Method and Route Validator
Preview
The Method and Route Validator integration can be used to protect your application by blocking requests based on the URI and method used. It works by validating the arguments received by the function and checking if the request matches the patterns defined in any of the values.
With this integration, you can define a list of routes and which method each route expects. Each time the function is executed, it’ll perform the following steps:
- Validate the arguments passed to the function.
- Check if the request matches the patterns defined for the routes.
- If there is a match, the function will perform a user-defined blocking action.
- If there is no match, the function can be configured to continue the request or block it.
- If the arguments are invalid, it’ll write a log message and continue the request.
Getting the integration
To install this integration:
- Access Azion Console > Marketplace.
- On the Marketplace homepage, select the Method and Route Validator card.
- On the integration page, click the Install button.
You’ll see a message indicating that your integration was successfully installed.
Configuring the integration
Once you’ve installed the Method and Route Validator integration, you’ll need to complete the steps explained below to configure it.
Setting up an edge firewall
Follow the steps:
- On the upper-left corner, open the Products menu and select Edge Firewall in the Secure section.
- Click the + Edge Firewall button.
- Give an easy-to-remember name to your edge firewall.
- Enable the Edge Functions switch in the Modules section.
- This action gives access to edge functions on your edge firewall.
- Click the Save button.
Done. Now you’ve instantiated the edge firewall for your function and have access to edge functions on your edge firewall.
Setting up the Edge Firewall function
While still on the Edge Firewall page:
- Select the Functions Instances tab.
- Click the + Function Instance button.
- Give an easy-to-remember name to your instance.
- On the dropdown menu, select the Method and Route Validator function.
- This action will load the Arguments tab.
- In the Arguments tab, you’ll pass the arguments for your function as in the following example:
{ "restricted_mode": false, "action": "deny", "routes": [ { "match_type": "equals", "path": "/my/route/", "methods": ["GET", "POST"] }, { "match_type": "contains", "path": "/something/", "methods": ["POST"] }, { "match_type": "regex", "path": "^.test.*", "methods": ["GET", "POST", "PATCH", "DELETE"] } ]}Where:
| Property | Type | Required | Description |
|---|---|---|---|
restricted_mode | Boolean | No | Indicates if the function should operate in restricted mode. Default value: false. |
action | String | Yes | Defines which action to take when the function identifies the request as invalid. |
routes | Array | Yes | Contains all the URIs that the protected application expects to handle. |
routes.match_type | String | Yes | String specifying the type of match to be performed on the path. |
routes.path | String | Yes | Defines the argument to be used to validate the request URI. |
routes.methods | Array | Yes | Array of strings specifying which methods can be used when making a request to the given path. |
redirect_to | String | Only when action is redirect | URL to which the request should be redirected when the redirect action is triggered. Can be a complete request URL or a relative path. |
custom_response_body | String | Only when action is custom_response | Custom response body to be sent when the custom_response action is triggered. |
custom_response_status | Number | No | Status code of the response to be sent when the custom_response action is triggered. Default value: 400. |
custom_response_content_type | String | No | Content type of the response to be sent when the custom_response action is triggered. Default value: plain/text. |
The possible values for the action argument are:
| Action | Description |
|---|---|
deny | Closes the request with an HTTP 403 Forbidden response. |
drop | Closes the request without sending any response to the client. |
redirect | Redirects the request to another location. |
custom_response | Closes the request with a static response to it. |
The possible values for the match_type argument are:
| Match Type | Description |
|---|---|
equals | The path must be equal to the one defined in the path argument. |
contains | The path must contain the one defined in the path argument. |
regex | The path must match the regular expression defined in the path argument. |
- Click the Save button.
Setting up the Rules Engine
To finish, you have to set up a rule in Rules Engine to configure the criteria and the behavior to run the function.
Still in the Edge Firewall page:
- Select the Rules Engine tab.
- Click the + Rule Engine button.
- Give a name to the rule.
- Select a criteria to run and catch the domains that you want to run the integration on.
- Example: if
Hostmatchesyourdomain.com.
- Below, select a behavior to the criteria. In this case, it’ll be Run Function.
- Select the adequate function according to the name you gave it during the instantiation step.
- Click the Save button.
On the Console, you must now configure your domain so your edge firewall protects it.
- On the Products menu, select Domains.
- Click on the domain you want to protect with your Method and Route Validator function.
- In the Settings section, click on the
Edge Firewallselector and choose the edge firewall you created. - Click the Save button.
Done. Now Method and Route Validator is running and protecting your domains.