Flow Configuration Template
Flow Configuration
/etc/lunar-proxy/flows/flow.yaml
name: EndpointAccessControlFlow # The name of the flow
filter:
url: "*" # Define the URL pattern for the filter
processors:
AllowFilter:
processor: Filter # Processor for allowing requests to specific URLs
parameters:
- key: url
value: acmecorp.com/* # Allow only requests to acmecorp.com
BlockFilter:
processor: Filter # Processor for blocking requests based on a header
parameters:
- key: header
value: x-endpoint-access=<any-value> # Header used for blocking access
GenerateResponseForbidden:
processor: GenerateResponse # Processor for generating a 403 forbidden response
parameters:
- key: status
value: 403 # HTTP status code for forbidden access
- key: body
value: "Forbidden Access" # Response body text
- key: Content-Type
value: text/plain # Content type for the response
flow:
request:
- from:
stream:
name: globalStream # The stream to start the request flow
at: start # Start point of the flow
to:
processor:
name: AllowFilter # Process the request through the AllowFilter processor
- from:
processor:
name: AllowFilter # After AllowFilter processor
condition: hit # If the request matches the allow criteria
to:
processor:
name: BlockFilter # Process the request through the BlockFilter processor
- from:
processor:
name: AllowFilter # After AllowFilter processor
condition: miss # If the request does not match the allow criteria
to:
processor:
name: GenerateResponseForbidden # Generate a 403 response for forbidden access
- from:
processor:
name: BlockFilter # After BlockFilter processor
condition: hit # If the request matches the block criteria
to:
processor:
name: GenerateResponseForbidden # Generate a 403 response for forbidden access
- from:
processor:
name: BlockFilter # After BlockFilter processor
condition: miss # If the request does not match the block criteria
to:
stream:
name: globalStream # Send the request to the global stream
at: end # End of the request flow
response:
- from:
processor:
name: GenerateResponseForbidden # In case of forbidden access, send the response
to:
stream:
name: globalStream # Send response back to the global stream
at: end # End point of the response flow
Flow Parameters
| Parameter | Description | Type | Mandatory/Optional | Example |
|---|---|---|---|---|
| name | The name of the flow, describing its purpose or function. | String | Mandatory | EndpointAccessControlFlow |
| filter.url | URL pattern to match requests for this flow. | String | Mandatory | '*' |
| processors.AllowFilter.processor | Defines the processor responsible for allowing requests to specified URLs. | String | Mandatory | AllowFilter |
| processors.AllowFilter.parameters.key | Key for specifying the parameter in the AllowFilter processor. | String | Mandatory | url |
| processors.AllowFilter.parameters.value | The URL pattern that is allowed. | String | Mandatory | acmecorp.com/* |
| processors.BlockFilter.processor | Defines the processor responsible for blocking requests based on a header. | String | Mandatory | BlockFilter |
| processors.BlockFilter.parameters.key | Key for specifying the parameter in the BlockFilter processor. | String | Mandatory | header |
| processors.BlockFilter.parameters.value | The header pattern used to block requests. | String | Mandatory | X-Endpoint-Access=<any-value> |
| processors.GenerateResponseForbidden.processor | Processor that generates the response when access is forbidden. | String | Mandatory | GenerateResponse |
| processors.GenerateResponseForbidden.parameters.key | Keys to specify the response parameters (status, body, content type). | String | Mandatory | status, body, Content-Type |
| processors.GenerateResponseForbidden.parameters.value | Values corresponding to the keys (status code, response message, content type). | Varies | Mandatory | 403, Forbidden Access, text/plain |
| flow.request.from.stream.name | Name of the stream used at the start of the request flow. | String | Mandatory | globalStream |
| flow.request.from.stream.at | The point in the stream where the flow starts. | String | Mandatory | start |
| flow.request.to.processor.name | Name of the processor to route the request to. | String | Mandatory | AllowFilter, BlockFilter, GenerateResponseForbidden |
| flow.request.to.processor.condition | Condition to determine whether the request is blocked or allowed (access forbidden or not). | String | Optional | hit, miss |
| flow.response.from.processor.name | Name of the processor for generating the response in case of forbidden access. | String | Mandatory | GenerateResponseForbidden |
| flow.response.to.stream.name | Name of the stream to send the response to. | String | Mandatory | globalStream |
| flow.response.from.stream.at | The point in the stream where the response starts. | String | Mandatory |