RouterChecker http request routing

Use routerchecker middleware to block invalid http request routing

The RouterChecker HTTP middleware component leverages regexp to check the validity of HTTP request routing to prevent invalid routers from entering the Dapr cluster. In turn, the RouterChecker component filters out bad requests and reduces noise in the telemetry and log data.

Component format

The RouterChecker applies a set of rules to the incoming HTTP request. You define these rules in the component metadata using regular expressions. In the following example, the HTTP request RouterChecker is set to validate all requests message against the ^[A-Za-z0-9/._-]+$: regex.

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: routerchecker
  5. spec:
  6. type: middleware.http.routerchecker
  7. version: v1
  8. metadata:
  9. - name: rule
  10. value: "^[A-Za-z0-9/._-]+$"

In this example, the above definition would result in the following PASS/FAIL cases:

  1. PASS /v1.0/invoke/demo/method/method
  2. PASS /v1.0/invoke/demo.default/method/method
  3. PASS /v1.0/invoke/demo.default/method/01
  4. PASS /v1.0/invoke/demo.default/method/METHOD
  5. PASS /v1.0/invoke/demo.default/method/user/info
  6. PASS /v1.0/invoke/demo.default/method/user_info
  7. PASS /v1.0/invoke/demo.default/method/user-info
  8. FAIL /v1.0/invoke/demo.default/method/cat password
  9. FAIL /v1.0/invoke/demo.default/method/" AND 4210=4210 limit 1
  10. FAIL /v1.0/invoke/demo.default/method/"$(curl

Spec metadata fields

FieldDetailsExample
rulethe regexp expression to be used by the HTTP request RouterChecker^[A-Za-z0-9/._-]+$

Dapr configuration

To be applied, the middleware must be referenced in configuration. See middleware pipelines.

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Configuration
  3. metadata:
  4. name: appconfig
  5. spec:
  6. httpPipeline:
  7. handlers:
  8. - name: routerchecker
  9. type: middleware.http.routerchecker

Last modified June 19, 2023: Merge pull request #3565 from dapr/aacrawfi/skip-secrets-close (b1763bf)