Chx:localonly Page

In non‑HTTP/1.1 contexts, chx:localonly might appear in (e.g., HAProxy’s http-response set-header with a local-only flag).

chx:localonly is a special attribute that can be used in conjunction with the chx command in Kubernetes. It allows you to run a pod or a container in a "local-only" mode, which means that all network traffic will be restricted to only within the pod or container, and no external communication will be allowed.

| Protocol | Handling | |----------|----------| | HTTP/1.1 | Chunk extensions are allowed after chunk size, before CRLF. | | HTTP/2 | No chunk extensions — use grpc-encoding trailers or custom frame padding. Some implementations simulate via priority frames. | | HTTP/3 | Similar to HTTP/2; chx:localonly would be non-standard but possible via extensions frames. | chx:localonly

Services that communicate via HTTP for IPC but do not need to expose a TCP socket to the network use this restriction.

The directive is a configuration parameter used to enforce a strict binding or access policy on a network service, interface, or data stream. It instructs the system to limit the scope of the associated object strictly to the localhost (the local machine), explicitly rejecting any external connections, WAN access, or remote procedure calls. In non‑HTTP/1

While syntax varies by application, a conceptual implementation looks like this:

: It triggers an internal Windows Component (CXH/CHX) that launches the "Create a user for this PC" dialog immediately, even if the computer is currently connected to the internet. | Protocol | Handling | |----------|----------| | HTTP/1

chx:localonly is a that tells an intermediate HTTP processor to apply a local policy (logging, rate limiting, transformation) to that specific chunk without propagating the directive downstream. It enables fine‑grained, hop‑by‑hop control over streaming data, useful in complex proxy chains, debugging, and traffic shaping. Implementers must ensure it’s properly stripped to avoid leaking internal state.