diff --git a/docs/content/getting-started/faq.md b/docs/content/getting-started/faq.md
index 66f2d4d04..83622b896 100644
--- a/docs/content/getting-started/faq.md
+++ b/docs/content/getting-started/faq.md
@@ -147,13 +147,13 @@ for example, by using the `touch` command on the configuration file.
By default, the following headers are automatically added when proxying requests:
-| Property | HTTP Header |
-|---------------------------|----------------------------|
-| Client's IP | X-Forwarded-For, X-Real-Ip |
-| Host | X-Forwarded-Host |
-| Port | X-Forwarded-Port |
-| Protocol | X-Forwarded-Proto |
-| Proxy Server's Hostname | X-Forwarded-Server |
+| Property | HTTP Header |
+|---------------------------|--------------------------------|
+| Client's IP | `X-Forwarded-For`, `X-Real-Ip` |
+| Host | `X-Forwarded-Host` |
+| Port | `X-Forwarded-Port` |
+| Protocol | `X-Forwarded-Proto` |
+| Proxy Server's Hostname | `X-Forwarded-Server` |
For more details,
please check out the [forwarded header](../routing/entrypoints.md#forwarded-headers) documentation.
diff --git a/docs/content/middlewares/http/forwardauth.md b/docs/content/middlewares/http/forwardauth.md
index 50fbfe132..5f60cd138 100644
--- a/docs/content/middlewares/http/forwardauth.md
+++ b/docs/content/middlewares/http/forwardauth.md
@@ -58,11 +58,11 @@ The following request properties are provided to the forward-auth target endpoin
| Property | Forward-Request Header |
|-------------------|------------------------|
-| HTTP Method | X-Forwarded-Method |
-| Protocol | X-Forwarded-Proto |
-| Host | X-Forwarded-Host |
-| Request URI | X-Forwarded-Uri |
-| Source IP-Address | X-Forwarded-For |
+| HTTP Method | `X-Forwarded-Method` |
+| Protocol | `X-Forwarded-Proto` |
+| Host | `X-Forwarded-Host` |
+| Request URI | `X-Forwarded-Uri` |
+| Source IP-Address | `X-Forwarded-For` |
## Configuration Options
diff --git a/docs/content/middlewares/http/inflightreq.md b/docs/content/middlewares/http/inflightreq.md
index d6de41f73..bdde9b699 100644
--- a/docs/content/middlewares/http/inflightreq.md
+++ b/docs/content/middlewares/http/inflightreq.md
@@ -113,7 +113,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and select
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
-!!! example "Example of Depth & X-Forwarded-For"
+!!! example "Example of Depth & `X-Forwarded-For`"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
@@ -167,7 +167,7 @@ http:
!!! important "If `depth` is specified, `excludedIPs` is ignored."
-!!! example "Example of ExcludedIPs & X-Forwarded-For"
+!!! example "Example of ExcludedIPs & `X-Forwarded-For`"
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|
diff --git a/docs/content/middlewares/http/ipallowlist.md b/docs/content/middlewares/http/ipallowlist.md
index 4f9331268..63c6028fe 100644
--- a/docs/content/middlewares/http/ipallowlist.md
+++ b/docs/content/middlewares/http/ipallowlist.md
@@ -78,7 +78,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
-!!! example "Examples of Depth & X-Forwarded-For"
+!!! example "Examples of Depth & `X-Forwarded-For`"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used is `"12.0.0.1"` (`depth=2`).
@@ -144,7 +144,7 @@ http:
!!! important "If `depth` is specified, `excludedIPs` is ignored."
-!!! example "Example of ExcludedIPs & X-Forwarded-For"
+!!! example "Example of ExcludedIPs & `X-Forwarded-For`"
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|
diff --git a/docs/content/middlewares/http/ipwhitelist.md b/docs/content/middlewares/http/ipwhitelist.md
index 1c9cb3d99..894dfc316 100644
--- a/docs/content/middlewares/http/ipwhitelist.md
+++ b/docs/content/middlewares/http/ipwhitelist.md
@@ -82,7 +82,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
-!!! example "Examples of Depth & X-Forwarded-For"
+!!! example "Examples of Depth & `X-Forwarded-For`"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used for the whitelisting is `"12.0.0.1"` (`depth=2`).
