habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

providers/proxy: add option to override host header with property mappings (#14927)

Browse Source
This commit is contained in:
Jens L.
2025-06-06 14:54:59 +02:00
committed by GitHub
parent 760879c3db
commit a306cecb73
3 changed files with 27 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
internal/outpost/proxyv2/application/claims.go
View File

@ -3,6 +3,7 @@ package application
type ProxyClaims struct {
UserAttributes map[string]interface{} `json:"user_attributes"`
BackendOverride string `json:"backend_override"`
HostHeader string `json:"host_header"`
IsSuperuser bool `json:"is_superuser"`
}

19
internal/outpost/proxyv2/application/mode_proxy.go
View File

@ -74,13 +74,18 @@ func (a *Application) proxyModifyRequest(ou *url.URL) func(req *http.Request) {
r.URL.Scheme = ou.Scheme
r.URL.Host = ou.Host
claims := a.getClaimsFromSession(r)
if claims != nil && claims.Proxy != nil && claims.Proxy.BackendOverride != "" {
u, err := url.Parse(claims.Proxy.BackendOverride)
if err != nil {
a.log.WithField("backend_override", claims.Proxy.BackendOverride).WithError(err).Warning("failed parse user backend override")
} else {
r.URL.Scheme = u.Scheme
r.URL.Host = u.Host
if claims != nil && claims.Proxy != nil {
if claims.Proxy.BackendOverride != "" {
u, err := url.Parse(claims.Proxy.BackendOverride)
if err != nil {
a.log.WithField("backend_override", claims.Proxy.BackendOverride).WithError(err).Warning("failed parse user backend override")
} else {
r.URL.Scheme = u.Scheme
r.URL.Host = u.Host
}
}
if claims.Proxy.HostHeader != "" {
r.Host = claims.Proxy.HostHeader
}
}
a.log.WithField("upstream_url", r.URL.String()).Trace("final upstream url")

14
website/docs/add-secure-apps/providers/proxy/index.md
View File

@ -152,3 +152,17 @@ return {
```
Afterwards, edit the _Proxy provider_ and add this new mapping. The expression is only evaluated when the user logs into the application.
## Host header:ak-version[2025.6.1]
By default, the proxy provider will use forwarded Host header received from the client. Starting with authentik 2025.6.1, it is possible to dynamically adjust the Host header with a property mapping.
```python
return {
"ak_proxy": {
"host_header": "my-internal-host-header"
}
}
```
Afterwards, edit the _Proxy provider_ and add this new mapping. The expression is only evaluated when the user logs into the application.