_secret_info`](#info-05b2fe) block (within [`dynamic_proxy.https_proxy.more_option.response_headers_to_add.secret_value`](#value-e3f492)) supports the following:
|
|
625
625
|
|
|
626
|
-
<a id="
|
|
626
|
+
<a id="ref-e9c302"></a>• [`provider_ref`](#ref-e9c302) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
627
627
|
|
|
628
|
-
<a id="
|
|
628
|
+
<a id="url-f0ff56"></a>• [`url`](#url-f0ff56) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
629
629
|
|
|
630
630
|
#### Dynamic Proxy HTTPS Proxy TLS Params
|
|
631
631
|
|
|
632
632
|
A [`tls_params`](#dynamic-proxy-https-proxy-tls-params) block (within [`dynamic_proxy.https_proxy`](#dynamic-proxy-https-proxy)) supports the following:
|
|
633
633
|
|
|
634
|
-
<a id="
|
|
634
|
+
<a id="mtls-1872dc"></a>• [`no_mtls`](#mtls-1872dc) - Optional Block<br>Enable this option
|
|
635
635
|
|
|
636
|
-
<a id="
|
|
636
|
+
<a id="certificates-6f0e81"></a>• [`tls_certificates`](#certificates-6f0e81) - Optional Block<br>TLS Certificates. Users can add one or more certificates that share the same set of domains. for example, domain.com and \*.domain.com - but use different signature algorithms<br>See [TLS Certificates](#certificates-6f0e81) below.
|
|
637
637
|
|
|
638
|
-
<a id="
|
|
638
|
+
<a id="config-116b33"></a>• [`tls_config`](#config-116b33) - Optional Block<br>TLS Config. This defines various options to configure TLS configuration parameters<br>See [TLS Config](#config-116b33) below.
|
|
639
639
|
|
|
640
|
-
<a id="
|
|
640
|
+
<a id="mtls-7179b9"></a>• [`use_mtls`](#mtls-7179b9) - Optional Block<br>Clients TLS validation context. Validation context for downstream client TLS connections<br>See [Use mTLS](#mtls-7179b9) below.
|
|
641
641
|
|
|
642
642
|
#### Dynamic Proxy HTTPS Proxy TLS Params TLS Certificates
|
|
643
643
|
|
|
644
|
-
A [`tls_certificates`](#
|
|
644
|
+
A [`tls_certificates`](#certificates-6f0e81) block (within [`dynamic_proxy.https_proxy.tls_params`](#dynamic-proxy-https-proxy-tls-params)) supports the following:
|
|
645
645
|
|
|
646
|
-
<a id="
|
|
646
|
+
<a id="url-6959f0"></a>• [`certificate_url`](#url-6959f0) - Optional String<br>Certificate. TLS certificate. Certificate or certificate chain in PEM format including the PEM headers
|
|
647
647
|
|
|
648
|
-
<a id="
|
|
648
|
+
<a id="algorithms-66d0af"></a>• [`custom_hash_algorithms`](#algorithms-66d0af) - Optional Block<br>Hash Algorithms. Specifies the hash algorithms to be used<br>See [Custom Hash Algorithms](#algorithms-66d0af) below.
|
|
649
649
|
|
|
650
|
-
<a id="
|
|
650
|
+
<a id="spec-2152cf"></a>• [`description_spec`](#spec-2152cf) - Optional String<br>Description. Description for the certificate
|
|
651
651
|
|
|
652
|
-
<a id="
|
|
652
|
+
<a id="stapling-c1ba62"></a>• [`disable_ocsp_stapling`](#stapling-c1ba62) - Optional Block<br>Enable this option
|
|
653
653
|
|
|
654
|
-
<a id="
|
|
654
|
+
<a id="key-f28f27"></a>• [`private_key`](#key-f28f27) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Private Key](#key-f28f27) below.
|
|
655
655
|
|
|
656
|
-
<a id="
|
|
656
|
+
<a id="defaults-66958d"></a>• [`use_system_defaults`](#defaults-66958d) - Optional Block<br>Enable this option
|
|
657
657
|
|
|
658
658
|
#### Dynamic Proxy HTTPS Proxy TLS Params TLS Certificates Custom Hash Algorithms
|
|
659
659
|
|
|
660
|
-
A [`custom_hash_algorithms`](#
|
|
660
|
+
A [`custom_hash_algorithms`](#algorithms-66d0af) block (within [`dynamic_proxy.https_proxy.tls_params.tls_certificates`](#certificates-6f0e81)) supports the following:
|
|
661
661
|
|
|
662
|
-
<a id="
|
|
662
|
+
<a id="algorithms-0c215f"></a>• [`hash_algorithms`](#algorithms-0c215f) - Optional List Defaults to `INVALID_HASH_ALGORITHM`<br>Possible values are `INVALID_HASH_ALGORITHM`, `SHA256`, `SHA1`<br>[Enum: INVALID_HASH_ALGORITHM|SHA256|SHA1] Hash Algorithms. Ordered list of hash algorithms to be used
|
|
663
663
|
|
|
664
664
|
#### Dynamic Proxy HTTPS Proxy TLS Params TLS Certificates Private Key
|
|
665
665
|
|
|
666
|
-
A [`private_key`](#
|
|
666
|
+
A [`private_key`](#key-f28f27) block (within [`dynamic_proxy.https_proxy.tls_params.tls_certificates`](#certificates-6f0e81)) supports the following:
|
|
667
667
|
|
|
668
|
-
<a id="
|
|
668
|
+
<a id="info-266b8f"></a>• [`blindfold_secret_info`](#info-266b8f) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-266b8f) below.
|
|
669
669
|
|
|
670
|
-
<a id="
|
|
670
|
+
<a id="info-802bf6"></a>• [`clear_secret_info`](#info-802bf6) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-802bf6) below.
|
|
671
671
|
|
|
672
672
|
#### Dynamic Proxy HTTPS Proxy TLS Params TLS Certificates Private Key Blindfold Secret Info
|
|
673
673
|
|
|
674
|
-
A [`blindfold_secret_info`](#
|
|
674
|
+
A [`blindfold_secret_info`](#info-266b8f) block (within [`dynamic_proxy.https_proxy.tls_params.tls_certificates.private_key`](#key-f28f27)) supports the following:
|
|
675
675
|
|
|
676
|
-
<a id="
|
|
676
|
+
<a id="provider-ce3adf"></a>• [`decryption_provider`](#provider-ce3adf) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
677
677
|
|
|
678
|
-
<a id="
|
|
678
|
+
<a id="location-8698a7"></a>• [`location`](#location-8698a7) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
679
679
|
|
|
680
|
-
<a id="
|
|
680
|
+
<a id="provider-0fdffe"></a>• [`store_provider`](#provider-0fdffe) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
681
681
|
|
|
682
682
|
#### Dynamic Proxy HTTPS Proxy TLS Params TLS Certificates Private Key Clear Secret Info
|
|
683
683
|
|
|
684
|
-
A [`clear_secret_info`](#
|
|
684
|
+
A [`clear_secret_info`](#info-802bf6) block (within [`dynamic_proxy.https_proxy.tls_params.tls_certificates.private_key`](#key-f28f27)) supports the following:
|
|
685
685
|
|
|
686
|
-
<a id="
|
|
686
|
+
<a id="ref-68694d"></a>• [`provider_ref`](#ref-68694d) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
687
687
|
|
|
688
|
-
<a id="
|
|
688
|
+
<a id="url-c20ef6"></a>• [`url`](#url-c20ef6) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
689
689
|
|
|
690
690
|
#### Dynamic Proxy HTTPS Proxy TLS Params TLS Config
|
|
691
691
|
|
|
692
|
-
A [`tls_config`](#
|
|
692
|
+
A [`tls_config`](#config-116b33) block (within [`dynamic_proxy.https_proxy.tls_params`](#dynamic-proxy-https-proxy-tls-params)) supports the following:
|
|
693
693
|
|
|
694
|
-
<a id="
|
|
694
|
+
<a id="security-335dc3"></a>• [`custom_security`](#security-335dc3) - Optional Block<br>Custom Ciphers. This defines TLS protocol config including min/max versions and allowed ciphers<br>See [Custom Security](#security-335dc3) below.