@@ -148,7 +148,7 @@ http:
!!! important "If `depth` is specified, `excludedIPs` is ignored."
-!!! example "Example of ExcludedIPs & X-Forwarded-For"
+!!! example "Example of ExcludedIPs & `X-Forwarded-For`"
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|
diff --git a/docs/content/middlewares/http/ratelimit.md b/docs/content/middlewares/http/ratelimit.md
index 8759e9255..12b4644c3 100644
--- a/docs/content/middlewares/http/ratelimit.md
+++ b/docs/content/middlewares/http/ratelimit.md
@@ -225,7 +225,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and select
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
-!!! example "Example of Depth & X-Forwarded-For"
+!!! example "Example of Depth & `X-Forwarded-For`"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
@@ -288,7 +288,7 @@ http:
!!! example "Each IP as a distinct source"
- | X-Forwarded-For | excludedIPs | clientIP |
+ | `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |
@@ -298,7 +298,7 @@ http:
!!! example "Group IPs together as same source"
- | X-Forwarded-For | excludedIPs | clientIP |
+ | `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|--------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
@@ -310,7 +310,7 @@ and the first IP that is _not_ in the pool (if any) is returned.
!!! example "Matching for clientIP"
- | X-Forwarded-For | excludedIPs | clientIP |
+ | `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,13.0.0.1"` | `"11.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
diff --git a/docs/content/middlewares/http/redirectscheme.md b/docs/content/middlewares/http/redirectscheme.md
index 793d28b17..15534a420 100644
--- a/docs/content/middlewares/http/redirectscheme.md
+++ b/docs/content/middlewares/http/redirectscheme.md
@@ -19,7 +19,7 @@ The RedirectScheme middleware redirects the request if the request scheme is dif
When there is at least one other reverse-proxy between the client and Traefik,
the other reverse-proxy (i.e. the last hop) needs to be a [trusted](../../routing/entrypoints.md#forwarded-headers) one.
- Otherwise, Traefik would clean up the X-Forwarded headers coming from this last hop,
+ Otherwise, Traefik would clean up the `X-Forwarded` headers coming from this last hop,
and as the RedirectScheme middleware relies on them to determine the scheme used,
it would not function as intended.
diff --git a/docs/content/migrate/v2.md b/docs/content/migrate/v2.md
index 74e6e3ea1..b4e83e45e 100644
--- a/docs/content/migrate/v2.md
+++ b/docs/content/migrate/v2.md
@@ -655,7 +655,7 @@ Please check out the [entrypoint forwarded headers connection option configurati
## v2.11.14
-### X-Forwarded-Prefix
+### `X-Forwarded-Prefix`
In `v2.11.14`, the `X-Forwarded-Prefix` header is now handled like the other `X-Forwarded-*` headers: Traefik removes it when it's sent from an untrusted source.
Please refer to the Forwarded headers [documentation](../routing/entrypoints.md#forwarded-headers) for more details.
diff --git a/docs/content/migrate/v3.md b/docs/content/migrate/v3.md
index e876a4e02..5fcc8696f 100644
--- a/docs/content/migrate/v3.md
+++ b/docs/content/migrate/v3.md
@@ -189,7 +189,7 @@ the `backendtlspolicies` and `backendtlspolicies/status` rights have to be added
## v3.2.1
-### X-Forwarded-Prefix Header Changes
+### `X-Forwarded-Prefix` Header Changes
In v3.2.1, the `X-Forwarded-Prefix` header is now handled like other `X-Forwarded-*` headers - Traefik removes it when sent from untrusted sources.
diff --git a/docs/content/reference/routing-configuration/http/middlewares/distributed-ratelimit.md b/docs/content/reference/routing-configuration/http/middlewares/distributed-ratelimit.md
index aa718680b..d1a41505d 100644
--- a/docs/content/reference/routing-configuration/http/middlewares/distributed-ratelimit.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/distributed-ratelimit.md
@@ -89,7 +89,7 @@ When the bucket is not full, on token is generated every 10 seconds (6 every 1 m
| `period` | Period of time used to define the rate.
