You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/07/24 07:30:37 UTC

[GitHub] [incubator-apisix] sshniro opened a new issue #1897: Allow or Reject API calls based on arbitrary code execution

sshniro opened a new issue #1897:
URL: https://github.com/apache/incubator-apisix/issues/1897


   Hello, I need to allow or reject API calls via performing a regex check on the request body. Is there a mechanism available in APISIX to do this? or this should be a custom plugin?
   
   POST Data
   ```json
   body:{
     "topic_name": "prefix_a"
   }
   ```
   
   APISIX Code
   ```lua
   -- decode body
   -- run regex on topic name
   -- allow if it conforms to the regex pattern
   ```


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] moonming commented on issue #1897: Allow or Reject API calls based on arbitrary code execution

Posted by GitBox <gi...@apache.org>.

moonming commented on issue #1897:
URL: https://github.com/apache/incubator-apisix/issues/1897#issuecomment-663462714


   sure, it's a good way.
   
   Thanks,
   Ming Wen
   Twitter: _WenMing
   
   
   Nirojan Selvanathan <no...@github.com> 于2020年7月24日周五 下午5:31写道：
   
   > Thanks, I was also going through the serverless plugin, is there a way
   > this plugin can be modified to read the body and reject the calls
   > @moonming <https://github.com/moonming> ?
   >
   > —
   > You are receiving this because you were mentioned.
   > Reply to this email directly, view it on GitHub
   > <https://github.com/apache/incubator-apisix/issues/1897#issuecomment-663447663>,
   > or unsubscribe
   > <https://github.com/notifications/unsubscribe-auth/AGJZBKZNACM6ND3THBWLXVDR5FIH5ANCNFSM4PGOR3QA>
   > .
   >
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] moonming commented on issue #1897: Allow or Reject API calls based on arbitrary code execution

Posted by GitBox <gi...@apache.org>.

moonming commented on issue #1897:
URL: https://github.com/apache/incubator-apisix/issues/1897#issuecomment-663414210


   it looks like a feature of WAF.
   You can create a new plugin to parse post body, there's no mechanism in place to do this yet.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] sshniro closed issue #1897: Allow or Reject API calls based on arbitrary code execution

Posted by GitBox <gi...@apache.org>.

sshniro closed issue #1897:
URL: https://github.com/apache/incubator-apisix/issues/1897


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] sshniro commented on issue #1897: Allow or Reject API calls based on arbitrary code execution

Posted by GitBox <gi...@apache.org>.

sshniro commented on issue #1897:
URL: https://github.com/apache/incubator-apisix/issues/1897#issuecomment-665511785


   Thanks.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] sshniro commented on issue #1897: Allow or Reject API calls based on arbitrary code execution

Posted by GitBox <gi...@apache.org>.

sshniro commented on issue #1897:
URL: https://github.com/apache/incubator-apisix/issues/1897#issuecomment-663447663


   Thanks, I was also going through the serverless plugin, is there a way this plugin can be modified to read the body and reject the calls @moonming ?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org