|
|
695
695
|
|
|
696
|
-
<a id="
|
|
696
|
+
<a id="security-248310"></a>• [`default_security`](#security-248310) - Optional Block<br>Enable this option
|
|
697
697
|
|
|
698
|
-
<a id="
|
|
698
|
+
<a id="security-219dfe"></a>• [`low_security`](#security-219dfe) - Optional Block<br>Enable this option
|
|
699
699
|
|
|
700
|
-
<a id="
|
|
700
|
+
<a id="security-b487a1"></a>• [`medium_security`](#security-b487a1) - Optional Block<br>Enable this option
|
|
701
701
|
|
|
702
702
|
#### Dynamic Proxy HTTPS Proxy TLS Params TLS Config Custom Security
|
|
703
703
|
|
|
704
|
-
A [`custom_security`](#
|
|
704
|
+
A [`custom_security`](#security-335dc3) block (within [`dynamic_proxy.https_proxy.tls_params.tls_config`](#config-116b33)) supports the following:
|
|
705
705
|
|
|
706
|
-
<a id="
|
|
706
|
+
<a id="suites-b04d48"></a>• [`cipher_suites`](#suites-b04d48) - Optional List<br>Cipher Suites. The TLS listener will only support the specified cipher list
|
|
707
707
|
|
|
708
|
-
<a id="
|
|
708
|
+
<a id="version-de0254"></a>• [`max_version`](#version-de0254) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
709
709
|
|
|
710
|
-
<a id="
|
|
710
|
+
<a id="version-bdda16"></a>• [`min_version`](#version-bdda16) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
711
711
|
|
|
712
712
|
#### Dynamic Proxy HTTPS Proxy TLS Params Use mTLS
|
|
713
713
|
|
|
714
|
-
An [`use_mtls`](#
|
|
714
|
+
An [`use_mtls`](#mtls-7179b9) block (within [`dynamic_proxy.https_proxy.tls_params`](#dynamic-proxy-https-proxy-tls-params)) supports the following:
|
|
715
715
|
|
|
716
|
-
<a id="
|
|
716
|
+
<a id="optional-f7906c"></a>• [`client_certificate_optional`](#optional-f7906c) - Optional Bool<br>Client Certificate Optional. Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted
|
|
717
717
|
|
|
718
|
-
<a id="
|
|
718
|
+
<a id="crl-ac3c64"></a>• [`crl`](#crl-ac3c64) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [CRL](#crl-ac3c64) below.
|
|
719
719
|
|
|
720
|
-
<a id="
|
|
720
|
+
<a id="crl-4b3c5f"></a>• [`no_crl`](#crl-4b3c5f) - Optional Block<br>Enable this option
|
|
721
721
|
|
|
722
|
-
<a id="
|
|
722
|
+
<a id="trusted-ca-655e45"></a>• [`trusted_ca`](#trusted-ca-655e45) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Trusted CA](#trusted-ca-655e45) below.
|
|
723
723
|
|
|
724
|
-
<a id="
|
|
724
|
+
<a id="url-6c6756"></a>• [`trusted_ca_url`](#url-6c6756) - Optional String<br>Inline Root CA Certificate (legacy). Upload a Root CA Certificate specifically for this Load Balancer
|
|
725
725
|
|
|
726
|
-
<a id="
|
|
726
|
+
<a id="disabled-042596"></a>• [`xfcc_disabled`](#disabled-042596) - Optional Block<br>Enable this option
|
|
727
727
|
|
|
728
|
-
<a id="
|
|
728
|
+
<a id="options-abc253"></a>• [`xfcc_options`](#options-abc253) - Optional Block<br>XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests<br>See [Xfcc Options](#options-abc253) below.
|
|
729
729
|
|
|
730
730
|
#### Dynamic Proxy HTTPS Proxy TLS Params Use mTLS CRL
|
|
731
731
|
|
|
732
|
-
A [`crl`](#
|
|
732
|
+
A [`crl`](#crl-ac3c64) block (within [`dynamic_proxy.https_proxy.tls_params.use_mtls`](#mtls-7179b9)) supports the following:
|
|
733
733
|
|
|
734
|
-
<a id="
|
|
734
|
+
<a id="name-4e8edf"></a>• [`name`](#name-4e8edf) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
735
735
|
|
|
736
|
-
<a id="
|
|
736
|
+
<a id="namespace-4cfc57"></a>• [`namespace`](#namespace-4cfc57) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
737
737
|
|
|
738
|
-
<a id="
|
|
738
|
+
<a id="tenant-7f22c9"></a>• [`tenant`](#tenant-7f22c9) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
739
739
|
|
|
740
740
|
#### Dynamic Proxy HTTPS Proxy TLS Params Use mTLS Trusted CA
|
|
741
741
|
|
|
742
|
-
A [`trusted_ca`](#
|
|
742
|
+
A [`trusted_ca`](#trusted-ca-655e45) block (within [`dynamic_proxy.https_proxy.tls_params.use_mtls`](#mtls-7179b9)) supports the following:
|
|
743
743
|
|
|
744
|
-
<a id="
|
|
744
|
+
<a id="name-3460e6"></a>• [`name`](#name-3460e6) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
745
745
|
|
|
746
|
-
<a id="
|
|
746
|
+
<a id="namespace-388d7f"></a>• [`namespace`](#namespace-388d7f) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
747
747
|
|
|
748
|
-
<a id="
|
|
748
|
+
<a id="tenant-7b3005"></a>• [`tenant`](#tenant-7b3005) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
749
749
|
|
|
750
750
|
#### Dynamic Proxy HTTPS Proxy TLS Params Use mTLS Xfcc Options
|
|
751
751
|
|
|
752
|
-
A [`xfcc_options`](#
|
|
752
|
+
A [`xfcc_options`](#options-abc253) block (within [`dynamic_proxy.https_proxy.tls_params.use_mtls`](#mtls-7179b9)) supports the following:
|
|
753
753
|
|
|
754
|
-
<a id="
|
|
754
|
+
<a id="elements-5e9ae7"></a>• [`xfcc_header_elements`](#elements-5e9ae7) - Optional List Defaults to `XFCC_NONE`<br>Possible values are `XFCC_NONE`, `XFCC_CERT`, `XFCC_CHAIN`, `XFCC_SUBJECT`, `XFCC_URI`, `XFCC_DNS`<br>[Enum: XFCC_NONE|XFCC_CERT|XFCC_CHAIN|XFCC_SUBJECT|XFCC_URI|XFCC_DNS] XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests
|
|
755
755
|
|
|
756
756
|
#### Dynamic Proxy Sni Proxy
|
|
757
757
|
|
|
@@ -773,245 +773,245 @@ A [`more_option`](#http-proxy-more-option) block (within [`http_proxy`](#http-pr
|
|
|
773
773
|
|
|
774
774
|
<a id="http-proxy-more-option-buffer-policy"></a>• [`buffer_policy`](#http-proxy-more-option-buffer-policy) - Optional Block<br>Buffer Configuration. Some upstream applications are not capable of handling streamed data. This config enables buffering the entire request before sending to upstream application. We can specify the maximum buffer size and buffer interval with this config. Buffering can be enabled and disabled at VirtualHost and Route levels Route level buffer configuration takes precedence<br>See [Buffer Policy](#http-proxy-more-option-buffer-policy) below.