More information [here](#rate-and-burst).| 1s | No |
| `burst` | Maximum number of requests allowed to go through at the very same moment.
More information [here](#rate-and-burst). | 1 | No |
| `denyOnError` | Forces to return a 429 error if the number of remaining requests accepted cannot be get.
Set to `false`, this option allows the request to reach the backend. | true | No |
-| | Injects the following rate limiting headers in the response:
- X-Rate-Limit-Remaining
- X-Rate-Limit-Limit
- X-Rate-Limit-Period
- X-Rate-Limit-Reset
The added headers indicate how many tokens are left in the bucket (in the token bucket analogy) after the reservation for the request was made. | false | No |
+| | Injects the following rate limiting headers in the response:
- `X-Rate-Limit-Remaining`
- `X-Rate-Limit-Limit`
- `X-Rate-Limit-Period`
- `X-Rate-Limit-Reset`
The added headers indicate how many tokens are left in the bucket (in the token bucket analogy) after the reservation for the request was made. | false | No |
| `store.redis.endpoints` | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes |
| `store.redis.username` | The username Traefik Hub will use to connect to Redis | "" | No |
| `store.redis.password` | The password Traefik Hub will use to connect to Redis | "" | No |
@@ -142,7 +142,7 @@ In this case, `excludedIPs` should be set to match the list of `X-Forwarded-For
Example to use each IP as a distinct source:
-| X-Forwarded-For | excludedIPs | clientIP |
+| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |
@@ -151,7 +151,7 @@ Example to use each IP as a distinct source:
Example to group IPs together as same source:
-| X-Forwarded-For | excludedIPs | clientIP |
+| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|--------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
diff --git a/docs/content/reference/routing-configuration/http/middlewares/forwardauth.md b/docs/content/reference/routing-configuration/http/middlewares/forwardauth.md
index 3bb99e65a..f5cd9131b 100644
--- a/docs/content/reference/routing-configuration/http/middlewares/forwardauth.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/forwardauth.md
@@ -87,10 +87,10 @@ The following request properties are provided to the forward-auth target endpoin
| Property | Forward-Request Header |
|-------------------|------------------------|
-| HTTP Method | X-Forwarded-Method |
-| Protocol | X-Forwarded-Proto |
-| Host | X-Forwarded-Host |
-| Request URI | X-Forwarded-Uri |
-| Source IP-Address | X-Forwarded-For |
+| HTTP Method | `X-Forwarded-Method` |
+| Protocol | `X-Forwarded-Proto` |
+| Host | `X-Forwarded-Host` |
+| Request URI | `X-Forwarded-Uri` |
+| Source IP-Address | `X-Forwarded-For` |
{!traefik-for-business-applications.md!}
diff --git a/docs/content/reference/routing-configuration/http/middlewares/headers.md b/docs/content/reference/routing-configuration/http/middlewares/headers.md
index 170a19016..091e6438b 100644
--- a/docs/content/reference/routing-configuration/http/middlewares/headers.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/headers.md
@@ -9,11 +9,11 @@ By default, the following headers are automatically added when proxying requests
| Property | HTTP Header |
|---------------------------|----------------------------|
-| Client's IP | X-Forwarded-For, X-Real-Ip |
-| Host | X-Forwarded-Host |
-| Port | X-Forwarded-Port |
-| Protocol | X-Forwarded-Proto |
-| Proxy Server's Hostname | X-Forwarded-Server |
+| Client's IP | `X-Forwarded-For`, `X-Real-Ip` |
+| Host | `X-Forwarded-Host` |
+| Port | `X-Forwarded-Port` |
+| Protocol | `X-Forwarded-Proto` |
+| Proxy Server's Hostname | `X-Forwarded-Server` |
## Configuration Examples
diff --git a/docs/content/reference/routing-configuration/http/middlewares/inflightreq.md b/docs/content/reference/routing-configuration/http/middlewares/inflightreq.md
index 146d59b41..c614148e7 100644
--- a/docs/content/reference/routing-configuration/http/middlewares/inflightreq.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/inflightreq.md
@@ -94,19 +94,19 @@ If `ipv6Subnet` is provided, the IP is transformed in the following way.
