Terminate requests to your endpoint with the close-connection action
I’m happy to share that we’ve added yet another action to our powerful Traffic Policy engine: close-connection. While we originally developed it for internal use to better protect ngrok.com itself from high volumes of malicious traffic, we've opened it up to everyone.
This action enables you to terminate a connection to your endpoint right from your traffic policies during either the on_http_request or on_tcp_connect phases. It's most useful to avoid getting billed and having active endpoint hours for traffic you didn't want.
Here's a sample traffic policy:
on_http_request:
- name: DC
expressions:
- "req.url.path.startsWith('/dc')"
actions:
- type: close-connectionWhat's happening here? On every HTTP request, the policy filters for traffic on the /dc path and immediately terminates it. If the request came in via curl , they'll see an error like: curl: (16) Error in the HTTP2 framing layer.
What's the difference between close-connection and deny?
If sending a meaningful or useful response as to why you're closing the connection isn't important, close-connection is your best choice.
If you’d like to end with a status code, deny or custom-response are better options for you. The default status code for deny is 403, but it's customizable. For full control, custom-response lets you choose both the status code and response body.
Once you've had a chance to play with close-connection, hop into our Discord and let me know how you're using it. Got feedback? Options you wish it had? I want to hear it all.
Until then, check out our resources:
Have fun shutting the door firmly on those you don't want to hit your endpoints.
