reverse-proxy
reverse-proxy copied to clipboard
microsoft
No way to reject a route
Describe the bug
Let's say I want to have an SPA served from https://example.com, and its APIs from https://example.com/api/name-of-api.
I would imagine setting up the two routes like this:
[
{
"RouteId": "app",
"Match": {
"Path": "/{**any}"
},
"ClusterId": "app"
},
{
"RouteId": "first-api",
"Match": {
"Path": "/api/first-api/{*any}"
},
"ClusterId": "first-api"
},
{
"RouteId": "second-api",
"Match": {
"Path": "/api/second-api/{*any}"
},
"ClusterId": "second-api"
}
]
All three of these URLs will work as intended: https://example.com/ https://example.com/api/first-api https://example.com/api/second-api
But this URL will also be accepted, and quietly return the same as https://example.com https://example.com/api/third-and-totally-invalid-api
Ideally, I would want to instruct the proxy to reject that route with a 404, perhaps with something like this:
{
"RouteId": "invalid-api",
"Match": {
"Path": "/api/{*any}"
},
StatusCode: 404
},
To Reproduce
Listed in the description
Further technical details
Yarp.ReverseProxy 1.1.1 On Windows 10, .NET 6
Similar request: https://github.com/microsoft/reverse-proxy/issues/1868
Workaround:
- That refusal route can be defined in code and sent to an endpoint that produces a 404.
Triage: It is trivial in code. However, it will be interesting in a single-exe scenario. We need to do a bit of design - e.g. which error codes we want to handle this way.
Another ask: https://github.com/microsoft/reverse-proxy/discussions/1928
- Via config, add a response header to all requests that don't match a route. A low priority wildcard route could do this.