Function Description

The request-block plugin implements HTTP request blocking based on features such as URL, request headers, etc. It can be used to protect certain site resources from being exposed to the outside.

Running Attributes

Plugin Execution Stage: Authentication Stage

Plugin Execution Priority: 320

Configuration Fields

NameData TypeFill RequirementDefault ValueDescription
block_urlsarray of stringOptional, at least one of block_urls, block_headers, block_bodies must be filled-Configure strings for matching URLs that need to be blocked
block_headersarray of stringOptional, at least one of block_urls, block_headers, block_bodies must be filled-Configure strings for matching request headers that need to be blocked
block_bodiesarray of stringOptional, at least one of block_urls, block_headers, block_bodies must be filled-Configure strings for matching request bodies that need to be blocked
blocked_codenumberOptional403Configure the HTTP status code returned when a request is blocked
blocked_messagestringOptional-Configure the HTTP response body returned when a request is blocked
case_sensitiveboolOptionaltrueConfigure whether matching is case-sensitive, default is case-sensitive

Configuration Example

Blocking Request URL Paths

  1. block_urls:
  2. - swagger.html
  3. - foo=bar
  4. case_sensitive: false

Based on this configuration, the following requests will be denied access:

Blocking Request Headers

  1. block_headers:
  2. - example-key
  3. - example-value

Based on this configuration, the following requests will be denied access:

  1. curl http://example.com -H ‘example-key: 123’
  2. curl http://exmaple.com -H ‘my-header: example-value’

Blocking Request Bodies

  1. block_bodies:
  2. - hello world
  3. case_sensitive: false

Based on this configuration, the following requests will be denied access:

  1. curl http://example.com -d ‘Hello World’
  2. curl http://exmaple.com -d ‘hello world’

Request Body Size Limit

When block_bodies is configured, only request bodies smaller than 32 MB are supported for matching. If the request body exceeds this limit and there are no matching block_urls or block_headers, the blocking operation will not be executed for that request.

When block_bodies is configured and the request body exceeds the global configuration DownstreamConnectionBufferLimits, it will return 413 Payload Too Large.