michael.d
Reputation: 11
Google Cloud Armor rule partial URL encoded
I added a new rule for deny all the external requests to 'actuator' .(spring endpoints) as following:
The rule works as expected until I am using partial decode URL like:
<host>/%61ctuator
Do you know any way or a better to define a rule like that that block encoded URLs as well?
Upvotes: 1
Views: 776
Answers (1)
Dave
Reputation: 529
Cloud Armor recently released additional operator functionality that will allow for URL decoding of attributes within a given CEL rule match.
For example:
request.path.lower().urlDecode().contains("/actuator")
Upvotes: 1
Related Questions
- URL encoding using the new Spring UriComponentsBuilder
- Cloud Armor | allow multiple request paths in one line
- How to handle curly braces in RequestParam in spring boot
- Springboot doesn't let through percentage and backslash in URL
- URL change encoding + instead of %20
- Regex doesn't match antMatcher URL pattern
- Read url encoded data in spring boot
- Spring security 3 intercept-url pattern with index
- Cloud Endpoints generating HTTP 404 for special characters passed as named parameter
- Spring Security url-intercept with regular expressions match failure