|
|
775
775
|
|
|
776
|
-
<a id="
|
|
776
|
+
<a id="params-c32856"></a>• [`compression_params`](#params-c32856) - Optional Block<br>Compression Parameters. Enables loadbalancer to compress dispatched data from an upstream service upon client request. The content is compressed and then sent to the client with the appropriate headers if either response and request allow. Only GZIP compression is supported. By default compression will be skipped when: A request does NOT contain accept-encoding header. A request includes accept-encoding header, but it does not contain “gzip” or “*”. A request includes accept-encoding with “gzip” or “*” with the weight “q=0”. Note that the “gzip” will have a higher weight then “*”. For example, if accept-encoding is “gzip;q=0,*;q=1”, the filter will not compress. But if the header is set to “*;q=0,gzip;q=1”, the filter will compress. A request whose accept-encoding header includes “identity”. A response contains a content-encoding header. A response contains a cache-control header whose value includes “no-transform”. A response contains a transfer-encoding header whose value includes “gzip”. A response does not contain a content-type value that matches one of the selected mime-types, which default to application/javascript, application/JSON, application/xhtml+XML, image/svg+XML, text/CSS, text/HTML, text/plain, text/XML. Neither content-length nor transfer-encoding headers are present in the response. Response size is smaller than 30 bytes (only applicable when transfer-encoding is not chunked). When compression is applied: The content-length is removed from response headers. Response headers contain “transfer-encoding: chunked” and do not contain “content-encoding” header. The “vary: accept-encoding” header is inserted on every response. GZIP Compression Level: A value which is optimal balance between speed of compression and amount of compression is chosen<br>See [Compression Params](#params-c32856) below.
|
|
777
777
|
|
|
778
778
|
<a id="http-proxy-more-option-custom-errors"></a>• [`custom_errors`](#http-proxy-more-option-custom-errors) - Optional Block<br>Custom Error Responses. Map of integer error codes as keys and string values that can be used to provide custom HTTP pages for each error code. Key of the map can be either response code class or HTTP Error code. Response code classes for key is configured as follows 3 -- for 3xx response code class 4 -- for 4xx response code class 5 -- for 5xx response code class Value of the map is string which represents custom HTTP responses. Specific response code takes preference when both response code and response code class matches for a request
|
|
779
779
|
|
|
780
|
-
<a id="
|
|
780
|
+
<a id="pages-159caf"></a>• [`disable_default_error_pages`](#pages-159caf) - Optional Bool<br>Disable Default Error Pages. Disable the use of default F5XC error pages
|
|
781
781
|
|
|
782
|
-
<a id="
|
|
782
|
+
<a id="normalize-3090b6"></a>• [`disable_path_normalize`](#normalize-3090b6) - Optional Block<br>Enable this option
|
|
783
783
|
|
|
784
|
-
<a id="
|
|
784
|
+
<a id="normalize-8562f8"></a>• [`enable_path_normalize`](#normalize-8562f8) - Optional Block<br>Enable this option
|
|
785
785
|
|
|
786
786
|
<a id="http-proxy-more-option-idle-timeout"></a>• [`idle_timeout`](#http-proxy-more-option-idle-timeout) - Optional Number<br>Idle Timeout. The amount of time that a stream can exist without upstream or downstream activity, in milliseconds. The stream is terminated with a HTTP 504 (Gateway Timeout) error code if no upstream response header has been received, otherwise the stream is reset
|
|
787
787
|
|
|
788
|
-
<a id="
|
|
788
|
+
<a id="size-c24d2e"></a>• [`max_request_header_size`](#size-c24d2e) - Optional Number<br>Maximum Request Header Size. The maximum request header size for downstream connections, in KiB. A HTTP 431 (Request Header Fields Too Large) error code is sent for requests that exceed this size. If multiple load balancers share the same advertise_policy, the highest value configured across all such load balancers is used for all the load balancers in question
|
|
789
789
|
|
|
790
|
-
<a id="
|
|
790
|
+
<a id="add-19fe20"></a>• [`request_cookies_to_add`](#add-19fe20) - Optional Block<br>Add Cookies in Cookie Header. Cookies are key-value pairs to be added to HTTP request being routed towards upstream. Cookies specified at this level are applied after cookies from matched Route are applied<br>See [Request Cookies To Add](#add-19fe20) below.
|
|
791
791
|
|
|
792
|
-
<a id="
|
|
792
|
+
<a id="remove-14fff8"></a>• [`request_cookies_to_remove`](#remove-14fff8) - Optional List<br>Remove Cookies from Cookie Header. List of keys of Cookies to be removed from the HTTP request being sent towards upstream
|
|
793
793
|
|
|
794
|
-
<a id="
|
|
794
|
+
<a id="add-1a07e4"></a>• [`request_headers_to_add`](#add-1a07e4) - Optional Block<br>Add Request Headers. Headers are key-value pairs to be added to HTTP request being routed towards upstream. Headers specified at this level are applied after headers from matched Route are applied<br>See [Request Headers To Add](#add-1a07e4) below.
|
|
795
795
|
|
|
796
|
-
<a id="
|
|
796
|
+
<a id="remove-58b55a"></a>• [`request_headers_to_remove`](#remove-58b55a) - Optional List<br>Remove Request Headers. List of keys of Headers to be removed from the HTTP request being sent towards upstream
|
|
797
797
|
|
|
798
|
-
<a id="
|
|
798
|
+
<a id="add-9fc6d2"></a>• [`response_cookies_to_add`](#add-9fc6d2) - Optional Block<br>Add Set-Cookie Headers. Cookies are name-value pairs along with optional attribute parameters to be added to HTTP response being sent towards downstream. Cookies specified at this level are applied after cookies from matched Route are applied<br>See [Response Cookies To Add](#add-9fc6d2) below.
|
|
799
799
|
|
|
800
|
-
<a id="
|
|
800
|
+
<a id="remove-c6e6e0"></a>• [`response_cookies_to_remove`](#remove-c6e6e0) - Optional List<br>Remove Cookies from Set-Cookie Headers. List of name of Cookies to be removed from the HTTP response being sent towards downstream. Entire set-cookie header will be removed
|
|
801
801
|
|
|
802
|
-
<a id="
|
|
802
|
+
<a id="add-3fc2d5"></a>• [`response_headers_to_add`](#add-3fc2d5) - Optional Block<br>Add Response Headers. Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied after headers from matched Route are applied<br>See [Response Headers To Add](#add-3fc2d5) below.
|
|
803
803
|
|
|
804
|
-
<a id="
|
|
804
|
+
<a id="remove-738a4c"></a>• [`response_headers_to_remove`](#remove-738a4c) - Optional List<br>Remove Response Headers. List of keys of Headers to be removed from the HTTP response being sent towards downstream
|
|
805
805
|
|
|
806
806
|
#### HTTP Proxy More Option Buffer Policy
|
|
807
807
|
|
|
808
808
|
A [`buffer_policy`](#http-proxy-more-option-buffer-policy) block (within [`http_proxy.more_option`](#http-proxy-more-option)) supports the following:
|
|
809
809
|
|
|
810
|
-
<a id="
|
|
810
|
+
<a id="disabled-107694"></a>• [`disabled`](#disabled-107694) - Optional Bool<br>Disable. Disable buffering for a particular route. This is useful when virtual-host has buffering, but we need to disable it on a specific route. The value of this field is ignored for virtual-host
|
|
811
811
|
|
|
812
|
-
<a id="
|
|
812
|
+
<a id="bytes-b00d03"></a>• [`max_request_bytes`](#bytes-b00d03) - Optional Number<br>Max Request Bytes. The maximum request size that the filter will buffer before the connection manager will stop buffering and return a RequestEntityTooLarge (413) response
|
|
813
813
|
|
|
814
814
|
#### HTTP Proxy More Option Compression Params
|
|
815
815
|
|
|
816
|
-
A [`compression_params`](#
|
|
816
|
+
A [`compression_params`](#params-c32856) block (within [`http_proxy.more_option`](#http-proxy-more-option)) supports the following:
|
|
817
817
|
|
|
818
|
-
<a id="
|
|
818
|
+
<a id="length-c8573b"></a>• [`content_length`](#length-c8573b) - Optional Number Defaults to `30`<br>Content Length. Minimum response length, in bytes, which will trigger compression. The
|
|
819
819
|
|
|
820
|
-
<a id="
|
|
820
|
+
<a id="type-794ba2"></a>• [`content_type`](#type-794ba2) - Optional List<br>Content Type. Set of strings that allows specifying which mime-types yield compression When this field is not defined, compression will be applied to the following mime-types: 'application/javascript' 'application/JSON', 'application/xhtml+XML' 'image/svg+XML' 'text/CSS' 'text/HTML' 'text/plain' 'text/XML'
|
|
821
821
|
|
|
822
|
-
<a id="
|
|
822
|
+
<a id="header-2ffee9"></a>• [`disable_on_etag_header`](#header-2ffee9) - Optional Bool<br>Disable On Etag Header. If true, disables compression when the response contains an etag header. When it is false, weak etags will be preserved and the ones that require strong validation will be removed
|
|
823
823
|
|
|
824
|
-
<a id="
|
|
824
|
+
<a id="header-925ccf"></a>• [`remove_accept_encoding_header`](#header-925ccf) - Optional Bool<br>Remove Accept-Encoding Header. If true, removes accept-encoding from the request headers before dispatching it to the upstream so that responses do not get compressed before reaching the filter
|
|
825
825
|
|
|
826
826
|
#### HTTP Proxy More Option Request Cookies To Add
|
|
827
827
|
|
|
828
|
-
A [`request_cookies_to_add`](#
|
|
828
|
+
A [`request_cookies_to_add`](#add-19fe20) block (within [`http_proxy.more_option`](#http-proxy-more-option)) supports the following:
|
|
829
829
|
|
|
830
|
-
<a id="
|
|
830
|
+
<a id="name-1e2d3b"></a>• [`name`](#name-1e2d3b) - Optional String<br>Name. Name of the cookie in Cookie header
|
|
831
831
|
|
|
832
|
-
<a id="
|
|
832
|
+
<a id="overwrite-962b6c"></a>• [`overwrite`](#overwrite-962b6c) - Optional Bool Defaults to `do`<br>Overwrite. Should the value be overwritten? If true, the value is overwritten to existing values. not overwrite
|
|
833
833
|
|
|
834
|
-
<a id="
|
|
834
|
+
<a id="value-a4c9dc"></a>• [`secret_value`](#value-a4c9dc) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Secret Value](#value-a4c9dc) below.
|
|
835
835
|
|
|
836
|
-
<a id="
|
|
836
|
+
<a id="value-89c552"></a>• [`value`](#value-89c552) - Optional String<br>Value. Value of the Cookie header
|
|
837
837
|
|
|
838
838
|
#### HTTP Proxy More Option Request Cookies To Add Secret Value
|
|
839
839
|
|
|
840
|
-
A [`secret_value`](#
|
|
840
|
+
A [`secret_value`](#value-a4c9dc) block (within [`http_proxy.more_option.request_cookies_to_add`](#add-19fe20)) supports the following:
|
|
841
841
|
|
|
842
|
-
<a id="
|
|
842
|
+
<a id="info-7deac1"></a>• [`blindfold_secret_info`](#info-7deac1) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-7deac1) below.
|
|
843
843
|
|
|
844
|
-
<a id="
|
|
844
|
+
<a id="info-1a6b08"></a>• [`clear_secret_info`](#info-1a6b08) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-1a6b08) below.
|
|
845
845
|
|
|
846
846
|
#### HTTP Proxy More Option Request Cookies To Add Secret Value Blindfold Secret Info
|
|
847
847
|
|
|
848
|
-
A [`blindfold_secret_info`](#
|
|
848
|
+
A [`blindfold_secret_info`](#info-7deac1) block (within [`http_proxy.more_option.request_cookies_to_add.secret_value`](#value-a4c9dc)) supports the following:
|
|
849
849
|
|
|
850
|
-
<a id="
|
|
850
|
+
<a id="provider-ea830a"></a>• [`decryption_provider`](#provider-ea830a) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
851
851
|
|
|
852
|
-
<a id="
|
|
852
|
+
<a id="location-f9a713"></a>• [`location`](#location-f9a713) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
853
853
|
|
|
854
|
-
<a id="
|
|
854
|
+
<a id="provider-9de5e7"></a>• [`store_provider`](#provider-9de5e7) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
855
855
|
|
|
856
856
|
#### HTTP Proxy More Option Request Cookies To Add Secret Value Clear Secret Info
|
|
857
857
|
|
|
858
|
-
A [`clear_secret_info`](#
|
|
858
|
+
A [`clear_secret_info`](#info-1a6b08) block (within [`http_proxy.more_option.request_cookies_to_add.secret_value`](#value-a4c9dc)) supports the following:
|
|
859
859
|
|
|
860
|
-
<a id="
|
|
860
|
+
<a id="ref-fdc0c3"></a>• [`provider_ref`](#ref-fdc0c3) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
861
861
|
|
|
862
|
-
<a id="
|
|
862
|
+
<a id="url-e1a1a1"></a>• [`url`](#url-e1a1a1) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
863
863
|
|
|
864
864
|
#### HTTP Proxy More Option Request Headers To Add
|
|
865
865
|
|
|
866
|
-
A [`request_headers_to_add`](#
|
|
866
|
+
A [`request_headers_to_add`](#add-1a07e4) block (within [`http_proxy.more_option`](#http-proxy-more-option)) supports the following:
|
|
867
867
|
|
|
868
|
-
<a id="
|
|
868
|
+
<a id="append-f431a4"></a>• [`append`](#append-f431a4) - Optional Bool Defaults to `do`<br>Append. Should the value be appended? If true, the value is appended to existing values. not append
|
|
869
869
|
|
|
870
|
-
<a id="
|
|
870
|
+
<a id="name-015632"></a>• [`name`](#name-015632) - Optional String<br>Name. Name of the HTTP header
|
|
871
871
|
|
|
872
|
-
<a id="
|
|
872
|
+
<a id="value-9a1eaa"></a>• [`secret_value`](#value-9a1eaa) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Secret Value](#value-9a1eaa) below.
|
|
873
873
|
|
|
874
|
-
<a id="
|
|
874
|
+
<a id="value-5c9796"></a>• [`value`](#value-5c9796) - Optional String<br>Value. Value of the HTTP header
|
|
875
875
|
|
|
876
876
|
#### HTTP Proxy More Option Request Headers To Add Secret Value
|
|
877
877
|
|
|
878
|
-
A [`secret_value`](#
|
|
878
|
+
A [`secret_value`](#value-9a1eaa) block (within [`http_proxy.more_option.request_headers_to_add`](#add-1a07e4)) supports the following:
|
|
879
879
|
|
|
880
|
-
<a id="
|
|
880
|
+
<a id="info-7ea53d"></a>• [`blindfold_secret_info`](#info-7ea53d) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-7ea53d) below.
|
|
881
881
|
|
|
882
|
-
<a id="
|
|
882
|
+
<a id="info-c88c74"></a>• [`clear_secret_info`](#info-c88c74) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-c88c74) below.
|
|
883
883
|
|
|
884
884
|
#### HTTP Proxy More Option Request Headers To Add Secret Value Blindfold Secret Info
|
|
885
885
|
|
|
886
|
-
A [`blindfold_secret_info`](#
|
|
886
|
+
A [`blindfold_secret_info`](#info-7ea53d) block (within [`http_proxy.more_option.request_headers_to_add.secret_value`](#value-9a1eaa)) supports the following:
|
|
887
887
|
|
|
888
|
-
<a id="
|
|
888
|
+
<a id="provider-fad46f"></a>• [`decryption_provider`](#provider-fad46f) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
889
889
|
|
|
890
|
-
<a id="
|
|
890
|
+
<a id="location-7c8a75"></a>• [`location`](#location-7c8a75) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
891
891
|
|
|
892
|
-
<a id="
|
|
892
|
+
<a id="provider-a6071e"></a>• [`store_provider`](#provider-a6071e) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
893
893
|
|
|
894
894
|
#### HTTP Proxy More Option Request Headers To Add Secret Value Clear Secret Info
|
|
895
895
|
|
|
896
|
-
A [`clear_secret_info`](#
|
|
896
|
+
A [`clear_secret_info`](#info-c88c74) block (within [`http_proxy.more_option.request_headers_to_add.secret_value`](#value-9a1eaa)) supports the following:
|
|
897
897
|
|
|
898
|
-
<a id="
|
|
898
|
+
<a id="ref-d915f3"></a>• [`provider_ref`](#ref-d915f3) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
899
899
|
|
|
900
|
-
<a id="
|
|
900
|
+
<a id="url-a57542"></a>• [`url`](#url-a57542) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
901
901
|
|
|
902
902
|
#### HTTP Proxy More Option Response Cookies To Add
|
|
903
903
|
|
|
904
|
-
A [`response_cookies_to_add`](#
|
|
904
|
+
A [`response_cookies_to_add`](#add-9fc6d2) block (within [`http_proxy.more_option`](#http-proxy-more-option)) supports the following:
|
|
905
905
|
|
|
906
|
-
<a id="
|
|
906
|
+
<a id="domain-4afb2c"></a>• [`add_domain`](#domain-4afb2c) - Optional String<br>Add Domain. Add domain attribute
|
|
907
907
|
|
|
908
|
-
<a id="
|
|
908
|
+
<a id="expiry-a39393"></a>• [`add_expiry`](#expiry-a39393) - Optional String<br>Add expiry. Add expiry attribute
|
|
909
909
|
|
|
910
|
-
<a id="
|
|
910
|
+
<a id="httponly-49f4f1"></a>• [`add_httponly`](#httponly-49f4f1) - Optional Block<br>Enable this option
|
|
911
911
|
|
|
912
|
-
<a id="
|
|
912
|
+
<a id="partitioned-227c4d"></a>• [`add_partitioned`](#partitioned-227c4d) - Optional Block<br>Enable this option
|
|
913
913
|
|
|
914
|
-
<a id="
|
|
914
|
+
<a id="path-e663f0"></a>• [`add_path`](#path-e663f0) - Optional String<br>Add path. Add path attribute
|
|
915
915
|
|
|
916
|
-
<a id="
|
|
916
|
+
<a id="secure-f1da73"></a>• [`add_secure`](#secure-f1da73) - Optional Block<br>Enable this option
|
|
917
917
|
|
|
918
|
-
<a id="
|
|
918
|
+
<a id="domain-ae69ee"></a>• [`ignore_domain`](#domain-ae69ee) - Optional Block<br>Enable this option
|
|
919
919
|
|
|
920
|
-
<a id="
|
|
920
|
+
<a id="expiry-173d3a"></a>• [`ignore_expiry`](#expiry-173d3a) - Optional Block<br>Enable this option
|
|
921
921
|
|
|
922
|
-
<a id="
|
|
922
|
+
<a id="httponly-246148"></a>• [`ignore_httponly`](#httponly-246148) - Optional Block<br>Enable this option
|
|
923
923
|
|
|
924
|
-
<a id="
|
|
924
|
+
<a id="age-7f22f4"></a>• [`ignore_max_age`](#age-7f22f4) - Optional Block<br>Enable this option
|
|
925
925
|
|
|
926
|
-
<a id="
|
|
926
|
+
<a id="partitioned-c9151d"></a>• [`ignore_partitioned`](#partitioned-c9151d) - Optional Block<br>Enable this option
|
|
927
927
|
|
|
928
|
-
<a id="
|
|
928
|
+
<a id="path-eafca4"></a>• [`ignore_path`](#path-eafca4) - Optional Block<br>Enable this option
|
|
929
929
|
|
|
930
|
-
<a id="
|
|
930
|
+
<a id="samesite-648cd1"></a>• [`ignore_samesite`](#samesite-648cd1) - Optional Block<br>Enable this option
|
|
931
931
|
|
|
932
|
-
<a id="
|
|
932
|
+
<a id="secure-4a37ad"></a>• [`ignore_secure`](#secure-4a37ad) - Optional Block<br>Enable this option
|
|
933
933
|
|
|
934
|
-
<a id="
|
|
934
|
+
<a id="value-0c9d49"></a>• [`ignore_value`](#value-0c9d49) - Optional Block<br>Enable this option
|
|
935
935
|
|
|
936
|
-
<a id="
|
|
936
|
+
<a id="value-a7c923"></a>• [`max_age_value`](#value-a7c923) - Optional Number<br>Add Max Age. Add max age attribute
|
|
937
937
|
|
|
938
|
-
<a id="
|
|
938
|
+
<a id="name-6a8889"></a>• [`name`](#name-6a8889) - Optional String<br>Name. Name of the cookie in Cookie header
|
|
939
939
|
|
|
940
|
-
<a id="
|
|
940
|
+
<a id="overwrite-b71a9b"></a>• [`overwrite`](#overwrite-b71a9b) - Optional Bool Defaults to `do`<br>Overwrite. Should the value be overwritten? If true, the value is overwritten to existing values. not overwrite
|
|
941
941
|
|
|
942
|
-
<a id="
|
|
942
|
+
<a id="lax-a82ffa"></a>• [`samesite_lax`](#lax-a82ffa) - Optional Block<br>Enable this option
|
|
943
943
|
|
|
944
|
-
<a id="
|
|
944
|
+
<a id="none-b1c4de"></a>• [`samesite_none`](#none-b1c4de) - Optional Block<br>Enable this option
|
|
945
945
|
|
|
946
|
-
<a id="
|
|
946
|
+
<a id="strict-af8892"></a>• [`samesite_strict`](#strict-af8892) - Optional Block<br>Enable this option
|
|
947
947
|
|
|
948
|
-
<a id="
|
|
948
|
+
<a id="value-4c5b93"></a>• [`secret_value`](#value-4c5b93) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Secret Value](#value-4c5b93) below.
