| abort | Interceptors are usually applied to requests and responses. In case of errors, interceptors can initiate the abort flow to safely shut down Membrane. By nesting interceptors into an Element you can limit their application to abort flows only. | 0..1 |
| accessControl | Blocks requests whose origin TCP/IP address (hostname or IP address) is not allowed to access the requested resource. | 0..1 |
| accessLog | Writes exchange metrics into a Log4j appender | 0..1 |
| accountBlocker | Keeps track of blocked user accounts (accounts become blocked after too many failed logins). | 0..1 |
| accountRegistration | Allows account registration (!Experimental!) | 0..1 |
| acme | Configures an ACME (RFC 8555) client, e.g. to retrieve TLS certificates from Let's Encrypt. | 0..1 |
| acmeHttpChallenge | See the documentation of the <acme /> element for usage details. | 0..1 |
| addHeader | | 0..1 |
| additionalVariable | | 0..1 |
| adminConsole | Displays up-to-date statistics, recent exchanges and, by default, allows live modification of Membrane's configuration. | 0..1 |
| api | The api proxy extends the serviceProxy with API related functions like OpenAPI support. | 0..1 |
| apiKey | Secures APIs by validating keys stored in either files or proxies.xml. Keys can be received from clients via HTTP headers or URL query parameters. Additional permission checks are possible through scope validation - scopes are loaded into an Exchange property and can be checked using the "hasScope()" SpEL function. | 0..1 |
| attribute | | 0..1 |
| authentication | | 0..1 |
| azureDns | | 0..1 |
| azureTableStorage | | 0..1 |
| balancer | Performs load-balancing between several nodes. Nodes sharing session state may be bundled into a cluster. | 0..1 |
| basicAuthentication | Blocks requests which do not have the correct RFC 1945 basic authentication credentials (HTTP header "Authentication: Basic ...."). | 0..1 |
| bean | "bean" should be used for Kubernetes only. Experimental. | 0..1 |
| beautifier | Beautifies request and response bodies. Supported are the Formats: JSON, XML | 0..1 |
| cache | Don't use, this does NOT implement valid HTTP caching. | 0..1 |
| cachingUserDataProvider | Caching User Data provider caches previous successful logins in order to make authentication faster | 0..1 |
| case | | 0..1 |
| claim | | 0..1 |
| clamav | Delegates virus checks to an external Virus Scanner. | 0..1 |
| client | | 0..1 |
| cluster | | 0..1 |
| clusterNotification | Receives control messages to dynamically modify the configuration of a {@link LoadBalancingInterceptor}. | 0..1 |
| clusters | | 0..1 |
| connection | | 0..1 |
| description | | 0..1 |
| dispatching | This interceptor adds the destination specified in the target element to the list of destinations of the exchange object. It must be placed into the transport to make Service Proxies Work properly. It has to be placed after the ruleMatching interceptor. The ruleMatching interceptor looks up a service proxy for an incoming request and places it into the exchange object. The dispatching interceptor needs the service proxy to get information about the target. | 0..1 |
| dnsOperator | | 0..1 |
| elasticSearchExchangeStore | Used for storing exchanges in the Elasticsearch. | 0..1 |
| emailTokenProvider | The emailTokenProvider randomly generates a 6-digit token after the user entered her correct password. | 0..1 |
| emptyTokenProvider | | 0..1 |
| exchangeStore | Adds the current state of HTTP requests and responses to an "exchange store". | 0..1 |
| exclude | Contains a Java regex for excluding message headers. | 0..1 |
| faultMonitoringStrategy | Monitors the outcome of requests to each node to quickly disable/re-enable faulty ones. | 0..1 |
| field | | 0..1 |
| fileStorage | | 0..1 |
| fileUserDataProvider | A user data provider utilizing htpasswd formatted files. | 0..1 |
| formValidation | Using the formValidation interceptor you can validate the input of HTML forms. | 0..1 |
| gatekeeper | | 0..1 |
| github | | 0..1 |
| google | | 0..1 |
| graphQLProtection | Check GraphQL-over-HTTP requests, enforcing several limits and/or restrictions. This effectively helps to reduce the attack surface. | 0..1 |
| greaseJson | | 0..1 |
| groovy | Executes a Groovy script. The script can access and manipulate data from the request and response. Use this or the Javascript plugin to extend the functions of Membrane by scripting. See: example/groovy for working samples | 0..1 |
| groovyTemplate | Uses the groovy template markup engine to produce HTML-based responses. <groovyTemplate><![CDATA[ html { head { title('Resource') } body { p('Hello from Membrane!') } } ]]></groovyTemplate> | 0..1 |
| header | | 0..1 |
| headerExtractor | | 0..1 |
| headerFilter | Removes message headers matching a list of patterns. The first matching child element will be acted upon by the filter. | 0..1 |
| headerRetriever | | 0..1 |
| httpClient | The httpClient sends the request of an exchange to a Web Server using the HTTP protocol. Usually it will be globally used inside the transport. However, it is also possible to use it inside a proxy to give the proxy an individual configuration for its outgoing HTTP connection that is different from the global configuration in the transport. | 0..1 |
