///

### Habilitar headers reenviados por el Proxy { #enable-proxy-forwarded-headers }

Puedes iniciar FastAPI CLI con la *Opción de CLI* `--forwarded-allow-ips` y pasar las direcciones IP que deberían ser confiables para leer esos headers reenviados.

Si lo estableces a `--forwarded-allow-ips="*"`, confiaría en todas las IPs entrantes.

        fessConfig.setSystemProperty("spnego.allow.basic", String.valueOf(isCheckboxEnabled(form.spnegoAllowBasic)));
        fessConfig.setSystemProperty("spnego.allow.unsecure.basic", String.valueOf(isCheckboxEnabled(form.spnegoAllowUnsecureBasic)));
        fessConfig.setSystemProperty("spnego.prompt.ntlm", String.valueOf(isCheckboxEnabled(form.spnegoPromptNtlm)));

///

### 啟用代理轉發標頭 { #enable-proxy-forwarded-headers }

你可以在啟動 FastAPI CLI 時使用「CLI 選項」`--forwarded-allow-ips`，並傳入允許解析這些轉發標頭的受信任 IP 位址。

如果將其設為 `--forwarded-allow-ips="*"`，就會信任所有進來的 IP。

如果你的「伺服器」位於受信任的「代理」之後，且只有代理會與它通訊，這樣會讓它接受該「代理」的任何 IP。

<div class="termy">

```console
$ fastapi run --forwarded-allow-ips="*"

<span style="color: green;">INFO</span>:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)

 * user-defined properties.
 *
 * <p>A {@code Network} built by this class has the following default properties:
 *
 * <ul>
 *   <li>does not allow parallel edges
 *   <li>does not allow self-loops
 *   <li>orders {@link Network#nodes()} and {@link Network#edges()} in the order in which the
 *       elements were added (insertion order)
 * </ul>
 *

  /** The HTTP {@code Access-Control-Allow-Headers} header field name. */
  public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";

  /** The HTTP {@code Access-Control-Allow-Methods} header field name. */
  public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";

  /** The HTTP {@code Access-Control-Allow-Origin} header field name. */

	vars := mux.Vars(r)
	bucket := vars["bucket"]

	objAPI := api.ObjectAPI()
	if objAPI == nil {
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL)
		return
	}

	// Allow GetBucketWebsite if policy action is set, since this is a dummy call
	// we are simply re-purposing the bucketPolicyAction.
	if s3Error := checkRequestAuthType(ctx, r, policy.GetBucketPolicyAction, bucket, ""); s3Error != ErrNone {

        }

        // Should allow other paths
        String allowed = validator.validatePath("\\share\\allowed\\file.txt");
        assertEquals("\\share\\allowed\\file.txt", allowed);
    }

    @Test
    public void testWhitelist() throws Exception {
        validator.addToWhitelist("\\share\\allowed");

        // Should allow whitelisted path

  // The fake cast to E is safe because the creation methods only allow E's
  @Override
  @SuppressWarnings("unchecked")
  public E get(int index) {
    return (E) array[index];
  }

  @SuppressWarnings("unchecked")
  @Override
  public UnmodifiableListIterator<E> listIterator(int index) {
    // for performance
    // The fake cast to E is safe because the creation methods only allow E's

	vars := mux.Vars(r)
	bucket := vars["bucket"]

	objAPI := api.ObjectAPI()
	if objAPI == nil {
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL)
		return
	}

	// Allow putBucketACL if policy action is set, since this is a dummy call
	// we are simply re-purposing the bucketPolicyAction.
	if s3Error := checkRequestAuthType(ctx, r, policy.PutBucketPolicyAction, bucket, ""); s3Error != ErrNone {

   `keytool -import -alias test-client -keystore test-node.jks -storepass keypass -file test-client.crt -noprompt`
7. Convert the node's keystore to PKCS#12 temporarily so that we can export the private key ( as keytool doesn't allow this)
   `keytool -importkeystore -srckeystore test-node.jks -srcstorepass keypass -destkeystore test-node.p12 -deststoretype PKCS12 -deststorepass keypass`
8. Export the node's private key