是否有一种方法可以拒绝https://mma.mydomain.com/主域并允许以下Web服务在GCP Cloud装甲中使用?
1. https://mma.mydomain.com/v1/teststudio/developer - POST
2. https://mma.mydomain.com/v1/teststudio/developer - GET
3. https://mma.mydomain.com/v1/teststudio/developer - PATCH
4. https://mma.mydomain.com/v1/teststudio/developer/app - POST
5. https://mma.mydomain.com/v1/teststudio/developer/app - GET
我在Google Cloud Armor网络安全服务中设置了以下规则
deny request.path.matches('https://mma.mydomain.com/') Deny access from Internet to https://mma.mydomain.com 28
Allow request.path.matches('/v1/devstudio/developer') Allow access from Internet to /v1/teststudio/developer 31
Allow request.path.matches('/v1/devstudio/developer') Allow access from Internet to /v1/teststudio/developer/app 32
我指的是https://cloud.google.com/armor/docs/rules-language-reference。请举例说明。
Thanks in Advance.
最诚挚的问候,
Kaushal
假设你右边的数字是规则优先级,Cloud Armor将匹配第一条规则并停止。在您的示例中,它将匹配主机名值并拒绝请求,而不考虑其他规则。考虑反转流程,先设置更具体的allow规则,然后触发"default";主机名规则。
考虑这样一个规则:request.headers['主机'].matches("mma.mydomain.com"),,.urlDecode request.path.lower () () .contains (/v1/devstudio/开发人员),,请求。method == "GET">
如果你想阻止其他请求,让你的request.path.matches('https://mma.mydomain.com/')规则在
之后触发