配置指南 - 双向 Headers 和 Match/Replace
概述
from 和 to 进行高级配置,允许您:1.
2.
3.
配置格式
1. 简单字符串格式(向后兼容)
{
"from": "https://api.openai.com/v1*",
"to": "https://backend.example.com/v1*"
}2. 对象格式(新功能)
{
"from": {
"url": "https://api.openai.com/v1*",
"headers": {
"Authorization": "Bearer your-token",
"X-Custom-Header": "custom-value"
}
},
"to": {
"url": "https://backend.example.com/v1*",
"headers": {
"Access-Control-Allow-Origin": "https://specific-domain.com",
"X-Response-Header": "response-value"
},
"match": "<title>(.*?)</title>",
"replace": {
"OldBrand": "NewBrand"
}
}
}EndpointConfig 结构
{
"url": "string (required)",
"headers": {
"Header-Name": "header-value"
},
"match": "regex-pattern",
"replace": {
"search-pattern": "replacement"
}
}字段说明
功能详解
1. 请求体匹配和替换(from.match & from.replace)
from 配置也支持 match 和 replace,用于处理请求体。{
"from": {
"url": "https://api.example.com/*",
"headers": {
"Content-Type": "application/json"
},
"match": "\"request\":\\s*\\{([^}]+)\\}",
"replace": {
"\"oldField\"": "\"newField\"",
"sensitive-key": "***"
}
},
"to": "https://backend.example.com/*"
}from.match:从请求体中提取匹配的内容from.replace:替换请求体中的内容2. 请求头设置(from.headers)
from 配置中设置的 headers 会应用到发出的代理请求上:{
"from": {
"url": "https://api.example.com/*",
"headers": {
"Authorization": "Bearer secret-token",
"X-API-Key": "your-api-key",
"User-Agent": "MyProxy/1.0"
}
},
"to": "https://backend.example.com/*"
}from.url 的请求都会附加这些请求头。3. 响应头设置(to.headers)
to 配置中设置的 headers 会应用到返回给客户端的响应上:{
"from": "https://api.example.com/*",
"to": {
"url": "https://backend.example.com/*",
"headers": {
"Access-Control-Allow-Origin": "https://trusted-site.com",
"Cache-Control": "max-age=3600",
"X-Powered-By": "MyProxy"
}
}
}to.headers 中设置的响应头会覆盖默认的跨域头。4. 响应体匹配(to.match)
{
"from": "https://api.example.com/*",
"to": {
"url": "https://backend.example.com/*",
"match": "<title>(.*?)</title>"
}
}5. 响应体替换(to.replace)
{
"from": "https://api.example.com/*",
"to": {
"url": "https://backend.example.com/*",
"replace": {
"OldBrand": "NewBrand",
"example\\.com": "myproxy.com",
"\"status\":\"success\"": "\"status\":\"modified\""
}
}
}6. 正则表达式 URL 匹配(from.url)
from.url 现在支持正则表达式匹配。{
"from": "https://api\\.example\\.com/v(\\d+)/users/(\\d+)",
"to": "https://backend.example.com/api/v$1/user/$2"
}https://api.example.com/v2/users/123 会被映射到 https://backend.example.com/api/v2/user/123$1, $2 等引用捕获组(, [, {, ^, $, | 等正则特征字符,会尝试作为正则表达式处理* 通配符仍然按照原来的方式处理{
"comment": "匹配特定路径模式",
"from": "https://old-api\\.example\\.com/(v\\d+)/(.*)",
"to": "https://new-api.example.com/$1/$2"
}{
"comment": "使用对象配置 + 正则表达式",
"from": {
"url": "https://api\\.example\\.com/(.+)/data",
"headers": {
"X-Source": "proxy"
}
},
"to": "https://backend.example.com/api/$1/info"
}7. 双向配置示例
{
"from": {
"url": "https://api.example.com/v1*",
"headers": {
"Authorization": "Bearer request-token",
"X-Request-ID": "custom-id"
}
},
"to": {
"url": "https://backend.example.com/api/v1*",
"headers": {
"Access-Control-Allow-Origin": "*",
"X-Response-Time": "100ms"
},
"match": "\"data\":\\s*\\{([^}]+)\\}",
"replace": {
"sensitive": "***",
"internal": "external"
}
}
}跨域头处理
默认跨域头
Origin: *
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Vary: Etag, Save-Data, Accept-Encoding
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
Access-Control-Request-Method: *
Access-Control-Request-Headers: *
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: cross-originOPTIONS 请求处理
自定义跨域头优先级
to.headers 中设置的响应头会覆盖默认跨域头。{
"from": "https://api.example.com/*",
"to": {
"url": "https://backend.example.com/*",
"headers": {
"Access-Control-Allow-Origin": "https://trusted-site.com",
"Access-Control-Allow-Credentials": "true"
}
}
}Access-Control-Allow-Origin 从默认的 * 改为 https://trusted-site.com。向后兼容性
{
"from": "https://api.example.com/*",
"to": "https://backend.example.com/*",
"headers": {
"Authorization": "Bearer token"
},
"match": "<title>(.*?)</title>",
"replace": {
"old": "new"
}
}headers → from.headers(请求头)match → to.match(响应匹配)replace → to.replace(响应替换)实际应用场景
场景 1:API 密钥注入
{
"from": {
"url": "https://public-api.example.com/*",
"headers": {
"X-API-Key": "secret-key-12345"
}
},
"to": "https://backend-api.example.com/*"
}场景 2:响应数据脱敏
{
"from": "https://api.example.com/*",
"to": {
"url": "https://backend.example.com/*",
"replace": {
"\"password\":\"[^\"]+\"": "\"password\":\"***\"",
"\"credit_card\":\"[^\"]+\"": "\"credit_card\":\"****\""
}
}
}场景 3:品牌替换
{
"from": "https://white-label.example.com/*",
"to": {
"url": "https://original-service.com/*",
"replace": {
"Original Brand": "Your Brand",
"original-logo.png": "your-logo.png"
}
}
}场景 4:CORS 精细控制
{
"from": "https://api.example.com/*",
"to": {
"url": "https://backend.example.com/*",
"headers": {
"Access-Control-Allow-Origin": "https://app.yourdomain.com",
"Access-Control-Allow-Methods": "GET, POST",
"Access-Control-Allow-Headers": "Content-Type, Authorization",
"Access-Control-Max-Age": "86400"
}
}
}日志输出
[REQUEST HEADERS]:应用请求头时[RESPONSE HEADERS]:应用响应头时[RESPONSE MATCH]:匹配响应内容时[RESPONSE REPLACE]:替换响应内容时[REQUEST HEADERS] Applying 3 custom headers from 'from' config
[REQUEST HEADERS] Authorization: Bearer ***
[REQUEST HEADERS] X-API-Key: ***
[REQUEST HEADERS] User-Agent: MyProxy/1.0
[RESPONSE HEADERS] Applying 2 custom headers from 'to' config
[RESPONSE HEADERS] Access-Control-Allow-Origin: https://trusted-site.com
[RESPONSE HEADERS] Cache-Control: max-age=3600
[RESPONSE MATCH] Extracted 1024 bytes from response body
[RESPONSE REPLACE] Applied replacement: OldBrand -> NewBrand注意事项
1.
2.
to.headers 会覆盖默认跨域头和源站响应头3.
match 没有匹配到内容,会返回空响应4.
5.
完整示例
config.example.json 文件查看更多完整示例。修改于 2025-11-15 12:15:35