homelab/traefik
1
0
Fork 0
Code Activity

Fix encodedCharacters entryPoint option documentation

Browse source
This commit is contained in:
Romain 2025-12-08 10:44:04 +01:00 committed by GitHub
parent 7f40f3cd58
commit 351dcbd186
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 34 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

33
docs/content/routing/entrypoints.md
View file

@ -127,14 +127,15 @@ They can be defined by using a file (YAML or TOML) or CLI arguments.
trustedIPs: trustedIPs:
- "127.0.0.1" - "127.0.0.1"
- "192.168.0.1" - "192.168.0.1"
encodedCharacters: http:
allowEncodedSlash: true encodedCharacters:
allowEncodedBackSlash: true allowEncodedSlash: true
allowEncodedNullCharacter: true allowEncodedBackSlash: true
allowEncodedSemicolon: true allowEncodedNullCharacter: true
allowEncodedPercent: true allowEncodedSemicolon: true
allowEncodedQuestionMark: true allowEncodedPercent: true
allowEncodedHash: true allowEncodedQuestionMark: true
allowEncodedHash: true
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -160,7 +161,7 @@ They can be defined by using a file (YAML or TOML) or CLI arguments.
[entryPoints.name.forwardedHeaders] [entryPoints.name.forwardedHeaders]
insecure = true insecure = true
trustedIPs = ["127.0.0.1", "192.168.0.1"] trustedIPs = ["127.0.0.1", "192.168.0.1"]
[entryPoints.name.encodedCharacters] [entryPoints.name.http.encodedCharacters]
allowEncodedSlash = true allowEncodedSlash = true
allowEncodedBackSlash = true allowEncodedBackSlash = true
allowEncodedNullCharacter = true allowEncodedNullCharacter = true
@ -184,13 +185,13 @@ They can be defined by using a file (YAML or TOML) or CLI arguments.
--entryPoints.name.proxyProtocol.trustedIPs=127.0.0.1,192.168.0.1 --entryPoints.name.proxyProtocol.trustedIPs=127.0.0.1,192.168.0.1
--entryPoints.name.forwardedHeaders.insecure=true --entryPoints.name.forwardedHeaders.insecure=true
--entryPoints.name.forwardedHeaders.trustedIPs=127.0.0.1,192.168.0.1 --entryPoints.name.forwardedHeaders.trustedIPs=127.0.0.1,192.168.0.1
--entryPoints.name.encodedCharacters.allowEncodedSlash=true --entryPoints.name.http.encodedCharacters.allowEncodedSlash=true
--entryPoints.name.encodedCharacters.allowEncodedBackSlash=true --entryPoints.name.http.encodedCharacters.allowEncodedBackSlash=true
--entryPoints.name.encodedCharacters.allowEncodedNullCharacter=true --entryPoints.name.http.encodedCharacters.allowEncodedNullCharacter=true
--entryPoints.name.encodedCharacters.allowEncodedSemicolon=true --entryPoints.name.http.encodedCharacters.allowEncodedSemicolon=true
--entryPoints.name.encodedCharacters.allowEncodedPercent=true --entryPoints.name.http.encodedCharacters.allowEncodedPercent=true
--entryPoints.name.encodedCharacters.allowEncodedQuestionMark=true --entryPoints.name.http.encodedCharacters.allowEncodedQuestionMark=true
--entryPoints.name.encodedCharacters.allowEncodedHash=true --entryPoints.name.http.encodedCharacters.allowEncodedHash=true
``` ```
### Address ### Address

33
docs/content/security/request-path.md
View file

@ -93,21 +93,22 @@ All encoded character filtering is enabled by default (`false` means encoded cha
entryPoints: entryPoints:
websecure: websecure:
address: ":443" address: ":443"
encodedCharacters: http:
allowEncodedSlash: false # %2F - Default: false (RECOMMENDED) encodedCharacters:
allowEncodedBackSlash: false # %5C - Default: false (RECOMMENDED) allowEncodedSlash: false # %2F - Default: false (RECOMMENDED)
allowEncodedNullCharacter: false # %00 - Default: false (RECOMMENDED) allowEncodedBackSlash: false # %5C - Default: false (RECOMMENDED)
allowEncodedSemicolon: false # %3B - Default: false (RECOMMENDED) allowEncodedNullCharacter: false # %00 - Default: false (RECOMMENDED)
allowEncodedPercent: false # %25 - Default: false (RECOMMENDED) allowEncodedSemicolon: false # %3B - Default: false (RECOMMENDED)
allowEncodedQuestionMark: false # %3F - Default: false (RECOMMENDED) allowEncodedPercent: false # %25 - Default: false (RECOMMENDED)
allowEncodedHash: false # %23 - Default: false (RECOMMENDED) allowEncodedQuestionMark: false # %3F - Default: false (RECOMMENDED)
allowEncodedHash: false # %23 - Default: false (RECOMMENDED)
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[entryPoints.websecure] [entryPoints.websecure]
address = ":443" address = ":443"
[entryPoints.websecure.encodedCharacters] [entryPoints.websecure.http.encodedCharacters]
allowEncodedSlash = false allowEncodedSlash = false
allowEncodedBackSlash = false allowEncodedBackSlash = false
allowEncodedNullCharacter = false allowEncodedNullCharacter = false
@ -119,11 +120,11 @@ entryPoints:
```bash tab="CLI" ```bash tab="CLI"
--entryPoints.websecure.address=:443 --entryPoints.websecure.address=:443
--entryPoints.websecure.encodedCharacters.allowEncodedSlash=false --entryPoints.websecure.http.encodedCharacters.allowEncodedSlash=false
--entryPoints.websecure.encodedCharacters.allowEncodedBackSlash=false --entryPoints.websecure.http.encodedCharacters.allowEncodedBackSlash=false
--entryPoints.websecure.encodedCharacters.allowEncodedNullCharacter=false --entryPoints.websecure.http.encodedCharacters.allowEncodedNullCharacter=false
--entryPoints.websecure.encodedCharacters.allowEncodedSemicolon=false --entryPoints.websecure.http.encodedCharacters.allowEncodedSemicolon=false
--entryPoints.websecure.encodedCharacters.allowEncodedPercent=false --entryPoints.websecure.http.encodedCharacters.allowEncodedPercent=false
--entryPoints.websecure.encodedCharacters.allowEncodedQuestionMark=false --entryPoints.websecure.http.encodedCharacters.allowEncodedQuestionMark=false
--entryPoints.websecure.encodedCharacters.allowEncodedHash=false --entryPoints.websecure.http.encodedCharacters.allowEncodedHash=false
``` ```