-
Notifications
You must be signed in to change notification settings - Fork 163
Supported Rules
Daniel Mota Leite edited this page Mar 31, 2016
·
24 revisions
The evaluation stops at the first block (block = sets of rules) where all the rules match. The blocks are evaluated in the order they appear in the configuration file.
| rule_name : example_argument ______________________________________ | Description |
|---|---|
| type: allow |
mandatory rule! If all the following rules match the request, then allow or forbid it |
| hosts: [localhost, 10.0.0.0/24] | a list of origin IP addresses or subnets |
| accept_x-forwarded-for_header: false | interpret the X-Forwarded-For header as origin host (useful for AWS ELB and other reverse proxies) |
| methods: [GET, OPTIONS] | match the HTTP method |
| api_keys: [123456, abcdefg] | a list of api keys expected in the header X-Api-Key
|
| uri_re: ^/secret-index/.* | A regular expression to match the request URI. Hint: superseded by indices! |
| maxBodyLength: 0 | limit HTTP request body length. |
| auth_key: sales:p455wd |
HTTP Basic Auth. Configure this value in clear text. Clients will need to provide the header e.g. Authorization: Basic c2FsZXM6cDQ1NXdk where "c2FsZXM6cDQ1NXdk" is base64 for "sales:p455wd". |
| indices: [sales, public] | Match the request if Elasticsearch is going to use either "sales" or "public" or both indices to execute the query |