devture
Set policy problem
Hello, I have checked two matchRules of policy "id": "custom-hook-to-reject-room-creation-once-in-a-while":
- "routeMatchesRegex": "^/_matrix/client/r0/createRoom",
- "matchRules": [ {"type": "method", "regex": "POST"}, {"type": "route", "regex": "^/_matrix/client/r0/createRoom"} ] First matchRule is worked (block create of room), but second is not. Could you recommend anything how to use multi condition match policy (second matchRule).
In additional, can I use policy for restrict user's media by IP mask and userAgent (mobile/PC)? Thank you.
Are you sure your users are invoking /_matrix/client/r0/createRoom and not something else like /_matrix/client/v3/createRoom?
Perhaps you should use a regex like ^/_matrix/client/[^/]+/createRoom to catch both r0, v3 and other versions that may come in the future.
I'm not aware of /createRoom APIs being exposed over other HTTP methods (methods other than POST), so you can more easily disregard the HTTP method and keep your matchRules simple (just matching the route).
Matching against specific the User-Agent HTTP header (or any other arbitrary HTTP header) is not supported yet. We may add support for it if it's very useful.
Instead of doing that, you could use a consult.RESTServiceURL action and send the request to your own API server for inspection. Over there, you can read the full request details (User-Agent HTTP header, etc.) and decide if the request should be be allowed to pass, be rejected or somehow be modified. Using this action is most flexible (it lets you do anything you wish), but requires that you run an API server somewhere and to suffer the (usually small) overhead of requests leaving matrix-corporal and going to your API server.
