Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Referrer filter option #414

Closed
3 tasks
VinayBhalerao opened this issue Aug 31, 2017 · 6 comments
Closed
3 tasks

Add Referrer filter option #414

VinayBhalerao opened this issue Aug 31, 2017 · 6 comments
Assignees
@davidor
Labels
type: enhancement
Milestone
3.3

Comments

@VinayBhalerao
Copy link
Contributor

VinayBhalerao commented Aug 31, 2017
edited by andreumasferrer
Loading

3scale SAAS and on-prem product supports Referrer filter. https://support.3scale.net/docs/api-authentication/authentication-patterns. We had the option to enable referrer filter on old nginx files https://support.3scale.net/codehub/referer-filter-nginx.

With the recent development of apicast, there is a need to have this option available as an env variable.

Todo.

  • While starting the gateway use env variable APICAST_REFERRER_FILTER value true|false
  • When done override

https://github.com/3scale/apicast/blob/57790a667b6b6a035ce1ef6c17d3a6637095fd94/apicast/conf.d/apicast.conf#L19

with

set $path /transactions/authrep.xml?$backend_authentication_type=$backend_authentication_value&service_id=$service_id&$usage&$credentials&referrer=$http_referer$log;
  • Test cases
@mikz
Copy link
Contributor

mikz commented Sep 1, 2017

I believe this is something that could be solved by a policy in the next release.

@davidor davidor added this to the 3.3 milestone May 22, 2018
@davidor
Copy link
Contributor

davidor commented May 22, 2018

Adding to 3.3 milestone as agreed with @andrewdavidmackenzie

@andrewdavidmackenzie
Copy link
Member

Is a P2 priority at the moment for 3scale/Red Hat, but seemed an easy one.

@davidor
Copy link
Contributor

davidor commented May 29, 2018

@mikz I'm not sure this should be implemented as a new policy. It would need to be combined with the APIcast policy anyway to work.

If I understood this correctly, we just need to optionally add a new param to the authrep call to backend. There are only 2 calls in the code to backend_client.authrep() and both of them are in proxy.lua. It should be pretty straightforward to add a new param according to a new env we set for this.

@mikz
Copy link
Contributor

mikz commented May 29, 2018
edited
Loading

@davidor The only way to make this policy would be to have some generic way for policies to add params to the authrep call: https://github.com/3scale/apicast/blob/7b06e3ed8fcce3fd6aecdb41eb216ffc9f73d56e/gateway/src/apicast/proxy.lua#L139
https://github.com/3scale/apicast/blob/7b06e3ed8fcce3fd6aecdb41eb216ffc9f73d56e/gateway/src/apicast/proxy.lua#L316
https://github.com/3scale/apicast/blob/7b06e3ed8fcce3fd6aecdb41eb216ffc9f73d56e/gateway/src/apicast/proxy.lua#L330

I think we should try to make everything possible with policies even though it might be more straightforward as a flag, just because it will enable more flexibility for other customizations.

@davidor
Copy link
Contributor

davidor commented May 29, 2018

In my opinion, implementing a generic way to allow policies to add params to the backend calls is more valuable than having this implemented as a policy. But we need the former to achieve the latter, so ok, let's give it a go and see how it looks.

@davidor davidor self-assigned this May 29, 2018
@davidor davidor mentioned this issue May 29, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@davidor davidor

Labels
type: enhancement
Projects
None yet
Milestone
3.3
Development

No branches or pull requests
4 participants
@mikz @davidor @andrewdavidmackenzie @VinayBhalerao