[go: nahoru, domu]

Skip to content

Latest commit

 

History

History
104 lines (86 loc) · 3.59 KB

uri-blocker.md

File metadata and controls

104 lines (86 loc) · 3.59 KB
title
uri-blocker

Description

The plugin helps we intercept user requests, we only need to indicate the block_rules.

Attributes

Name Type Requirement Default Valid Description
block_rules array[string] required Regular filter rule array. Each of these items is a regular rule. If the current request URI hits any one of them, set the response code to rejected_code to exit the current user request. Example: ["root.exe", "root.m+"].
rejected_code integer optional 403 [200, ...] The HTTP status code returned when the request URI hit any of block_rules.
rejected_msg string optional non-empty The HTTP response body returned when the request URI hit any of block_rules.
case_insensitive boolean optional false Whether case insensitive or not. Set true will ignore case when matching the request URI. Default is false.

How To Enable

Here's an example, enable the uri blocker plugin on the specified route:

curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
    "uri": "/*",
    "plugins": {
        "uri-blocker": {
            "block_rules": ["root.exe", "root.m+"]
        }
    },
    "upstream": {
        "type": "roundrobin",
        "nodes": {
            "127.0.0.1:1980": 1
        }
    }
}'

Test Plugin

$ curl -i http://127.0.0.1:9080/root.exe?a=a
HTTP/1.1 403 Forbidden
Date: Wed, 17 Jun 2020 13:55:41 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 150
Connection: keep-alive
Server: APISIX web server

... ...

If you set the property rejected_msg to "access is not allowed" , the response body will like below:

$ curl -i http://127.0.0.1:9080/root.exe?a=a
HTTP/1.1 403 Forbidden
Date: Wed, 17 Jun 2020 13:55:41 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 150
Connection: keep-alive
Server: APISIX web server

{"error_msg":"access is not allowed"}

Disable Plugin

When you want to disable the uri blocker plugin, it is very simple, you can delete the corresponding json configuration in the plugin configuration, no need to restart the service, it will take effect immediately:

curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
    "uri": "/*",
    "upstream": {
        "type": "roundrobin",
        "nodes": {
            "127.0.0.1:1980": 1
        }
    }
}'

The uri blocker plugin has been disabled now. It works for other plugins.