context_filter #
Description #
The context_filter is used to filter traffic by request context.
Configuration Example #
A simple example is as follows:
flow:
- name: test
filter:
- context_filter:
context: _ctx.request.path
message: "request not allowed."
status: 403
must: #must match all rules to continue
prefix:
- /medcl
contain:
- _search
suffix:
- _search
wildcard:
- /*/_search
regex:
- ^/m[\w]+dcl
must_not: # any match will be filtered
prefix:
- /.kibana
- /_security
- /_security
- /gateway_requests*
- /.reporting
- /_monitoring/bulk
contain:
- _refresh
suffix:
- _count
- _refresh
wildcard:
- /*/_refresh
regex:
- ^/\.m[\w]+dcl
should:
prefix:
- /medcl
contain:
- _search
- _async_search
suffix:
- _refresh
wildcard:
- /*/_refresh
regex:
- ^/m[\w]+dcl
Parameter Description #
| Name | Type | Description |
|---|---|---|
| context | string | Context variable |
| exclude | array | List of variables used to refuse requests to pass through |
| include | array | List of variables used to allow requests to pass through |
| must.* | object | Requests are allowed to pass through only when all conditions are met. |
| must_not.* | object | Requests are allowed to pass through only when none of the conditions are met. |
| should.* | object | Requests are allowed to pass through when any condition is met. |
| *.prefix | array | Whether a request begins with a specific character |
| *.suffix | array | Whether a request ends with a specific character |
| *.contain | array | Whether a request contains a specific character |
| *.wildcard | array | Whether a request meets pattern matching rules |
| *.regex | array | Whether a request meets regular expression matching rules |
| action | string | Processing action after filtering conditions are met. The value can be set to deny or redirect_flow and the default value is deny. |
| status | int | Status code returned after the user-defined mode is matched |
| message | string | Message text returned in user-defined deny mode |
| flow | string | ID of the flow executed in user-defined redirect_flow mode |
Note: If only the should condition is met, requests are allowed to pass through only when at least one item in should is met.