-
Feature Request
-
Resolution: Done
-
Major
-
None
-
False
-
None
-
False
-
Not Selected
-
-
-
-
-
1. Proposed title of this feature request:
Support for the X-Azure-FDID HTTP header
2. What is the nature and description of the request?
When an Azure Front Door is deployed on the cloud infrastructure an Azure customer must check the `X-Azure-FDID` HTTP header in order to validate the requests coming from a specific Front Door.
The ask of this RFE is to support a new annotation (proposed name `haproxy.router.openshift.io/azure-front-door-id`) that one can use in order to define which Front Door is allowed:
- if the `X-Azure-FDID` header matches the `haproxy.router.openshift.io/azure-front-door-id` value the request will be allowed
- if the `X-Azure-FDID` header does not matche the `haproxy.router.openshift.io/azure-front-door-id` value the request will be denied
More Info:
- https://learn.microsoft.com/en-us/azure/frontdoor/origin-security?tabs=app-service-functions&pivots=front-door-standard-premium
- https://github.com/kubernetes/ingress-nginx/issues/6519
3. Why does the customer need this? (List the business requirements here)
This is a requirement and best-practice defined by Microsoft in order to secure workloads behind a Front Door
4. List any affected packages or components.
OpenShift Ingress Router
- is incorporated by
-
NE-1292 Support for the X-Azure-FDID HTTP Header
- New
-
OCPSTRAT-224 [Azure] Support for the X-Azure-FDID HTTP header
- New
- links to