github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #5275] [Feature Request] pluggable per-proxy authentication #4075

New issue
Closed
opened 2026-05-05 14:34:54 -06:00 by gitea-mirror · 2 comments
gitea-mirror commented 2026-05-05 14:34:54 -06:00
Owner
Copy link

Originally created by @fred01 on GitHub (Apr 1, 2026).
Original GitHub issue: https://github.com/fatedier/frp/issues/5275

Describe the feature request

Hi! Currently HTTP proxies support Basic Auth via httpUser/httpPassword, which works well. But it would be nice to have the option to use other authentication methods on a per-proxy basis — for example, validating a Bearer token, checking a custom header, or delegating the decision to an external service.

Would you be open to the idea of making per-proxy authentication pluggable? The concept would be similar to how server plugins work today (external HTTP services called on lifecycle events like Login,NewProxy), but applied at the request level — frps would call an auth plugin before forwarding each HTTP request to the tunnel.

To give a rough idea of what the config could look like (not a concrete proposal, just thinking out loud):

  [[proxies]]
  name = "my-service"
  type = "http"
  localPort = 8080
  customDomains = ["my-service.example.com"]

  [proxies.auth]
  type = "plugin"  # "basic" | "plugin" | "header" | ...

  [proxies.auth.plugin]
  type = "http"  # "http" | "exec" | "builtin" | ...
  addr = "http://127.0.0.1:9090/verify"

  [proxies.auth.plugin.metadata]
  # arbitrary key-value pairs passed to the plugin on each request

Basic Auth would remain the default and work exactly as it does today. The plugin approach would be opt-in.

If you're generally open to this direction, I'd be happy to write up a more detailed proposal and discuss it here before submitting a PR.

Describe alternatives you've considered

No response

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
Originally created by @fred01 on GitHub (Apr 1, 2026). Original GitHub issue: https://github.com/fatedier/frp/issues/5275 ### Describe the feature request Hi! Currently HTTP proxies support Basic Auth via httpUser/httpPassword, which works well. But it would be nice to have the option to use other authentication methods on a per-proxy basis — for example, validating a Bearer token, checking a custom header, or delegating the decision to an external service. Would you be open to the idea of making per-proxy authentication pluggable? The concept would be similar to how server plugins work today (external HTTP services called on lifecycle events like Login,NewProxy), but applied at the request level — frps would call an auth plugin before forwarding each HTTP request to the tunnel. To give a rough idea of what the config could look like (not a concrete proposal, just thinking out loud): ``` [[proxies]] name = "my-service" type = "http" localPort = 8080 customDomains = ["my-service.example.com"] [proxies.auth] type = "plugin" # "basic" | "plugin" | "header" | ... [proxies.auth.plugin] type = "http" # "http" | "exec" | "builtin" | ... addr = "http://127.0.0.1:9090/verify" [proxies.auth.plugin.metadata] # arbitrary key-value pairs passed to the plugin on each request ``` Basic Auth would remain the default and work exactly as it does today. The plugin approach would be opt-in. If you're generally open to this direction, I'd be happy to write up a more detailed proposal and discuss it here before submitting a PR. ### Describe alternatives you've considered _No response_ ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [x] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [x] Server Plugin - [x] Extensions - [ ] Others
gitea-mirror commented 2026-05-05 14:34:57 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Apr 1, 2026):

We currently don't plan to introduce more complex Layer 7 features within the existing architecture. Supporting such functionality requires a more well-designed architecture, which we'll consider after a future overall refactoring.

<!-- gh-comment-id:4170420641 --> @fatedier commented on GitHub (Apr 1, 2026): We currently don't plan to introduce more complex Layer 7 features within the existing architecture. Supporting such functionality requires a more well-designed architecture, which we'll consider after a future overall refactoring.
gitea-mirror commented 2026-05-05 14:34:58 -06:00
Author
Owner
Copy link

@fred01 commented on GitHub (Apr 1, 2026):

Thanks for the quick response! Totally understand. Will keep an eye on the project for when the refactoring happens.

<!-- gh-comment-id:4170748409 --> @fred01 commented on GitHub (Apr 1, 2026): Thanks for the quick response! Totally understand. Will keep an eye on the project for when the refactoring happens.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#4075
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?