Document updated on Jan 19, 2022
Customizing router behavior
The optional router configuration allows you to set global flags that change the way KrakenD processes the requests at the router layer.
Generally speaking you don’t need this. But in every case there is an exception and you might eventually need to change some value.
To change the router behavior, add the namespace router
under the global extra_config
. The following example shows how to return the error to the client:
See below the list of supported flags.
Supported router flags
The following sections describe the flags and options available to configure the router. Include only those that you need to override.
Customizing the health endpoint
You can set the following router options to customize how the health endpoint behaves:
disable_health
(boolean): When true you don’t have any exposed health endpoint. You can still use a TCP checker or build an endpoint yourself.health_path
(string): The path where you’d like to expose the health endpoint. The default value is/__health
.
Returning the gateway error message
The secure choice of KrakenD is that all errors generated at the gateway are not returned to the client in the body. By settting return_error_msg
(boolean) to true
, when there is an error in the gateway (such as a timeout, a non-200 status code, etc.) it returns to the client the reason for the failure. The error is written in the body as is.
{
"version": 3,
"extra_config": {
"router":{
"return_error_msg":true
}
}
URLs, methods, and automatic redirections
There are two types of automatic redirections that happen at the router level. They can be disabled as follows:
disable_redirect_trailing_slash
(boolean): Disables automatic redirection if the current route can’t be matched but a handler for the path with (without) the trailing slash exists. For example if/foo/
is requested but a route only exists for/foo
, the client is redirected to/foo
with http status code301
for GET requests and307
for all other request methods.disable_redirect_fixed_path
(boolean): If enabled, the router tries to fix the current request path, if no handle is registered for it. First superfluous path elements like../
or//
are removed. Afterwards the router does a case-insensitive lookup of the cleaned path. If a handle can be found for this route, the router makes a redirection to the corrected path with status code301
for GET requests and307
for all other request methods. For example/FOO
and/..//Foo
could be redirected to/foo
. The flagdisable_redirect_trailing_slash
is independent of this option.disable_path_decoding
(boolean): Disables automatic validation of the url params looking for url encoded ones. The default behavior (false
) is to avoid double URL encoding of parameters that could lead to backend exploration. The server rejects with a400
when the user is trying to make an injection with double (or more) URL-encoded parameters.remove_extra_slash
(boolean): A parameter can be parsed from the URL even with extra slashes.disable_handle_method_not_allowed
(boolean): Whether to checks if another method is allowed for the current route, if the current request can not be routed. If this is the case, the request is answered withMethod Not Allowed
and HTTP status code405
. If no other Method is allowed, the request is a404
.auto_options
(boolean): Auto Options enables the autogeneratedOPTIONS
endpoint for all the registered paths
disable_redirect_fixed_path=true
to avoid possible panics.Obtaining the real IP
The following three flags determine how to get the client IP address:
forwarded_by_client_ip
(boolean): When set to true, client IP will be parsed from the request’s headers. If no IP can be fetched, it falls back to the IP obtained from the request’s remote address.remote_ip_headers
(list): List of headers used to obtain the client IP whenforwarded_by_client_ip
is set totrue
and the remote address is matched by at least one of the network origins oftrusted_proxies
.trusted_proxies
(list): List of network origins (IPv4 addresses, IPv4 CIDRs, IPv6 addresses or IPv6 CIDRs) from which to trust request’s headers that contain alternative client IP whenforwarded_by_client_ip
istrue
.{ "version": 3, "extra_config": { "router":{ "forwarded_by_client_ip": true, "remote_ip_headers": [ "X-Custom-Ip" ], "trusted_proxies": [ "172.20.0.1/16" ] } }
App Engine integration
The app_engine
boolean trusts headers starting with X-AppEngine...
for better integration with that PaaS.
{
"version": 3,
"extra_config": {
"router":{
"app_engine": true
}
}
Memory available for Multipart forms
The max_multipart_memory
integer sets the ‘maxMemory’ param that is given to http.Request’s Multipart Form method call.
Remove requests from logs
There are two options to remove content from logs:
logger_skip_paths
list defines the set of paths that are removed from the logging.disable_access_log
boolean stops registering access requests to KrakenD and leaving any logs out from the output.
{
"version": 3,
"extra_config": {
"router":{
"logger_skip_paths":[
"/__health"
],
"disable_access_log": true
}
}