File: ForwardedHeadersOptions.cs
Web Access
Project: src\src\Middleware\HttpOverrides\src\Microsoft.AspNetCore.HttpOverrides.csproj (Microsoft.AspNetCore.HttpOverrides)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using Microsoft.AspNetCore.HttpOverrides;
using IPAddress = System.Net.IPAddress;
 
namespace Microsoft.AspNetCore.Builder;
 
/// <summary>
/// Options for <see cref="ForwardedHeadersMiddleware"/>
/// </summary>
public class ForwardedHeadersOptions
{
    /// <summary>
    /// Gets or sets the header used to retrieve the originating client IP. Defaults to the value specified by
    /// <see cref="ForwardedHeadersDefaults.XForwardedForHeaderName"/>.
    /// </summary>
    public string ForwardedForHeaderName { get; set; } = ForwardedHeadersDefaults.XForwardedForHeaderName;
 
    /// <summary>
    /// Gets or sets the header used to retrieve the original value of the Host header field.
    /// Defaults to the value specified by <see cref="ForwardedHeadersDefaults.XForwardedHostHeaderName"/>
    /// </summary>
    public string ForwardedHostHeaderName { get; set; } = ForwardedHeadersDefaults.XForwardedHostHeaderName;
 
    /// <summary>
    /// Gets or sets the header used to retrieve the value for the originating scheme (HTTP/HTTPS).
    /// Defaults to the value specified by <see cref="ForwardedHeadersDefaults.XForwardedProtoHeaderName"/>
    /// </summary>
    public string ForwardedProtoHeaderName { get; set; } = ForwardedHeadersDefaults.XForwardedProtoHeaderName;
 
    /// <summary>
    /// Gets or sets the header used to retrieve the value for the path base.
    /// Defaults to the value specified by <see cref="ForwardedHeadersDefaults.XForwardedPrefixHeaderName"/>
    /// </summary>
    public string ForwardedPrefixHeaderName { get; set; } = ForwardedHeadersDefaults.XForwardedPrefixHeaderName;
 
    /// <summary>
    /// Gets or sets the header used to store the original value of client IP before applying forwarded headers.
    /// Defaults to the value specified by <see cref="ForwardedHeadersDefaults.XOriginalForHeaderName"/>
    /// </summary>
    /// <seealso cref="ForwardedHeadersDefaults"/>
    public string OriginalForHeaderName { get; set; } = ForwardedHeadersDefaults.XOriginalForHeaderName;
 
    /// <summary>
    /// Gets or sets the header used to store the original value of the Host header field before applying forwarded headers.
    /// Defaults to the value specified by <see cref="ForwardedHeadersDefaults.XOriginalHostHeaderName"/>
    /// </summary>
    /// <seealso cref="ForwardedHeadersDefaults"/>
    public string OriginalHostHeaderName { get; set; } = ForwardedHeadersDefaults.XOriginalHostHeaderName;
 
    /// <summary>
    /// Gets or sets the header used to store the original scheme (HTTP/HTTPS) before applying forwarded headers.
    /// Defaults to the value specified by <see cref="ForwardedHeadersDefaults.XOriginalProtoHeaderName"/>
    /// </summary>
    /// <seealso cref="ForwardedHeadersDefaults"/>
    public string OriginalProtoHeaderName { get; set; } = ForwardedHeadersDefaults.XOriginalProtoHeaderName;
 
    /// <summary>
    /// Gets or sets the header used to store the original path base before applying forwarded headers.
    /// Defaults to the value specified by <see cref="ForwardedHeadersDefaults.XOriginalPrefixHeaderName"/>
    /// </summary>
    /// <seealso cref="ForwardedHeadersDefaults"/>
    public string OriginalPrefixHeaderName { get; set; } = ForwardedHeadersDefaults.XOriginalPrefixHeaderName;
 
    /// <summary>
    /// Identifies which forwarders should be processed.
    /// </summary>
    public ForwardedHeaders ForwardedHeaders { get; set; }
 
    /// <summary>
    /// Limits the number of entries in the headers that will be processed. The default value is 1.
    /// Set to null to disable the limit, but this should only be done if
    /// KnownProxies or KnownNetworks are configured.
    /// </summary>
    public int? ForwardLimit { get; set; } = 1;
 
    /// <summary>
    /// Addresses of known proxies to accept forwarded headers from.
    /// </summary>
    public IList<IPAddress> KnownProxies { get; } = new List<IPAddress>() { IPAddress.IPv6Loopback };
 
    /// <summary>
    /// Address ranges of known proxies to accept forwarded headers from.
    /// </summary>
    public IList<IPNetwork> KnownNetworks { get; } = new List<IPNetwork>() { new IPNetwork(IPAddress.Loopback, 8) };
 
    /// <summary>
    /// The allowed values from x-forwarded-host. If the list is empty then all hosts are allowed.
    /// Failing to restrict this these values may allow an attacker to spoof links generated by your service.
    /// </summary>
    /// <remarks>
    /// <list type="bullet">
    /// <item><description>Port numbers must be excluded.</description></item>
    /// <item><description>A top level wildcard "*" allows all non-empty hosts.</description></item>
    /// <item><description>Subdomain wildcards are permitted. E.g. "*.example.com" matches subdomains like foo.example.com,
    ///    but not the parent domain example.com.</description></item>
    /// <item><description>Unicode host names are allowed but will be converted to punycode for matching.</description></item>
    /// <item><description>IPv6 addresses must include their bounding brackets and be in their normalized form.</description></item>
    /// </list>
    /// </remarks>
    public IList<string> AllowedHosts { get; set; } = new List<string>();
 
    /// <summary>
    /// Require the number of header values to be in sync between the different headers being processed.
    /// The default is 'false'.
    /// </summary>
    public bool RequireHeaderSymmetry { get; set; }
}