OptionaladditionalAn array of additional certificates, which should be trusted as certificate authorities for upstream hosts, in addition to Node.js's built-in certificate authorities.
Each certificate should be an object with either a cert key and a string
or buffer value containing the PEM certificate, or a certPath key and a
string value containing the local path to the PEM certificate.
OptionalbeforeA callback that will be passed the full request before it is passed through, and which returns an object that defines how the the request content should be transformed before it's passed to the upstream server.
The callback can return an object to define how the request should be changed. All fields on the object are optional, and returning undefined is equivalent to returning an empty object (transforming nothing).
See CallbackRequestResult for the possible fields that can be set.
OptionalbeforeA callback that will be passed the full response before it is passed through, and which returns a value that defines how the the response content should be transformed before it's returned to the client.
The callback can either return an object to define how the response should be changed, or the string 'close' to immediately close the underlying connection.
All fields on the object are optional, and returning undefined is equivalent to returning an empty object (transforming nothing).
See CallbackResponseMessageResult for the possible fields that can be set.
OptionalclientA mapping of hosts to client certificates to use, in the form of
{ key, cert } objects (none, by default)
OptionalforwardingThe forwarding configuration for the passthrough rule.
This generally shouldn't be used explicitly unless you're
building rule data by hand. Instead, call thenPassThrough
to send data directly or thenForwardTo with options to
configure traffic forwarding.
OptionalignoreA list of hostnames for which server certificate and TLS version errors should be ignored (none, by default).
If set to 'true', HTTPS errors will be ignored for all hosts. WARNING:
Use this at your own risk. Setting this to true can open your
application to MITM attacks and should never be used over any network
that is not completed trusted end-to-end.
OptionallookupCustom DNS options, to allow configuration of the resolver used when forwarding requests upstream. Passing any option switches from using node's default dns.lookup function to using the cacheable-lookup module, which will cache responses.
OptionalproxyUpstream proxy configuration: pass through requests via this proxy.
If this is undefined, no proxy will be used. To configure a proxy provide either:
When using a remote client, this parameter or individual array values may be passed by reference, using the name of a rule parameter configured in the admin server.
OptionalsimulateWhether to simulate connection errors back to the client.
By default (in most cases - see below) when an upstream request fails outright a 502 "Bad Gateway" response is sent to the downstream client, explicitly indicating the failure and containing the error that caused the issue in the response body.
Only in the case of upstream connection reset errors is a connection reset normally sent back downstream to existing clients (this behaviour exists for backward compatibility, and will change to match other error behaviour in a future version).
When this option is set to true, low-level connection failures will
always trigger a downstream connection close/reset, rather than a 502
response.
This includes DNS failures, TLS connection errors, TCP connection resets, etc (but not HTTP non-200 responses, which are still proxied as normal). This is less convenient for debugging in a testing environment or when using a proxy intentionally, but can be more accurate when trying to transparently proxy network traffic, errors and all.
OptionaltransformA set of data to automatically transform a request. This includes properties to support many transformation common use cases.
For advanced cases, a custom callback using beforeRequest can be used instead. Using this field however where possible is typically simpler, more declarative, and can be more performant. The two options are mutually exclusive: you cannot use both transformRequest and a beforeRequest callback.
Only one transformation for each target (method, headers & body) can be specified. If more than one is specified then an error will be thrown when the rule is registered.
OptionaltransformA set of data to automatically transform a response. This includes properties to support many transformation common use cases.
For advanced cases, a custom callback using beforeResponse can be used instead. Using this field however where possible is typically simpler, more declarative, and can be more performant. The two options are mutually exclusive: you cannot use both transformResponse and a beforeResponse callback.
Only one transformation for each target (status, headers & body) can be specified. If more than one is specified then an error will be thrown when the rule is registered.
OptionaltrustDeprecated alias for additionalTrustedCAs
This defines the upstream connection parameters. These passthrough parameters are shared between both WebSocket & Request passthrough rules.