正如标题所述,我希望 HTTP 过滤器仅在请求针对特定 URL 路径时才应用。在路由级别执行此操作是不可能的,因为我的路由定义如下:
- match:
prefix: "/api/"
route:
cluster: some_backend_service
prefix_rewrite: "/"
但我想对/api/foo和应用不同的(安全相关的)过滤器/api/bar。我似乎无法找到查看文档的方法,这可能吗?谢谢。
答案1
复合过滤器正是您正在寻找的。请参阅此页面:
https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/composite_filter.html
例如:在一个复合过滤器中配置了 3 个 Lua 过滤器,它们为 /get/action1 添加一个响应头“triggered”,其值为“action-1”,为 /get/action2 添加一个响应头“action-2”,为其他路径添加一个响应头“no-match”。
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 8080
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/"
route:
cluster: upstream
timeout: 1s
name: default_route
http_filters:
- name: composite
typed_config:
"@type": type.googleapis.com/envoy.extensions.common.matching.v3.ExtensionWithMatcher
extension_config:
name: composite
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.composite.v3.Composite
matcher:
on_no_match:
action:
name: action-no-match
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.composite.v3.ExecuteFilterAction
typed_config:
name: envoy.filters.http.lua
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
inlineCode: |
function envoy_on_request(request_handle)
end
function envoy_on_response(response_handle)
response_handle:headers():add("triggered", "no-match")
end
matcher_list:
matchers:
- predicate:
single_predicate:
input:
name: "action1-matcher"
typed_config:
"@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput
header_name: :path
value_match:
prefix: /get/action1
ignore_case: true
on_match:
action:
name: composite-action-1
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.composite.v3.ExecuteFilterAction
typed_config:
name: envoy.filters.http.lua
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
inlineCode: |
function envoy_on_request(request_handle)
end
function envoy_on_response(response_handle)
response_handle:headers():add("triggered", "action-1")
end
- predicate:
single_predicate:
input:
name: "action2-matcher"
typed_config:
"@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput
header_name: :path
value_match:
prefix: /get/action2
ignore_case: true
on_match:
action:
name: composite-action-2
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.composite.v3.ExecuteFilterAction
typed_config:
name: envoy.filters.http.lua
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
inlineCode: |
function envoy_on_request(request_handle)
end
function envoy_on_response(response_handle)
response_handle:headers():add("triggered", "action-2")
end
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
clusters:
- name: upstream
http2_protocol_options: {}
connect_timeout:
seconds: 10
type: STRICT_DNS
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
'@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
load_assignment:
cluster_name: upstream
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: httpbin.org
port_value: 443
lb_policy: ROUND_ROBIN