|
|
949
949
|
|
|
950
|
-
<a id="
|
|
950
|
+
<a id="value-e5d31b"></a>• [`value`](#value-e5d31b) - Optional String<br>Value. Value of the Cookie header
|
|
951
951
|
|
|
952
952
|
#### HTTP Proxy More Option Response Cookies To Add Secret Value
|
|
953
953
|
|
|
954
|
-
A [`secret_value`](#
|
|
954
|
+
A [`secret_value`](#value-4c5b93) block (within [`http_proxy.more_option.response_cookies_to_add`](#add-9fc6d2)) supports the following:
|
|
955
955
|
|
|
956
|
-
<a id="
|
|
956
|
+
<a id="info-88f657"></a>• [`blindfold_secret_info`](#info-88f657) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-88f657) below.
|
|
957
957
|
|
|
958
|
-
<a id="
|
|
958
|
+
<a id="info-866bf6"></a>• [`clear_secret_info`](#info-866bf6) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-866bf6) below.
|
|
959
959
|
|
|
960
960
|
#### HTTP Proxy More Option Response Cookies To Add Secret Value Blindfold Secret Info
|
|
961
961
|
|
|
962
|
-
A [`blindfold_secret_info`](#
|
|
962
|
+
A [`blindfold_secret_info`](#info-88f657) block (within [`http_proxy.more_option.response_cookies_to_add.secret_value`](#value-4c5b93)) supports the following:
|
|
963
963
|
|
|
964
|
-
<a id="
|
|
964
|
+
<a id="provider-3e6f08"></a>• [`decryption_provider`](#provider-3e6f08) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
965
965
|
|
|
966
|
-
<a id="
|
|
966
|
+
<a id="location-b0b077"></a>• [`location`](#location-b0b077) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
967
967
|
|
|
968
|
-
<a id="
|
|
968
|
+
<a id="provider-448df7"></a>• [`store_provider`](#provider-448df7) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
969
969
|
|
|
970
970
|
#### HTTP Proxy More Option Response Cookies To Add Secret Value Clear Secret Info
|
|
971
971
|
|
|
972
|
-
A [`clear_secret_info`](#
|
|
972
|
+
A [`clear_secret_info`](#info-866bf6) block (within [`http_proxy.more_option.response_cookies_to_add.secret_value`](#value-4c5b93)) supports the following:
|
|
973
973
|
|
|
974
|
-
<a id="
|
|
974
|
+
<a id="ref-d2be56"></a>• [`provider_ref`](#ref-d2be56) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
975
975
|
|
|
976
|
-
<a id="
|
|
976
|
+
<a id="url-38d095"></a>• [`url`](#url-38d095) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
977
977
|
|
|
978
978
|
#### HTTP Proxy More Option Response Headers To Add
|
|
979
979
|
|
|
980
|
-
A [`response_headers_to_add`](#
|
|
980
|
+
A [`response_headers_to_add`](#add-3fc2d5) block (within [`http_proxy.more_option`](#http-proxy-more-option)) supports the following:
|
|
981
981
|
|
|
982
|
-
<a id="
|
|
982
|
+
<a id="append-50d79c"></a>• [`append`](#append-50d79c) - Optional Bool Defaults to `do`<br>Append. Should the value be appended? If true, the value is appended to existing values. not append
|
|
983
983
|
|
|
984
|
-
<a id="
|
|
984
|
+
<a id="name-ffa93f"></a>• [`name`](#name-ffa93f) - Optional String<br>Name. Name of the HTTP header
|
|
985
985
|
|
|
986
|
-
<a id="
|
|
986
|
+
<a id="value-097035"></a>• [`secret_value`](#value-097035) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Secret Value](#value-097035) below.
|
|
987
987
|
|
|
988
|
-
<a id="
|
|
988
|
+
<a id="value-a694e5"></a>• [`value`](#value-a694e5) - Optional String<br>Value. Value of the HTTP header
|
|
989
989
|
|
|
990
990
|
#### HTTP Proxy More Option Response Headers To Add Secret Value
|
|
991
991
|
|
|
992
|
-
A [`secret_value`](#
|
|
992
|
+
A [`secret_value`](#value-097035) block (within [`http_proxy.more_option.response_headers_to_add`](#add-3fc2d5)) supports the following:
|
|
993
993
|
|
|
994
|
-
<a id="
|
|
994
|
+
<a id="info-9529ae"></a>• [`blindfold_secret_info`](#info-9529ae) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-9529ae) below.
|
|
995
995
|
|
|
996
|
-
<a id="
|
|
996
|
+
<a id="info-4480b0"></a>• [`clear_secret_info`](#info-4480b0) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-4480b0) below.
|
|
997
997
|
|
|
998
998
|
#### HTTP Proxy More Option Response Headers To Add Secret Value Blindfold Secret Info
|
|
999
999
|
|
|
1000
|
-
A [`blindfold_secret_info`](#
|
|
1000
|
+
A [`blindfold_secret_info`](#info-9529ae) block (within [`http_proxy.more_option.response_headers_to_add.secret_value`](#value-097035)) supports the following:
|
|
1001
1001
|
|
|
1002
|
-
<a id="
|
|
1002
|
+
<a id="provider-029b0e"></a>• [`decryption_provider`](#provider-029b0e) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
1003
1003
|
|
|
1004
|
-
<a id="
|
|
1004
|
+
<a id="location-dde4ed"></a>• [`location`](#location-dde4ed) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
1005
1005
|
|
|
1006
|
-
<a id="
|
|
1006
|
+
<a id="provider-53041d"></a>• [`store_provider`](#provider-53041d) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
1007
1007
|
|
|
1008
1008
|
#### HTTP Proxy More Option Response Headers To Add Secret Value Clear Secret Info
|
|
1009
1009
|
|
|
1010
|
-
A [`clear_secret_info`](#
|
|
1010
|
+
A [`clear_secret_info`](#info-4480b0) block (within [`http_proxy.more_option.response_headers_to_add.secret_value`](#value-097035)) supports the following:
|
|
1011
1011
|
|
|
1012
|
-
<a id="
|
|
1012
|
+
<a id="ref-755a3e"></a>• [`provider_ref`](#ref-755a3e) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
1013
1013
|
|
|
1014
|
-
<a id="
|
|
1014
|
+
<a id="url-5a6d87"></a>• [`url`](#url-5a6d87) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
1015
1015
|
|
|
1016
1016
|
#### Site Virtual Sites
|
|
1017
1017
|
|
|
@@ -1027,47 +1027,47 @@ An [`advertise_where`](#site-virtual-sites-advertise-where) block (within [`site
|
|
|
1027
1027
|
|
|
1028
1028
|
<a id="site-virtual-sites-advertise-where-site"></a>• [`site`](#site-virtual-sites-advertise-where-site) - Optional Block<br>Site. This defines a reference to a CE site along with network type and an optional IP address where a load balancer could be advertised<br>See [Site](#site-virtual-sites-advertise-where-site) below.
