Protecting Your Endpoints by Denying Unwanted Traffic
Whenever your endpoints are exposed to the internet, they will inevitably receive unwanted or malicious traffic. This can include bot activity, unauthorized access attempts, abusive requests, or even potential security threats.
By denying requests at the edge, you can:
🚫 Block unauthorized access attempts before they reach your upstream service.
⚡ Reduce load on backend services by filtering unnecessary traffic.
🔐 Improve security by rejecting requests based on predefined rules.
🔍 What are the Benefits of Denying Requests?
Publicly exposed services are constantly targeted by automated scanners, bots, and unwanted traffic. Even if these requests are not inherently malicious, they can consume resources, increase latency, and degrade performance.
Key Benefits:
- Reduce Attack Surface: Stop unauthorized access attempts before they hit your backend.
- Harden API Security: Restrict access to only legitimate users and trusted sources.
- Improve Performance: Free up server resources by dropping unwanted requests early.
- Protect Against Malicious Bots & Scanners: Prevent automated scripts and scrapers from overloading your API.
- Deny requests based on geolocation rules to comply with regulations.
- Prevent excessive requests from bad actors or misconfigured clients.
Denying Requests Examples
The following examples set up an endpoint that will deny all traffic unless the client IP is from the EU.
See the IP Intelligence page for more ways you can check properties of the connecting IP address. Check out the deny request traffic policy action page for more details about how it functions and the parameters it accepts.
- AgentEndpoint
- CloudEndpoint
- Ingress
- Gateway API
Loading…
Loading…
💡 Ingress
resources do not natively support request denial configuration, but they can be extended using a traffic policy.
1. Create an NgrokTrafficPolicy
Loading…
2. Use the NgrokTrafficPolicy
on an Ingress
Loading…
💡 Gateway API resources do not natively support request denial configuration, but they can be extended using a traffic policy.
1. Create an NgrokTrafficPolicy
Loading…
2. Use the NgrokTrafficPolicy
on a Gateway
The following example showcases supplying the NgrokTrafficPolicy
on a Gateway
resource. All requests to the Gateway
will run the traffic policy.
If you prefer, NgrokTrafficPolicy
can also be used on the route level by using an externalRef
filter on an HTTPRoute
. See the using Gateway API guide for examples.
Loading…