proxy: Dynamic placeholders for URL segments #1539
Comments
|
Not at this time, sorry. Someone is welcome to implement this, though. Maybe a syntax like this: (Double parentheses because single parentheses might be used in URLs? I dunno.) |
|
We have Curly brace is already used in caddy for placeholders so I would say something with curly braces should be used for this as well. |
|
@abiosoft True, that could work. I'm okay with that syntax as long as we don't foresee ever having a If this is implemented, it would have to be efficient in how it matches the URL and does the replacement. |
mholt
changed the title
|
@mholt I'd like to work on this. I do have prior Go experience. Just new to this project. 🙂 |
|
Sounds good to me @sahildua2305 ! Note that I am pondering one potential security issue with this, since typically allowing outside requests to dictate proxy destinations is a bad idea. Go ahead and work on it though. :) |
|
Maybe something like NGINX syntax: proxy /users/(\d+) www.$1.any.com |
|
@danilobrinu I think we should be consistent with Caddy's placeholder syntax, which is like |
|
@mholt i propose something like {?<placeholder>pattern} proxy /users/{?<user>[0-9]+} www.{user}.any.comI think is more secure use regex pattern to match values coming in route |
|
@danilobrinu That's pretty good; although do we need a full regexp? Maybe just capturing that label of the path would be enough, for example |
|
@mholt i think is more secure use pattern to match exact values from route, this concept is using in Django routes. |
|
@danilobrinu Why is regexp more secure? |
|
@mholt is simple u can use a pattern to eval the value, this is more secure than only use a variable and replace this variable. proxy /users/{?<user>[0-9]+} www.{user}.any.com
// Test
proxy /users/5 www.5.any.com (is valid)
proxy /users/clients www.clients.any.con (no valid)
proxy /users/page.otherpage www.page.otherpage.any.com (no valid)proxy /users/{?user} www.{:user}.any.com
// Test
proxy /users/5 www.5.any.com (is valid)
proxy /users/clients www.clients.any.com (is valid)
proxy /users/page.otherpage www.page.otherpage.any.com (is valid) |
|
@danilobrinu I don't think that's what I mean by secure. Consider SSRF instead: https://github.com/yandex/gixy/blob/master/docs/en/plugins/ssrf.md (for more reading: https://www.owasp.org/index.php/Server_Side_Request_Forgery) |
|
I tried to use |
|
Half of this issue is implemented in v2, the other half certainly can be implemented, just needs someone to work on it. Anyone mind giving it a go? Submit a PR? The placeholders part is done. v2 has this ability by using matchers. You can match requests using a regex capture group and then that becomes a label you can apply to the proxy upstream. The only thing left is to define an upstream that uses a placeholder in its address and replaces it at request-time. So, the unfinished part of this issue is actually the same as #990 |
|
Well, I just went ahead and finished it in 1e31be8. 😄 Caddy 2 can now proxy to different remotes by using any valid placeholders (variables) in the In other words, you'll define a single upstream and its address is evaluated dynamically at request-time. This has implications for health checks, of course, so be wise when configuring health checks, because in this case a single upstream can actually be many arbitrary number of hosts/ports. Go try it out! |
Every time i deploy a new micro service,i have to config the Caddyfile again,and at the same time,my caddy service is in the docker,so i have to run caddy container again with new caddy file.
Do there any way to do proxy like:
when the user named
user1send a request,it mean:proxy /v1/users/user1 to www.user1.any.com
The text was updated successfully, but these errors were encountered: