Handling invalid Resource Paths using a default Resource and the Raise Fault policy

Google Cloud Apigee Knowledge Hub
1

“How can I restrict an incoming request with mis-spelled resource URI from being forwarded to the back-end? Currently if I make a call like http://-test.apigee.net/v1/weather/forecastrssXXX?w=12795287 the request is not stopped at Apigee. It is forwarded to Yahoo which responds back and shows a not-found page. Ideally I should be able to stop the request right at my proxy from going further since it had an incorrect resource URI.”

One way to fix this is by adding a proxy Resource that handles all invalid resource paths by raising a fault and returning an error response, without sending the request to the backend, when an unknown request url is called. Here’s how:

  1. Add new proxy resource:

Under the API Proxy Development view, click on + Icon Next to Default in Proxy EndPoints to add a conditional flow.

For now, specify Condition Type as “Path”, and Resource Path as “/”. We’ll remove this later.

2828-unknown.png
2828-unknown.png2868×1010 341 KB

  1. Change the Resource config:

523-screenshot-unknownresourceconfig1.png
523-screenshot-unknownresourceconfig1.png2374×1210 327 KB

Remove the … tags. Hit ‘Save’ (top left hand corner).

  1. Add a Raise Fault policy:

Click on New Policy >> Raise Fault.

527-screenshot-unknownresourceconfig3.png
527-screenshot-unknownresourceconfig3.png2524×1362 373 KB

Once added, change the policy config to the following:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><RaiseFaultasync="false"continueOnError="false"enabled="true"name="Raise-Fault-Unknown-Resource"><DisplayName>Raise Fault - Unknown Resource</DisplayName><FaultResponse><Set><StatusCode>404</StatusCode><ReasonPhrase>Resource not found.</ReasonPhrase></Set></FaultResponse><IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables></RaiseFault>

Hit Save. Deploy to environment of choice.

  1. Now, every time a request comes in with an unknown URL path, the proxy will attempt to match with all known Resources, and finally with the Unknown Resource flow. Since we have removed any conditional config for this resource, it will match it be default if no others match.

The proxy will then Raise the Fault for Unknown Resource Path, returning a HTTP 404.

528-screenshot-unknownresource-req.png
528-screenshot-unknownresource-req.png1834×722 108 KB

2

Thanks Vidya,

2 more points to add:

  • Use the Payload session in the RaiseFault policy to customize the response sent:
<RaiseFault async="false" continueOnError="false" enabled="true" name="404-Not-Found">
    <DisplayName>404 Not Found</DisplayName>
    <Properties/>
    <FaultResponse>
    <Set>
        <Headers/>
        <Payload contentType="application/json">\{"error":"Not Found", "code":404} </Payload>
        <StatusCode>404</StatusCode>
        <ReasonPhrase>Not Found</ReasonPhrase>
    </Set>
    </FaultResponse>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</RaiseFault>
  • Make sure the resource with no condition is always the last in the flow, otherwise it’ll be always executed as the ‘condition’ matches. Any other flows added after this resource would need to be moved above it in the XML.
3

Please keep in mind that the screenshot is no longer valid for the existing version of Apigee.

You should chose “New Conditional Flow” on the Proxy Endpoints and specify this custom condition (pay attention to the *):

(proxy.pathsuffix MatchesPath "/*")
4

@JeanPaulSmit , Welcome to Apigee Community :slight_smile:

Thank you for highlighting this. Yes, Things have changed in the recent version where you add conditional flow. I have update the screenshot & text. Thank you once again for reporting this.

Keep us posted if any moving forward.

5

Hi @Vidya Ravindran,

Can you share the revision of your proxy in which you have integrated this RaiseFault policy ?

6

(proxy.pathsuffix MatchesPath “/*”) only matches one path element, and if the invalid url has more than one path element, then it will skip the flow.

So, either remove the condition for unknown resource flow (or) add the condition like

(proxy.pathsuffix MatchesPath "**")
7

@Anil Sagar, @Vidya Ravindran,

If we have steps in PreFlow ( ex: Verifying apikey or verifying aouth token), these steps get executed before executing conditional flow for Unknown resource path.

What is the better approach for handling unknown resource paths if there are steps to be executed in preflow ?

8

@soujanyaedunuri

Did you try the below provided solution?

I have tried the below solution.It did not work for me?