|
|
1029
1029
|
|
|
1030
|
-
<a id="
|
|
1030
|
+
<a id="port-7cb8fb"></a>• [`use_default_port`](#port-7cb8fb) - Optional Block<br>Enable this option
|
|
1031
1031
|
|
|
1032
|
-
<a id="site-
|
|
1032
|
+
<a id="site-7107b1"></a>• [`virtual_site`](#site-7107b1) - Optional Block<br>Virtual Site. This defines a reference to a customer site virtual site along with network type where a load balancer could be advertised<br>See [Virtual Site](#site-7107b1) below.
|
|
1033
1033
|
|
|
1034
1034
|
#### Site Virtual Sites Advertise Where Site
|
|
1035
1035
|
|
|
1036
1036
|
A [`site`](#site-virtual-sites-advertise-where-site) block (within [`site_virtual_sites.advertise_where`](#site-virtual-sites-advertise-where)) supports the following:
|
|
1037
1037
|
|
|
1038
|
-
<a id="site-
|
|
1038
|
+
<a id="site-ip-4eb476"></a>• [`ip`](#site-ip-4eb476) - Optional String<br>IP Address. Use given IP address as VIP on the site
|
|
1039
1039
|
|
|
1040
|
-
<a id="
|
|
1040
|
+
<a id="network-647eba"></a>• [`network`](#network-647eba) - Optional String Defaults to `SITE_NETWORK_INSIDE_AND_OUTSIDE`<br>Possible values are `SITE_NETWORK_INSIDE_AND_OUTSIDE`, `SITE_NETWORK_INSIDE`, `SITE_NETWORK_OUTSIDE`, `SITE_NETWORK_SERVICE`, `SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP`, `SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP`, `SITE_NETWORK_IP_FABRIC`<br>[Enum: SITE_NETWORK_INSIDE_AND_OUTSIDE|SITE_NETWORK_INSIDE|SITE_NETWORK_OUTSIDE|SITE_NETWORK_SERVICE|SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_IP_FABRIC] Site Network. This defines network types to be used on site All inside and outside networks. All inside and outside networks with internet VIP support. All inside networks. All outside networks. All outside networks with internet VIP support. vK8s service network. - SITE_NETWORK_IP_FABRIC: VER IP Fabric network for the site This Virtual network type is used for exposing virtual host on IP Fabric network on the VER site or for endpoint in IP Fabric network
|
|
1041
1041
|
|
|
1042
|
-
<a id="site-
|
|
1042
|
+
<a id="site-91e167"></a>• [`site`](#site-91e167) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Site](#site-91e167) below.
|
|
1043
1043
|
|
|
1044
1044
|
#### Site Virtual Sites Advertise Where Site Site
|
|
1045
1045
|
|
|
1046
|
-
A [`site`](#site-
|
|
1046
|
+
A [`site`](#site-91e167) block (within [`site_virtual_sites.advertise_where.site`](#site-virtual-sites-advertise-where-site)) supports the following:
|
|
1047
1047
|
|
|
1048
|
-
<a id="
|
|
1048
|
+
<a id="name-e8af64"></a>• [`name`](#name-e8af64) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
1049
1049
|
|
|
1050
|
-
<a id="
|
|
1050
|
+
<a id="namespace-81a6ad"></a>• [`namespace`](#namespace-81a6ad) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
1051
1051
|
|
|
1052
|
-
<a id="
|
|
1052
|
+
<a id="tenant-d56172"></a>• [`tenant`](#tenant-d56172) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
1053
1053
|
|
|
1054
1054
|
#### Site Virtual Sites Advertise Where Virtual Site
|
|
1055
1055
|
|
|
1056
|
-
A [`virtual_site`](#site-
|
|
1056
|
+
A [`virtual_site`](#site-7107b1) block (within [`site_virtual_sites.advertise_where`](#site-virtual-sites-advertise-where)) supports the following:
|
|
1057
1057
|
|
|
1058
|
-
<a id="
|
|
1058
|
+
<a id="network-31ecf8"></a>• [`network`](#network-31ecf8) - Optional String Defaults to `SITE_NETWORK_INSIDE_AND_OUTSIDE`<br>Possible values are `SITE_NETWORK_INSIDE_AND_OUTSIDE`, `SITE_NETWORK_INSIDE`, `SITE_NETWORK_OUTSIDE`, `SITE_NETWORK_SERVICE`, `SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP`, `SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP`, `SITE_NETWORK_IP_FABRIC`<br>[Enum: SITE_NETWORK_INSIDE_AND_OUTSIDE|SITE_NETWORK_INSIDE|SITE_NETWORK_OUTSIDE|SITE_NETWORK_SERVICE|SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_IP_FABRIC] Site Network. This defines network types to be used on site All inside and outside networks. All inside and outside networks with internet VIP support. All inside networks. All outside networks. All outside networks with internet VIP support. vK8s service network. - SITE_NETWORK_IP_FABRIC: VER IP Fabric network for the site This Virtual network type is used for exposing virtual host on IP Fabric network on the VER site or for endpoint in IP Fabric network
|
|
1059
1059
|
|
|
1060
|
-
<a id="site-
|
|
1060
|
+
<a id="site-ba773e"></a>• [`virtual_site`](#site-ba773e) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Virtual Site](#site-ba773e) below.
|
|
1061
1061
|
|
|
1062
1062
|
#### Site Virtual Sites Advertise Where Virtual Site Virtual Site
|
|
1063
1063
|
|
|
1064
|
-
A [`virtual_site`](#site-
|
|
1064
|
+
A [`virtual_site`](#site-ba773e) block (within [`site_virtual_sites.advertise_where.virtual_site`](#site-7107b1)) supports the following:
|
|
1065
1065
|
|
|
1066
|
-
<a id="
|
|
1066
|
+
<a id="name-5ca0eb"></a>• [`name`](#name-5ca0eb) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
1067
1067
|
|
|
1068
|
-
<a id="
|
|
1068
|
+
<a id="namespace-b5e1da"></a>• [`namespace`](#namespace-b5e1da) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
1069
1069
|
|
|
1070
|
-
<a id="
|
|
1070
|
+
<a id="tenant-0a6cf8"></a>• [`tenant`](#tenant-0a6cf8) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
1071
1071
|
|
|
1072
1072
|
#### Timeouts
|
|
1073
1073
|
|
|
@@ -1101,49 +1101,49 @@ A [`tls_intercept`](#tls-intercept) block supports the following:
|
|
|
1101
1101
|
|
|
1102
1102
|
A [`custom_certificate`](#tls-intercept-custom-certificate) block (within [`tls_intercept`](#tls-intercept)) supports the following:
|
|
1103
1103
|
|
|
1104
|
-
<a id="
|
|
1104
|
+
<a id="url-b70ccd"></a>• [`certificate_url`](#url-b70ccd) - Optional String<br>Certificate. TLS certificate. Certificate or certificate chain in PEM format including the PEM headers
|
|
1105
1105
|
|
|
1106
|
-
<a id="
|
|
1106
|
+
<a id="algorithms-04b03c"></a>• [`custom_hash_algorithms`](#algorithms-04b03c) - Optional Block<br>Hash Algorithms. Specifies the hash algorithms to be used<br>See [Custom Hash Algorithms](#algorithms-04b03c) below.
