The middleware responds to two particular types of HTTP request...

### CORS preflight requests { #cors-preflight-requests }

These are any `OPTIONS` request with `Origin` and `Access-Control-Request-Method` headers.

In this case the middleware will intercept the incoming request and respond with appropriate CORS headers, and either a `200` or `400` response for informational purposes.

### Simple requests { #simple-requests }

## Allowing Requests Without Content-Type { #allowing-requests-without-content-type }

If you need to support clients that don't send a `Content-Type` header, you can disable strict checking by setting `strict_content_type=False`:

{* ../../docs_src/strict_content_type/tutorial001_py310.py hl[4] *}

                  "mode": "fixed"
                }
              }
            ]
          },
          {
            "matcher": {
              "id": "byName",
              "options": "Replication Requests"
            },
            "properties": [
              {
                "id": "color",
                "value": {
                  "fixedColor": "light-green",
                  "mode": "fixed"

También defines de alguna manera en qué **momentos** tu aplicación enviará esas requests o eventos.

Y **tus usuarios** definen de alguna manera (por ejemplo en un panel web en algún lugar) el **URL** donde tu aplicación debería enviar esas requests.

De la misma manera, puedes definir lógica (código) que debería ser ejecutada cuando la aplicación esté **cerrándose**. En este caso, este código será ejecutado **una vez**, **después** de haber manejado posiblemente **muchos requests**.

        }

        public void columnQueryRequestedAt() {
            doColumn("queryRequestedAt");
        }

        public void columnRequestedAt() {
            doColumn("requestedAt");
        }

        public void columnUrl() {
            doColumn("url");
        }

        public void columnUserSessionId() {
            doColumn("userSessionId");
        }
    }

You also define in some way at which **moments** your app will send those requests or events.

And **your users** define in some way (for example in a web dashboard somewhere) the **URL** where your app should send those requests.

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

/**
 * Filter for rate limiting to protect against bot attacks and excessive requests.
 * Tracks request counts per IP address and blocks excessive requests based on configurable thresholds.
 */
public class RateLimitFilter implements Filter {

    private static final Logger logger = LogManager.getLogger(RateLimitFilter.class);

    /**

    Proxy->>Client: HTTPS Response
```

**Proxy**, orijinal client request'ini araya girerek (intercept) alır ve request'i **application server**'a iletmeden önce özel *forwarded* header'ları (`X-Forwarded-*`) ekler.

Bu header'lar, aksi halde kaybolacak olan orijinal request bilgilerini korur:

* **X-Forwarded-For**: Orijinal client'ın IP adresi
* **X-Forwarded-Proto**: Orijinal protokol (`https`)

	errFatal(err)

	// Start sending requests.
	go func() {
		for i := range byte(100) {
			st.Requests <- []byte{i}
		}
		close(st.Requests)
	}()
	// Now do 100 other requests to ensure that the server doesn't block.
	for range 100 {
		_, err := remoteConn.Request(ctx, handlerTest2, []byte(testPayload))
		errFatal(err)
	}
	// Start processing requests.
	close(processHandler)

	// Drain responses