Skip to main content
Version: 1.0.x

Flow Example

In this configuration:

  • API requests to acmecorp.com/* are allowed, while all others are blocked.
  • If a request to a blocked domain is detected, the flow returns a 403 HTTP status code along with the message: "Forbidden Access."

Flow Configuration

/etc/lunar-proxy/flows/flow.yaml
name: DomainAccessControlFlow

filter:
url: "*"

processors:
AllowFilter:
processor: Filter
parameters:
- key: url
value: acmecorp.com/*

BlockFilter:
processor: Filter
parameters:
- key: header
value: x-domain-access=<any-value>

GenerateResponseForbidden:
processor: GenerateResponse
parameters:
- key: status
value: 403
- key: body
value: "Forbidden Access"
- key: Content-Type
value: text/plain

flow:
request:
- from:
stream:
name: globalStream
at: start
to:
processor:
name: AllowFilter

- from:
processor:
name: AllowFilter
condition: hit
to:
processor:
name: BlockFilter

- from:
processor:
name: AllowFilter
condition: miss
to:
processor:
name: GenerateResponseForbidden

- from:
processor:
name: BlockFilter
condition: hit
to:
processor:
name: GenerateResponseForbidden

- from:
processor:
name: BlockFilter
condition: miss
to:
stream:
name: globalStream
at: end

response:
- from:
processor:
name: GenerateResponseForbidden
to:
stream:
name: globalStream
at: end

Flow Parameters

ParameterExample ValueDescription
nameDomainAccessControlFlowThe name of the flow, used to identify the flow in configurations.
filter.url*Specifies that the flow applies to all URLs.
processors.AllowFilter.processorFilterDefines the processor responsible for allowing requests to specified URLs.
processors.AllowFilter.parameters.keyurlSpecifies the key for the URL being allowed.
processors.AllowFilter.parameters.valueacmecorp.com/*The URL pattern that is allowed.
processors.BlockFilter.processorFilterDefines the processor responsible for blocking requests based on a header.
processors.BlockFilter.parameters.keyheaderSpecifies the key for the header being checked.
processors.BlockFilter.parameters.valueX-Domain-Access=<any-value>The header pattern used to block requests.
processors.GenerateResponseForbidden.processorGenerateResponseDefines the processor that generates the response when access is forbidden.
processors.GenerateResponseForbidden.parameters.keystatus, body, Content-TypeKeys that define the response status code, message body, and content type when access is forbidden.