|
|
1107
1107
|
|
|
1108
|
-
<a id="
|
|
1108
|
+
<a id="spec-309e16"></a>• [`description_spec`](#spec-309e16) - Optional String<br>Description. Description for the certificate
|
|
1109
1109
|
|
|
1110
|
-
<a id="
|
|
1110
|
+
<a id="stapling-e452bc"></a>• [`disable_ocsp_stapling`](#stapling-e452bc) - Optional Block<br>Enable this option
|
|
1111
1111
|
|
|
1112
|
-
<a id="
|
|
1112
|
+
<a id="key-64ce0d"></a>• [`private_key`](#key-64ce0d) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Private Key](#key-64ce0d) below.
|
|
1113
1113
|
|
|
1114
|
-
<a id="
|
|
1114
|
+
<a id="defaults-a85c93"></a>• [`use_system_defaults`](#defaults-a85c93) - Optional Block<br>Enable this option
|
|
1115
1115
|
|
|
1116
1116
|
#### TLS Intercept Custom Certificate Custom Hash Algorithms
|
|
1117
1117
|
|
|
1118
|
-
A [`custom_hash_algorithms`](#
|
|
1118
|
+
A [`custom_hash_algorithms`](#algorithms-04b03c) block (within [`tls_intercept.custom_certificate`](#tls-intercept-custom-certificate)) supports the following:
|
|
1119
1119
|
|
|
1120
|
-
<a id="
|
|
1120
|
+
<a id="algorithms-bb1c8a"></a>• [`hash_algorithms`](#algorithms-bb1c8a) - Optional List Defaults to `INVALID_HASH_ALGORITHM`<br>Possible values are `INVALID_HASH_ALGORITHM`, `SHA256`, `SHA1`<br>[Enum: INVALID_HASH_ALGORITHM|SHA256|SHA1] Hash Algorithms. Ordered list of hash algorithms to be used
|
|
1121
1121
|
|
|
1122
1122
|
#### TLS Intercept Custom Certificate Private Key
|
|
1123
1123
|
|
|
1124
|
-
A [`private_key`](#
|
|
1124
|
+
A [`private_key`](#key-64ce0d) block (within [`tls_intercept.custom_certificate`](#tls-intercept-custom-certificate)) supports the following:
|
|
1125
1125
|
|
|
1126
|
-
<a id="
|
|
1126
|
+
<a id="info-678e4d"></a>• [`blindfold_secret_info`](#info-678e4d) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-678e4d) below.
|
|
1127
1127
|
|
|
1128
|
-
<a id="
|
|
1128
|
+
<a id="info-cd6226"></a>• [`clear_secret_info`](#info-cd6226) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-cd6226) below.
|
|
1129
1129
|
|
|
1130
1130
|
#### TLS Intercept Custom Certificate Private Key Blindfold Secret Info
|
|
1131
1131
|
|
|
1132
|
-
A [`blindfold_secret_info`](#
|
|
1132
|
+
A [`blindfold_secret_info`](#info-678e4d) block (within [`tls_intercept.custom_certificate.private_key`](#key-64ce0d)) supports the following:
|
|
1133
1133
|
|
|
1134
|
-
<a id="
|
|
1134
|
+
<a id="provider-e5c325"></a>• [`decryption_provider`](#provider-e5c325) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
1135
1135
|
|
|
1136
|
-
<a id="
|
|
1136
|
+
<a id="location-1fa93a"></a>• [`location`](#location-1fa93a) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
1137
1137
|
|
|
1138
|
-
<a id="
|
|
1138
|
+
<a id="provider-205f6b"></a>• [`store_provider`](#provider-205f6b) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
1139
1139
|
|
|
1140
1140
|
#### TLS Intercept Custom Certificate Private Key Clear Secret Info
|
|
1141
1141
|
|
|
1142
|
-
A [`clear_secret_info`](#
|
|
1142
|
+
A [`clear_secret_info`](#info-cd6226) block (within [`tls_intercept.custom_certificate.private_key`](#key-64ce0d)) supports the following:
|
|
1143
1143
|
|
|
1144
|
-
<a id="
|
|
1144
|
+
<a id="ref-3ab118"></a>• [`provider_ref`](#ref-3ab118) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
1145
1145
|
|
|
1146
|
-
<a id="
|
|
1146
|
+
<a id="url-78646a"></a>• [`url`](#url-78646a) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
1147
1147
|
|
|
1148
1148
|
#### TLS Intercept Policy
|
|
1149
1149
|
|
|
@@ -1155,21 +1155,21 @@ A [`policy`](#tls-intercept-policy) block (within [`tls_intercept`](#tls-interce
|
|
|
1155
1155
|
|
|
1156
1156
|
An [`interception_rules`](#tls-intercept-policy-interception-rules) block (within [`tls_intercept.policy`](#tls-intercept-policy)) supports the following:
|
|
1157
1157
|
|
|
1158
|
-
<a id="
|
|
1158
|
+
<a id="interception-f6b646"></a>• [`disable_interception`](#interception-f6b646) - Optional Block<br>Enable this option
|
|
1159
1159
|
|
|
1160
|
-
<a id="
|
|
1160
|
+
<a id="match-42a3da"></a>• [`domain_match`](#match-42a3da) - Optional Block<br>Domains. Domains names<br>See [Domain Match](#match-42a3da) below.
|
|
1161
1161
|
|
|
1162
|
-
<a id="
|
|
1162
|
+
<a id="interception-e82eca"></a>• [`enable_interception`](#interception-e82eca) - Optional Block<br>Enable this option
|
|
1163
1163
|
|
|
1164
1164
|
#### TLS Intercept Policy Interception Rules Domain Match
|
|
1165
1165
|
|
|
1166
|
-
A [`domain_match`](#
|
|
1166
|
+
A [`domain_match`](#match-42a3da) block (within [`tls_intercept.policy.interception_rules`](#tls-intercept-policy-interception-rules)) supports the following:
|
|
1167
1167
|
|
|
1168
|
-
<a id="
|
|
1168
|
+
<a id="value-5de498"></a>• [`exact_value`](#value-5de498) - Optional String<br>Exact Value. Exact domain name
|
|
1169
1169
|
|
|
1170
|
-
<a id="
|
|
1170
|
+
<a id="value-7aa963"></a>• [`regex_value`](#value-7aa963) - Optional String<br>Regex Values of Domains. Regular Expression value for the domain name
|
|
1171
1171
|
|
|
1172
|
-
<a id="
|
|
1172
|
+
<a id="value-5d0d1d"></a>• [`suffix_value`](#value-5d0d1d) - Optional String<br>Suffix Value. Suffix of domain name e.g 'xyz.com' will match '*.xyz.com' and 'xyz.com'
|
|
1173
1173
|
|
|
1174
1174
|
## Import
|
|
1175
1175
|
|