Forward Proxy Advanced

Marked the auth_password in the forward_proxy plugin as an encrypted field.

Fixed an issue where the upstream_status field was empty in logs when using the forward-proxy plugin.

forward-proxy fallback to the non-streaming proxy when the request body has already been read

Fixed the issue where request payload is being discarded when payload exceeded the client_body_buffer_size.

forward-proxy fallback to the non-streaming proxy when the request body has already been read

Fixed the issue where request payload is being discarded when payload exceeded the client_body_buffer_size.

fallback to the non-streaming proxy when the request body has already been read

Fixed the issue where request payload is being discarded when payload exceeded the client_body_buffer_size.

Fixed an issue which caused the wrong latencies.proxy to be used in the logging plugins. This plugin now evaluates ctx.WAITING_TIME in the forward proxy instead of doing it in the subsequent phase.

x_headers field added. This field indicates how the plugin handles the headersX-Real-IP, X-Forwarded-For, X-Forwarded-Proto, X-Forwarded-Host, and X-Forwarded-Port.

The field can take one of the following options:

• append: append information from this hop in the chain to those headers. This is the default setting.
• transparent: leave the headers unchanged, as if the the Kong Gateway was not a proxy.
• delete: remove all the headers, as if the Kong Gateway was the originating client.

Note that all options respect the trusted IP setting, and will ignore headers from the last hop in the chain if they are not from clients with trusted IPs.

append: append information from this hop in the chain to those headers. This is the default setting.

transparent: leave the headers unchanged, as if the the Kong Gateway was not a proxy.

delete: remove all the headers, as if the Kong Gateway was the originating client.

Fixed a proxy authentication error caused by incorrect base64 encoding.

Use lowercase when overwriting the Nginx request host header.

The plugin now allows multi-value response headers.

Fixed an issue which occurred when receiving an HTTP 408 from the upstream through a forward proxy. Nginx exited the process with this code, which resulted in Nginx ending the request without any contents.

If the https_proxy configuration parameter is not set, it now defaults to http_proxy to avoid DNS errors.

Fixed an invalid header value error for HTTPS requests. The plugin now accepts multi-value response headers.

Fixed an error where basic authentication headers containing the =character weren’t forwarded.

Fixed request errors that occurred when a scheme had no proxy set. Thehttps proxy now falls back to the http proxy if not specified, and thehttp proxy falls back to https.

Use lowercase when overwriting the host header

Added http_proxy_host, http_proxy_port, https_proxy_host, andhttps_proxy_port configuration parameters for mTLS support.

These parameters replace the proxy_port and proxy_host fields, which are now deprecated and planned to be removed in 3.x.x.

The auth_password and auth_username configuration fields are now marked as referenceable, which means they can be securely stored assecretsin a vault. References must follow a specific format.