Skip to main content
Version: 1.0.x

Flow Configuration Template

Flow Configuration

/etc/lunar-proxy/flows/flow.yaml
name: DomainAccessControlFlow # The name of the flow

filter:
url: "*" # Define the URL pattern for the filter

processors:
AllowFilter:
processor: Filter # Processor for allowing requests to specific URLs
parameters:
- key: url
value: acmecorp.com/* # Allow only requests to acmecorp.com

BlockFilter:
processor: Filter # Processor for blocking requests based on a header
parameters:
- key: header
value: x-domain-access=<any-value> # Header used for blocking access

GenerateResponseForbidden:
processor: GenerateResponse # Processor for generating a 403 forbidden response
parameters:
- key: status
value: 403 # HTTP status code for forbidden access
- key: body
value: "Forbidden Access" # Response body text
- key: Content-Type
value: text/plain # Content type for the response

flow:
request:
- from:
stream:
name: globalStream # The stream to start the request flow
at: start # Start point of the flow
to:
processor:
name: AllowFilter # Process the request through the AllowFilter processor

- from:
processor:
name: AllowFilter # After AllowFilter processor
condition: hit # If the request matches the allow criteria
to:
processor:
name: BlockFilter # Process the request through the BlockFilter processor

- from:
processor:
name: AllowFilter # After AllowFilter processor
condition: miss # If the request does not match the allow criteria
to:
processor:
name: GenerateResponseForbidden # Generate a 403 response for forbidden access

- from:
processor:
name: BlockFilter # After BlockFilter processor
condition: hit # If the request matches the block criteria
to:
processor:
name: GenerateResponseForbidden # Generate a 403 response for forbidden access

- from:
processor:
name: BlockFilter # After BlockFilter processor
condition: miss # If the request does not match the block criteria
to:
stream:
name: globalStream # Send the request to the global stream
at: end # End of the request flow

response:
- from:
processor:
name: GenerateResponseForbidden # In case of forbidden access, send the response
to:
stream:
name: globalStream # Send response back to the global stream
at: end # End point of the response flow

Flow Parameters

ParameterDescriptionTypeMandatory/OptionalExample
nameThe name of the flow, describing its purpose or function.StringMandatoryDomainAccessControlFlow
filter.urlURL pattern to match requests for this flow.StringMandatory'*'
processors.AllowFilter.processorDefines the processor responsible for allowing requests to specified URLs.StringMandatoryAllowFilter
processors.AllowFilter.parameters.keyKey for specifying the parameter in the AllowFilter processor.StringMandatoryurl
processors.AllowFilter.parameters.valueThe URL pattern that is allowed.StringMandatoryacmecorp.com/*
processors.BlockFilter.processorDefines the processor responsible for blocking requests based on a header.StringMandatoryBlockFilter
processors.BlockFilter.parameters.keyKey for specifying the parameter in the BlockFilter processor.StringMandatoryheader
processors.BlockFilter.parameters.valueThe header pattern used to block requests.StringMandatoryX-Domain-Access=<any-value>
processors.GenerateResponseForbidden.processorProcessor that generates the response when access is forbidden.StringMandatoryGenerateResponse
processors.GenerateResponseForbidden.parameters.keyKeys to specify the response parameters (status, body, content type).StringMandatorystatus, body, Content-Type
processors.GenerateResponseForbidden.parameters.valueValues corresponding to the keys (status code, response message, content type).VariesMandatory403, Forbidden Access, text/plain
flow.request.from.stream.nameName of the stream used at the start of the request flow.StringMandatoryglobalStream
flow.request.from.stream.atThe point in the stream where the flow starts.StringMandatorystart
flow.request.to.processor.nameName of the processor to route the request to.StringMandatoryAllowFilter, BlockFilter, GenerateResponseForbidden
flow.request.to.processor.conditionCondition to determine whether the request is blocked or allowed (access forbidden or not).StringOptionalhit, miss
flow.response.from.processor.nameName of the processor for generating the response in case of forbidden access.StringMandatoryGenerateResponseForbidden
flow.response.to.stream.nameName of the stream to send the response to.StringMandatoryglobalStream
flow.response.from.stream.atThe point in the stream where the response starts.StringMandatory