Metadata API
The edge functions on Edge Firewall have access to a set of metadata that can be manipulated to:
- Filter and manage access to your application.
- Apply specific logic in different scenarios.
This reference documentation describes the available metadata and their usage.
GeoIP
The GeoIP metadata provides information on the geographical location of the client based on IP data.
| Name | Description |
|---|---|
| geoip_asn | Autonomous system number |
| geoip_city | City code |
| geoip_city_continent_code | City continent code information |
| geoip_city_country_code | City country code |
| geoip_city_country_name | City country name |
| geoip_continent_code | Continent code |
| geoip_country_code | Country code |
| geoip_country_name | Country name |
| geoip_region | Region code |
| geoip_region_name | Region name |
Remote
The Remote metadata provides details about the remote client’s IP address and TCP port.
| Name | Description |
|---|---|
| remote_addr | Remote (client) IP address |
| remote_port | Remote (client) TCP port |
| remote_user | User informed in the URL. Example: user in http://user@site.com/ |
Server
The Server metadata provides details about the protocol being used in the request.
| Name | Description |
|---|---|
| server_protocol | Protocol being used in the request. Example: HTTP/1.1 |
TLS
The TLS metadata provides details about TLS certificates.
| Name | Description |
|---|---|
| ssl_cipher | TLS cipher used |
| ssl_protocol | TLS protocol used |
Server Fingerprints
The Server Fingerprints metadata provides TLS fingerprinting information for enhanced security analysis.
| Name | Description |
|---|---|
| server_fingerprint | Server TLS fingerprint |
| server_fingerprint_ja4h | Server JA4H fingerprint |
Identifiers
| Name | Description |
|---|---|
| solution_id | Internal identifier of the Solution (bundle of products) handling the request. |
| client_id | Identifier of the Azion account (client) that owns the workload. |
| function_id | Identifier of the Edge Function instance executed for this request. |
| configuration_id | Identifier of the Edge Function configuration (version / revision) applied. |
| virtualhost_id | Identifier of the Virtual Host (Edge Application domain) that received the request. |
| edge_connector_id | Identifier of the Edge Connector used when the request is routed through a connector. A dash (-) is returned when none is involved. |
| request_id | Globally-unique ID automatically attached to every request; useful for end-to-end tracing. |
Usage
You can access the metadata through event.request.metadata["remote_addr"], as in:
let ip = event.request.metadata["remote_addr"] // Accessing the remote addressImplementation
In the code sample below:
- The remote address is accessed.
- It’s verified if this address is in a network list.
- If it’s in the network list, the request is denied.
addEventListener("firewall", (event) => {
let ip = event.request.metadata["remote_addr"] // Accessing the remote address
try { let found = Azion.networkList.contains(String(networkListId), ip); // Checking if the ip is in the list if (found) { event.deny(); // If it's in the list, deny the request } } catch (err) { event.console.error(`Error: `, err.stack); } });