I would like to allow only /abc/def/, /abc/feg/ and block remaining paths.
Leverage conditional flows, create a universal conditional flow with raise fault policy after allowed conditions.
For Example,
<Flows>
<Flow name="testCases">
<Description>Allow Only abc/def/* proxy path suffix</Description>
<Request/>
<Response/>
<Condition>(proxy.pathsuffix MatchesPath "/abc/def/*") and (request.verb = "POST")</Condition>
</Flow>
<Flow name="testSuites">
<Description>Allow only /abc/feg/* proxy path suffix</Description>
<Request/>
<Response/>
<Condition>(proxy.pathsuffix MatchesPath "/abc/feg/*") and (request.verb = "POST")</Condition>
</Flow>
<Flow name="restrictAccess">
<Description>restrictAccess if none of the above conditional flow matches</Description>
<Request>
<Step>
<Name>fault-path-not-allowed</Name>
</Step>
</Request>
<Response/>
</Flow>
</Flows>
Raise fault Policy,
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RaiseFault enabled="true" continueOnError="false" async="false" name="fault-path-not-allowed">
<DisplayName>fault-path-not-allowed</DisplayName>
<FaultResponse>
<Set>
<StatusCode>404</StatusCode>
<Payload contentType="application/json">
\{"code":404, "message":"Invalid URI Path"}
</Payload>
</Set>
</FaultResponse>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</RaiseFault>
1 Like
Hi @Anil Sagar
One of the possible way is to use Regular Expression Threat Protection in your pre-flow
1 Like
@maivizhi , Agree, But writing complex regular expressions is little difficult unless you are regex pro.