| `"::abcd:1111:2222:3333"` | `80` | `"::abcd:0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `96` | `"::abcd:1111:0:0:0"` |
-### Example of Depth & X-Forwarded-For
+### Example of Depth & `X-Forwarded-For`
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
-| X-Forwarded-For | depth | clientIP |
-|-----------------------------------------|---------|--------------|
+| `X-Forwarded-For` | depth | clientIP |
+|-----------------------------------------|-------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` |
### Example of ExcludedIPs & X-Forwarded-For
-| X-Forwarded-For | excludedIPs | clientIP |
+| `X-Forwarded-For` | excludedIPs | clientIP |
|-----------------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
diff --git a/docs/content/reference/routing-configuration/http/middlewares/ipallowlist.md b/docs/content/reference/routing-configuration/http/middlewares/ipallowlist.md
index 5fffdfb11..234089cc2 100644
--- a/docs/content/reference/routing-configuration/http/middlewares/ipallowlist.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/ipallowlist.md
@@ -99,19 +99,19 @@ If `ipv6Subnet` is provided, the IP is transformed in the following way.
| `"::abcd:1111:2222:3333"` | `80` | `"::abcd:0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `96` | `"::abcd:1111:0:0:0"` |
-### Example of Depth & X-Forwarded-For
+### Example of Depth & `X-Forwarded-For`
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
-| X-Forwarded-For | depth | clientIP |
+| `X-Forwarded-For` | depth | clientIP |
|-----------------------------------------|---------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` |
-### Example of ExcludedIPs & X-Forwarded-For
+### Example of ExcludedIPs & `X-Forwarded-For`
-| X-Forwarded-For | excludedIPs | clientIP |
+| `X-Forwarded-For` | excludedIPs | clientIP |
|-----------------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
diff --git a/docs/content/reference/routing-configuration/http/middlewares/ratelimit.md b/docs/content/reference/routing-configuration/http/middlewares/ratelimit.md
index 407f0f548..f807b6b06 100644
--- a/docs/content/reference/routing-configuration/http/middlewares/ratelimit.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/ratelimit.md
@@ -266,7 +266,7 @@ In this case, `excludedIPs` should be set to match the list of `X-Forwarded-For
Example to use each IP as a distinct source:
-| X-Forwarded-For | excludedIPs | clientIP |
+| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |
@@ -275,7 +275,7 @@ Example to use each IP as a distinct source:
Example to group IPs together as same source:
-| X-Forwarded-For | excludedIPs | clientIP |
+| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|--------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
diff --git a/docs/content/reference/routing-configuration/http/middlewares/redirectscheme.md b/docs/content/reference/routing-configuration/http/middlewares/redirectscheme.md
index 1f9401677..68f7038d2 100644
--- a/docs/content/reference/routing-configuration/http/middlewares/redirectscheme.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/redirectscheme.md
@@ -10,7 +10,7 @@ The `RedirectScheme` middleware redirects the request if the request scheme is d
When there is at least one other reverse-proxy between the client and Traefik,
the other reverse-proxy (i.e. the last hop) needs to be a [trusted](../../../install-configuration/entrypoints.md#configuration-options) one.
- Otherwise, Traefik would clean up the X-Forwarded headers coming from this last hop,
+ Otherwise, Traefik would clean up the `X-Forwarded` headers coming from this last hop,
and as the RedirectScheme middleware relies on them to determine the scheme used,
it would not function as intended.