-
Feature Request
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
Product / Portfolio Work
-
None
-
None
-
None
-
None
-
None
-
-
-
None
-
-
None
-
None
-
None
- Proposed title of this feature request:
Support for the X-Aws-CFID and X-Azure-FDID HTTP header
2. What is the nature and description of the request?
When an AWS CloudFront is deployed on the cloud infrastructure an AWS or Azure customer must check the `X-Aws-CFID` HTTP header in order to validate the requests coming from a specific AWS CloudFRont.
When an Azure Front Door is deployed on the cloud infrastructure an Azure or AWS customer must check the `X-Azure-FDID` HTTP header in order to validate the requests coming from a specific Front Door.
The ask of this RFE is to implement a generic API for saying, "Reject the request if header x-foo does not have value 'bar'". That is, we should implement a generic API that would cover both AWS and Azure as well as other potential use-cases
More Info:
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/add-origin-custom-headers.html
- https://learn.microsoft.com/en-us/azure/frontdoor/origin-security?tabs=app-service-functions&pivots=front-door-standard-premium
- https://github.com/kubernetes/ingress-nginx/issues/6519
3. Why does the customer need this? (List the business requirements here)
This is a requirement and best-practice defined by AWS in order to secure workloads behind a CloudFront
This is a requirement and best-practice defined by Microsoft in order to secure workloads behind a Front Door
4. List any affected packages or components.
OpenShift Ingress Router
- is blocked by
-
NE-1292 Support for the X-Azure-FDID HTTP Header
-
- New
-
- relates to
-
-
- Closed
-
-
-
- New
-
- links to
