英文:
Safe Regex not working for External Authorization Filter in Envoy
问题
我不想为以/css、/img和/assets开头的路由应用外部授权过滤器。如果我使用前缀方式添加3个条目,它可以正常工作,但使用safe_regex方式不起作用。
match中的safe_regex部分:- 正则表达式: "^/(css|img|assets)/"
- 路由配置:
- 主机重写: www.envoyproxy.io
- 集群: service_envoyproxy_io
ext_authz-grpc-service部分:- 负载均衡策略: ROUND_ROBIN
endpoint部分:- 地址: www.envoyproxy.io
- 端口: 443
ext_authz-grpc-service的endpoint部分:- 地址: 0.0.0.0
- 端口: 7058
英文:
I do not want to apply external authorization filter for routes starting with /css, /img, /assets. While it is working fine if I put 3 entries using prefix but its not working with safe_regex.
static_resources:
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
access_log:
- name: envoy.access_loggers.stdout
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
typed_per_filter_config:
envoy.filters.http.ext_authz:
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
check_settings:
context_extensions:
virtual_host: local_service
routes:
- match:
safe_regex:
google_re2: {}
regex: "^/(css|img|assets)/"
route:
host_rewrite_literal: www.envoyproxy.io
cluster: service_envoyproxy_io
typed_per_filter_config:
envoy.filters.http.ext_authz:
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
disabled: true
- match:
prefix: "/"
route:
host_rewrite_literal: www.envoyproxy.io
cluster: service_envoyproxy_io
http_filters:
- name: envoy.filters.http.ext_authz
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
grpc_service:
envoy_grpc:
cluster_name: ext_authz-grpc-service
timeout: 0.250s
transport_api_version: V3
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
clusters:
- name: service_envoyproxy_io
type: LOGICAL_DNS
# Comment out the following line to test on v6 networks
dns_lookup_family: V4_ONLY
load_assignment:
cluster_name: service_envoyproxy_io
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: www.envoyproxy.io
port_value: 443
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
sni: www.envoyproxy.io
- name: ext_authz-grpc-service
type: STRICT_DNS
lb_policy: ROUND_ROBIN
typed_extension_protocol_options:
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
"@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicit_http_config:
http2_protocol_options: {}
load_assignment:
cluster_name: ext_authz-grpc-service
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: 0.0.0.0
port_value: 7058
答案1
得分: 0
在这里使用了safe_regex匹配的完全匹配。因此,应该在这里使用^/(css|img|assets)/.*。
英文:
Full match is used by the safe_regex matching here. So, ^/(css|img|assets)/.* should be used here.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论