| if | The "if" interceptor supports conditional execution of a group of executors. | 0..1 |
| include | Contains a Java regex for including message headers. | 0..1 |
| index | The index feature lists available proxys at a simple Web page. To use this feature just add a serviceProxy containing the index element. Of course you can protect the service proxy by using SSL or Username and Password. | 0..1 |
| inMemorySessionManager | | 0..1 |
| javascript | Executes a Javascript. The script can access and manipulate data from the request and response. Use this or the Groovy plugin to extend the functions of Membrane by scripting. See the samples in examples/javascript. | 0..1 |
| jSessionIdExtractor | The jSessionIdExtractor extracts the JSESSIONID from a message and provides it to the {@link Balancer}. | 0..1 |
| json2Xml | If enabled converts body content from json to xml. | 0..1 |
| jsonPointerExtractor | Based on JSON pointer. The interceptor takes values from JSON request body and puts them into Exchange object as properties. If the pointer is not found, an exception will be thrown (resulting in {@link Outcome#ABORT}). | 0..1 |
| jwk | | 0..1 |
| jwk | | 0..1 |
| jwk | | 0..1 |
| jwk | | 0..1 |
| jwtSessionManager | | 0..1 |
| key | Experimental. | 0..1 |
| keyFileStore | Loads api keys from a file. File has to be one key per line, blank lines for formatting are allowed. Optionally, a comma separated list of scopes after the key and a colon in between the two. Hash symbol can be used for comments at the end of each line, including empty lines. | 0..1 |
| keyGenerator | Experimental. | 0..1 |
| keys | Stores api keys inline as XML. | 0..1 |
| kubernetesStorage | | 0..1 |
| kubernetesValidation | Kubernetes Integration is still experimental. | 0..1 |
| ldapUserDataProvider | A user data provider querying an LDAP server to authorize users and retrieve attributes. | 0..1 |
| limit | Limits the maximum length of a HTTP message body. | 0..1 |
| limitedMemoryExchangeStore | Stores exchange objects in-memory until a memory threshold is reached. When the threshold is reached and new exchanges arrive then old exchanges will be dropped (starting from oldest ascending) until the exchange can be stored. The LimitedMemoryExchangeStore is the default ExchangeStore Membrane uses. | 0..1 |
| log | The log feature logs request and response messages to the log4j framework. The messages will appear either on the console or in a log file depending on the configuration of the conf/log4j2.xml file. | 0..1 |
| login | The login interceptor can be used to restrict and secure end user access to an arbitrary web application. | 0..1 |
| map | | 0..1 |
| map | | 0..1 |
| mapping | | 0..1 |
| memoryExchangeStore | Stores all exchanges in-memory. The Java heap will overflow if this store is used to store too many Exchanges. Use for Membrane Monitor only. | 0..1 |
| memoryStorage | For testing purposes only. | 0..1 |
| node | | 0..1 |
| oauth2Resource | Allows only authorized HTTP requests to pass through. Unauthorized requests get a redirect to the authorization server as response. | 0..1 |
| oauth2Resource2 | Allows only authorized HTTP requests to pass through. Unauthorized requests get a redirect to the authorization server as response. | 0..1 |
| openapi | Reads an OpenAPI description and deploys an API with the information of it. | 0..1 |
| otlpExporter | | 0..1 |
| path | Explanation: | 0..1 |
| property | | 0..1 |
| property | | 0..1 |
| proxy | | 0..1 |
| proxy | Clients can send HTTP requests to a proxy that forward the request to a Web server. It acts onbehalf of the client. | 0..1 |
| queryParamExtractor | | 0..1 |
| rateLimiter | The rateLimiter plugin limits the number of requests of a client in a period of time. As a default the client requests are grouped by client-Ip address and then counted. There are lots of possibilities to group the requests using the keyExpression. The requests can even be counted from different clients together. | 0..1 |
| redisOriginalExchangeStore | Used for storing exchanges temporarily in Redis. Supports authentication with or without password and username | 0..1 |
| regExReplacer | Runs a regular-expression-replacement on either the message body (default) or all header values. | 0..1 |
| request | Interceptors are usually applied to requests and responses. By nesting interceptors into a Element you can limit their application to requests only. | 0..1 |
| response | Interceptors are usually applied to requests and responses. By nesting interceptors into a Element you can limit their application to responses only. | 0..1 |
| rest2Soap | Converts REST requests into SOAP messages. | 0..1 |
| return | Terminates the exchange flow. The returned response is determined in the following order: | 0..1 |
| reverseProxying | Rewrites the scheme, hostname and port in the "Location" header in HTTP responses, as well as in the "Destination" header in HTTP requests. The rewriting reflects the different schemes, hostnames and ports used to access Membrane vs. the target HTTP server. | 0..1 |
| rewrite | | 0..1 |
| rewriter | Rewrites or redirects the path of incoming requests based on a mapping. | 0..1 |
| router | Membrane API Gateway's main object. | 0..1 |
