Struct ValidationCfg 

pub struct ValidationCfg {
    pub max_body: String,
    pub max_response_body: String,
    pub upstream_timeout: String,
    pub max_header_bytes: String,
    pub allow_methods: Vec<String>,
    pub stream_passthrough: bool,
    pub websocket_passthrough: bool,
    pub compress_responses: bool,
}

Fields

max_body: String

e.g. “2MiB”. Requests with a larger body are rejected with 413.

max_response_body: String

Cap on the upstream response body EdgeGuard buffers, e.g. “16MiB”. “0” disables the cap (unbounded). Protects against an upstream OOM-ing the proxy; raise it if you proxy large downloads.

upstream_timeout: String

Max time to wait for the upstream response and to read its body, e.g. “30s”, “500ms”, “2m”. “0” disables the timeout. Bounds a stalled upstream so it can’t pin a handler task indefinitely; on elapse the proxy returns 504.

max_header_bytes: String

Cap on the total size of incoming request headers (sum of name + value bytes), e.g. “32KiB”. “0” disables the cap (default). Requests over the limit get 431. This is a policy limit enforced by EdgeGuard on top of hyper’s own transport-level header cap.

allow_methods: Vec<String>

Allowed HTTP methods; empty list means allow all.

stream_passthrough: bool

Stream (don’t buffer) responses whose Content-Type is text/event-stream. Off by default: the proxy normally buffers the whole upstream body so it can cap size (max_response_body) and account exact egress bytes. That buffering defeats Server-Sent Events / chunked streaming — the client only sees the body once the upstream finishes. Turn this on to forward SSE responses frame-by-frame as they arrive (preserving time-to-first-byte). When a response is streamed this way the max_response_body cap and the body-read deadline don’t apply (the connect/first-byte upstream_timeout still does); egress bytes are tallied as frames flow. Non-SSE responses are unaffected.

websocket_passthrough: bool

Tunnel WebSocket (and other Upgrade) connections through to the upstream. Off by default: the normal path strips the hop-by-hop Upgrade/Connection headers, so an upgrade request would be forwarded as a plain HTTP request and the handshake would fail. When on, an authenticated, rate-limited upgrade request is forwarded with its upgrade headers and, on the upstream’s 101 Switching Protocols, EdgeGuard splices the two connections into a raw bidirectional tunnel. Response hardening / WAF body inspection don’t apply to a tunneled connection (there is no buffered response). Non-upgrade requests are unaffected.

compress_responses: bool

gzip-compress responses for clients that send Accept-Encoding: gzip. Off by default. Skips already-compressed content types and (always) text/event-stream, so SSE streaming is never buffered by the compressor. Applied at the listener, so toggling it needs a restart (it is not part of the hot-reloadable policy).

Trait Implementations

impl Clone for ValidationCfg

fn clone(&self) -> ValidationCfg

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for ValidationCfg

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for ValidationCfg

fn default() -> Self

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for ValidationCfg

where ValidationCfg: Default,

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.