Flow Example
In this configuration:
- API requests to
acmecorp.com/*are allowed, while all others are blocked. - If a request to a blocked domain is detected, the flow returns a 403 HTTP status code along with the message: "Forbidden Access."
Flow Configuration
/etc/lunar-proxy/flows/flow.yaml
name: DomainAccessControlFlow
filter:
url: "*"
processors:
AllowFilter:
processor: Filter
parameters:
- key: url
value: acmecorp.com/*
BlockFilter:
processor: Filter
parameters:
- key: header
value: x-domain-access=<any-value>
GenerateResponseForbidden:
processor: GenerateResponse
parameters:
- key: status
value: 403
- key: body
value: "Forbidden Access"
- key: Content-Type
value: text/plain
flow:
request:
- from:
stream:
name: globalStream
at: start
to:
processor:
name: AllowFilter
- from:
processor:
name: AllowFilter
condition: hit
to:
processor:
name: BlockFilter
- from:
processor:
name: AllowFilter
condition: miss
to:
processor:
name: GenerateResponseForbidden
- from:
processor:
name: BlockFilter
condition: hit
to:
processor:
name: GenerateResponseForbidden
- from:
processor:
name: BlockFilter
condition: miss
to:
stream:
name: globalStream
at: end
response:
- from:
processor:
name: GenerateResponseForbidden
to:
stream:
name: globalStream
at: end
Flow Parameters
| Parameter | Example Value | Description |
|---|---|---|
name | DomainAccessControlFlow | The name of the flow, used to identify the flow in configurations. |
filter.url | * | Specifies that the flow applies to all URLs. |
processors.AllowFilter.processor | Filter | Defines the processor responsible for allowing requests to specified URLs. |
processors.AllowFilter.parameters.key | url | Specifies the key for the URL being allowed. |
processors.AllowFilter.parameters.value | acmecorp.com/* | The URL pattern that is allowed. |
processors.BlockFilter.processor | Filter | Defines the processor responsible for blocking requests based on a header. |
processors.BlockFilter.parameters.key | header | Specifies the key for the header being checked. |
processors.BlockFilter.parameters.value | X-Domain-Access=<any-value> | The header pattern used to block requests. |
processors.GenerateResponseForbidden.processor | GenerateResponse | Defines the processor that generates the response when access is forbidden. |
processors.GenerateResponseForbidden.parameters.key | status, body, Content-Type | Keys that define the response status code, message body, and content type when access is forbidden. |