| routerIpResolver | | 0..1 |
| scope | Contains a scope for use in ... elements. | 0..1 |
| scope | | 0..1 |
| secret | Contains api keys and scopes. | 0..1 |
| serviceProxy | A service proxy can be deployed on front of a Web server, Web Service or a REST resource. It conceals the server and offers the same interface as the target server to its clients. | 0..1 |
| sessionManager | Explanation: | 0..1 |
| shutdown | Shutdown interceptor. | 0..1 |
| soap2Rest | Converts SOAP messages into REST requests. | 0..1 |
| soapProxy | A SOAP proxy can be deployed on front of a SOAP Web Service. It conceals the server and offers the same interface as the target server to its clients. | 0..1 |
| soapStackTraceFilter | The soapStackTraceFilter removes SOAP stack traces from message bodies. | 0..1 |
| spdy | Allow HTTP protocol upgrades to the SPDY protocol. After the upgrade, the connection's data packets are simply forwarded and not inspected. | 0..1 |
| ssl | Configures inbound or outbound SSL connections. | 0..1 |
| staticUserDataProvider | A user data provider listing all user data in-place in the config file. | 0..1 |
| statisticsCSV | Writes statistics (time, status code, hostname, URI, etc.) about exchanges passing through into a CSV file (one line per exchange). | 0..1 |
| statisticsJDBC | Writes statistics (time, status code, hostname, URI, etc.) about exchanges passing through into a database (one row per exchange). | 0..1 |
| stompProxy | Proxies incoming STOMP CONNECT requests. Use a <stompClient> to forward these requests so some other machine. | 0..1 |
| swaggerProxy | A service proxy that handles Swagger REST API calls. It includes a SwaggerRewriterInterceptor ex factory. | 0..1 |
| swaggerRewriter | Allow Swagger proxying | 0..1 |
| switch | Changes an exchange's target based on a series of XPath expressions. | 0..1 |
| target | | 0..1 |
| target | The destination where the service proxy will send messages to. Use the target element, if you want to send the messages to a static target. If you want to use dynamic destinations have a look at the content based router. | 0..1 |
| tcp | Allow HTTP protocol upgrades to the TCP protocol. After the upgrade, the connection's data packets are simply forwarded and not inspected. | 0..1 |
| telekomSMSTokenProvider | The telekomSMSTokenProvider randomly generates a 6-digit token after the user entered her correct password. | 0..1 |
| template | Renders the body content of a message from a template. The template can produce plain text, Json or XML. Variables in the template are substituted with values from the body, header, query parameters, etc. If the extension of a referenced template file is .xml it will use XMLTemplateEngine otherwise StreamingTemplateEngine. Have a look at the samples in examples/template. | 0..1 |
| throttle | The throttle feature can slow down traffic to thwart denial of service attacks. | 0..1 |
| totpTokenProvider | A token provider using the Time-based One-time Password (TOTP) algorithm specified in RFC 6238 to verify tokens using a pre-shared secret. | 0..1 |
| transform | The transform feature applies an XSLT transformation to the content in the body of a message. After the transformation the body content is replaced with the result of the transformation. | 0..1 |
| transport | The transport receives messages from clients and invokes interceptors in the request and response flow. The interceptors that are engaged with the transport are global and are invoked for each message flowing through the router. | 0..1 |
| trust | Allows to insert one or more PEM blocks containing the certificates to be trusted directly into the proxies.xml file. | 0..1 |
| unifyingUserDataProvider | Explanation: | 0..1 |
| urlNormalizer | Replaces "/./" in the request URI's path by "/". | 0..1 |
| user | | 0..1 |
| userInfo | | 0..1 |
| webServer | Serves static files based on the request's path. | 0..1 |
| webSocket | Allow HTTP protocol upgrades to the WebSocket protocol. After the upgrade, the connection's data packets are simply forwarded and not inspected. | 0..1 |
| whateverMobileSMSTokenProvider | The whateverMobileSMSTokenProvider randomly generates a 6-digit token after the user entered her correct password. | 0..1 |
| wsdlPublisher | The wsdlPublisher can be used to serve WSDL files (and attached XML Schema Documents), if your backend service does not already do so. | 0..1 |
| wsdlRewriter | The wsdlRewriter rewrites endpoint addresses of services and XML Schema locations in WSDL documents. | 0..1 |
| xml2Json | If enabled converts body content from xml to json. | 0..1 |
| xmlContentFilter | The xmlContentFilter removes certain XML elements from message bodies. The elements are described using an XPath expression. | 0..1 |
| xmlProtection | Prohibits XML documents to be passed through that look like XML attacks on older parsers. Too many attributes, too long element names are such indications. DTD definitions will simply be removed. | 0..1 |
| xmlSessionIdExtractor | Extracts a session ID from an XML HTTP request body based on the qualified name of an XML element. | 0..1 |
| xpathExtractor | Based on xpath it takes values from xml in request and puts them in exchange as properties | 0..1 |