Customize HTTP request headers in origin requests using rules - Edge Security Acceleration

An HTTP request header is a component of an HTTP request message that contains parameters for a server. You can configure rules for origin HTTP request headers to pass specific parameters to your origin server. Edge Security Acceleration (ESA) lets you add, modify, and delete these rules to meet various business requirements.

Introduction

When a client requests a resource, the request first reaches ESA. If the request is a cache miss on an ESA point of presence (POP), the ESA POP sends an origin request that contains the outgoing HTTP request header to the origin server to retrieve data. You can adjust the outgoing HTTP request header as needed:

Notes

When rules take effect: This feature is triggered only when a request results in a cache miss on an ESA point of presence (POP) and content must be retrieved from the origin server during an origin fetch. The rule is not executed for requests that result in a cache hit and are served directly by the ESA POP.
Execution order: If a single rule contains multiple operations, they are executed sequentially from top to bottom. If multiple operations target the same request header, the last operation overwrites the results of previous operations. For example, if the original client request contains the header test:123, and a rule is configured to first add the header test:321 and then delete the header test, the test header is completely removed from the origin request.

Procedure

After you add a rule, when a user requests a resource, ESA matches and executes rules sequentially based on the rule execution priority.

In the ESA console, choose Websites, and click the target site in the Website column.
In the navigation pane on the left, choose Rules > Transform Rules.
Click the Modify request header tab, select the ESA to Origin item, and click Create Rule.

In the Add Request Header Modification Rule area, configure the following:

Rule Name: Enter a custom rule name.
If requests match...: Select the conditions for matching requests.
- All Requests: The rule applies to all requests for the current site.
- Filtered Requests: The rule applies only to traffic that matches a custom expression. Configure a custom expression to filter traffic.

Modify Request Header: The action to perform on matching requests.

Operation	Type	Description	Example
Add	Static	Adds the specified request header to the origin request. If the client request already contains a header with the same name, the new header overwrites the existing one.	To add a request header named `x-code` with the value `key1`, enter the following: Request Header Name: `x-code` Request Header Value: `key1`
Add	Dynamic	The header value can be set to an expression.	To add a request header named `True-Client-IP` with the value `ip.src` to record the client's originating IP address, enter the following: Request Header Name: `True-Client-IP` Request Header Value: `ip.src`
Change	Static	Changes the value of a specified request header in the origin request.	To change the value of the request header named `x-code` to `key2` in the origin request, enter the following: Request Header Name: `x-code` Request Header Value: `key2`
Change	Dynamic	The header value can be set to an expression.	To change the request header named `True-Client-IP` to the value `ip.src` in the origin request, setting its value to the client's originating IP address, enter the following: Request Header Name: `True-Client-IP` Request Header Value: `ip.src`
Delete		Deletes all headers from the origin request that match the specified Request Header Name, regardless of whether there are duplicate header parameters.	To delete the request header named `x-code`, enter the Request Header Name: `x-code`.

Note

Do not configure a Request Header Name that starts with ali- or Ali-.
To configure multiple values for the Request Header Value, separate them with a comma (,).
The delete operation is the same for both static and dynamic patterns.
The modify operation changes an existing header. This operation applies only if a header with the specified name exists in the original request.
In a single rule, multiple operations are executed sequentially. If different operations target the same header name, the last operation overwrites the previous ones.

Expression configuration examples

Add the originating IP address of the client

Use case

Add a request header to record the originating IP address of the client for all incoming requests.

Procedure

In the ESA console, choose Websites, and click the target site in the Website column.
In the navigation pane on the left, choose Rules > Transform Rules.
Click the Modify request header tab, select the ESA to Origin item, and click Create Rule.
In the Add Request Header Modification Rule section, specify the following parameters:
- Rule Name: Enter a custom rule name, such as add-client-ip-out.
- If requests match...: Select All Requests. This applies the rule to all requests for the current site.
- Modify Request Header:
  - Type: Dynamic
  - Operation: Add
  - Request Header Name: True-Client-IP-OUT
  - Request Header Value: ip.src

Verification

Before configuration: The request header does not include the originating IP address of the client.

After configuration: The true-client-ip-out header, which contains the originating IP address of the client, is added to the request header.

Add the country code that corresponds to the client's IP address

Use case

Add a request header to record the country code corresponding to the client's IP address for all requests that do not originate from China (Hong Kong).

Procedure

In the ESA console, choose Websites, and click the target site in the Website column.
In the navigation pane on the left, choose Rules > Transform Rules.
Click the Modify request header tab, select the ESA to Origin item, and click Create Rule.
In the Add Request Header Modification Rule section, specify the following parameters:
- Rule Name: Enter a custom rule name, such as add-client-country.
- If requests match...: Select Filtered Requests and enter Country/Region does not equal China (Hong Kong).
  You can also directly edit the expression as follows: (ip.geoip.country ne "HK")
- Modify Request Header:
  - Type: Dynamic
  - Operation: Add
  - Request Header Name: IP-Country-Code
  - Request Header Value: ip.geoip.country

Verification

Before configuration: The request header does not include the country information corresponding to the client's IP address.

After configuration: The ip-country-code header, which contains the country code corresponding to the client's IP address, is added to the request header.

Add the province code that corresponds to the client's IP address

Use case

Add a request header to record the province code corresponding to the client's IP address for requests where the URI path is /content.

Procedure

In the ESA console, choose Websites, and click the target site in the Website column.
In the navigation pane on the left, choose Rules > Transform Rules.
Click the Modify request header tab, select the ESA to Origin item, and click Create Rule.
In the Add Request Header Modification Rule section, specify the following parameters:
- Rule Name: Enter a custom rule name, such as add-client-province.
- If requests match...: Select Filtered Requests and enter URI Path equals /content.
  You can also directly edit the expression as follows: (http.request.uri.path eq "/content")
- Modify Request Header:
  - Type: Dynamic
  - Operation: Add
  - Request Header Name: IP-Province-Code
  - Request Header Value: ip.src.subdivision_1_iso_code

Verification

Before configuration: The request header does not include the province information corresponding to the client's IP address.

After configuration: The ip-province-code header, which contains the province code corresponding to the client's IP address, is added to the request header.

References

Rule-related features vary in execution priority, rule behavior, and configuration scope. For more information, see How ESA rules take effect.