Skip to main content

Module proxy

edgeguard

Module proxy 

Source
Expand description

Request path: header-size limit -> rate limit (per-IP / per-route) -> auth -> per-key rate limit -> method allowlist -> body-size limit -> WAF input inspection -> forward to upstream. Response path: header injection (incl. CSP / CSP-report-only) -> cookie hardening -> strip leaky headers.

All policy lives in Runtime, held behind an ArcSwap so a config hot-reload swaps it atomically without blocking the request path or dropping in-flight connections. The upstream client and the metric registry sit outside the swap so the connection pool and counters survive a reload.

Structs§

AppState
Shared, cheaply-cloned handle the router hands to every request. Only the hot-swappable Runtime changes on reload; the client and metrics are stable.
RouteLimiter
A per-route rate-limit override: requests whose path starts with prefix use limiter.
Runtime
All request-handling policy derived from a Config. Rebuilt from scratch on reload and swapped in atomically.

Constants§

HSTS_VALUE
The HSTS header value EdgeGuard emits when headers.hsts is on: a two-year max-age including subdomains. A named constant so the live proxy and the static-host config generator (crate::generate) can’t drift on it.

Functions§

csp_report
CSP violation report sink (POST /__edgeguard/csp-report). Browsers POST a JSON report here when headers.csp_report_uri points at it; we count and log it, then 204.
handle
metrics_handler
Prometheus scrape endpoint (GET /__edgeguard/metrics). Like health/ready, it is a dedicated route outside the proxy fallback, so it is not subject to auth or rate limits — restrict access to /__edgeguard/* at the network layer if that matters in your setup.
ready
Readiness probe. Returns 200 only if the upstream accepts a TCP connection, so a platform’s readiness check reflects whether EdgeGuard can actually serve traffic — not merely that the process booted. 503 while the upstream is unreachable. (Liveness, i.e. “is EdgeGuard itself up”, is the separate unconditional /__edgeguard/health.)
security_headers
The constant security response headers EdgeGuard injects, derived from the [headers] policy. This is the single source of truth shared by the live response-hardening path ([harden_response]) and the static-host config generator (crate::generate), so a generated _headers file / edge-middleware snippet matches exactly what the proxy would add at runtime. Returns (name, value) pairs with canonically-cased names (for readable generated output); the proxy normalizes the case when it inserts them.

Type Aliases§

KeyedLimiter
StrLimiter
Rate limiter keyed by the authenticated principal (per-key limiting).
UpstreamClient