Apigee API Proxy - What's the easy way to create a proxy which allows only certain URI Paths ?

I would like to allow only /abc/def/*, /abc/feg/* and block remaining paths.

Solved Solved
0 3 420

Leverage conditional flows, create a universal conditional flow with raise fault policy after allowed conditions.

For Example,

        <Flow name="testCases">
            <Description>Allow Only abc/def/* proxy path suffix</Description>
            <Condition>(proxy.pathsuffix MatchesPath "/abc/def/*") and (request.verb = "POST")</Condition>
        <Flow name="testSuites">
            <Description>Allow only /abc/feg/* proxy path suffix</Description>
            <Condition>(proxy.pathsuffix MatchesPath "/abc/feg/*") and (request.verb = "POST")</Condition>
        <Flow name="restrictAccess">
            <Description>restrictAccess if none of the above conditional flow matches</Description>

Raise fault Policy,

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RaiseFault enabled="true" continueOnError="false" async="false" name="fault-path-not-allowed">
            <Payload contentType="application/json">
                \{"code":404, "message":"Invalid URI Path"}

View solution in original post


Leverage conditional flows, create a universal conditional flow with raise fault policy after allowed conditions.

For Example,

        <Flow name="testCases">
            <Description>Allow Only abc/def/* proxy path suffix</Description>
            <Condition>(proxy.pathsuffix MatchesPath "/abc/def/*") and (request.verb = "POST")</Condition>
        <Flow name="testSuites">
            <Description>Allow only /abc/feg/* proxy path suffix</Description>
            <Condition>(proxy.pathsuffix MatchesPath "/abc/feg/*") and (request.verb = "POST")</Condition>
        <Flow name="restrictAccess">
            <Description>restrictAccess if none of the above conditional flow matches</Description>

Raise fault Policy,

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RaiseFault enabled="true" continueOnError="false" async="false" name="fault-path-not-allowed">
            <Payload contentType="application/json">
                \{"code":404, "message":"Invalid URI Path"}

Hi @Anil Sagar

One of the possible way is to use Regular Expression Threat Protection in your pre-flow

@maivizhi , Agree, But writing complex regular expressions is little difficult unless you are regex pro.