The plugin helps we intercept user requests, we only need to indicate the referer-restriction.
| Name | Type | Requirement | Default | Valid | Description |
|---|---|---|---|---|---|
| block_rules | array[string] | required | Regular filter rule array. Each of these items is a regular rule. If the current request URI hits any one of them, set the response code to rejected_code to exit the current user request. Example: ["root.exe", "root.m+"]. |
||
| rejected_code | integer | optional | 403 | [200, ...] | The HTTP status code returned when the request URI hit any of block_rules |
Here's a mini example, enable the uri-blocker plugin on the specified route:
- match:
prefix: "/foo"
route:
cluster: web_service
typed_per_filter_config:
envoy.filters.http.lua:
"@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute
name: entry.lua
metadata:
filter_metadata:
envoy.filters.http.lua:
plugins:
- name: uri-blocker
conf:
rejected_code: 403
block_rules:
- root.exe
- root.m+$ curl "127.0.0.1:8000/foo?name=root.exe" -i
HTTP/1.1 403 Forbidden
server: envoy
content-length: 0
date: Mon, 21 Dec 2020 00:45:26 GMT
...When you want to disable the uri-blocker plugin, it is very simple,
you can delete the corresponding yaml configuration in the route metadata.