The Deny Traffic Policy action enables you to reject incoming requests on
your endpoints before they make it to your upstream service.
Configuration reference
The Traffic Policy configuration
reference for this action.
Supported phases
on_tcp_connect, on_http_request
Type
deny
Configuration fields
on_tcp_connect
on_http_request
This action does not have any configuration fields for TLS / TCP endpoints.
The response status code to return back to the client when the request is denied.
Behavior
on_tcp_connect
on_http_request
When this action is executed, the upstream server is never reached and a
response is immediately returned and no further actions or rules in the policy
configuration will be executed.
When this action is executed, the upstream server is never reached and a
response is immediately returned and no further actions or rules in the policy
configuration will be executed.Custom content
The deny Traffic Policy action will not send back a response body to the client.
To send back a response body, use the custom-response
action. Examples
on_tcp_connect
on_http_request
Deny all traffic
The following Traffic Policy
configuration will deny all inbound traffic on your endpoint.Example Traffic Policy document
on_tcp_connect:
- actions:
- type: deny
Example request
$ telnet 5.tcp.ngrok.io 22984
Trying...
Connected to 5.tcp.ngrok.io.
Connection closed by foreign host.
5.tcp.ngrok.io:22984 using the
telnet command and ngrok immediately closes the connection.Deny traffic with a 404 status code
The following Traffic Policy
configuration will deny all inbound traffic with a 404 on your endpoint.Example Traffic Policy document
on_http_request:
- actions:
- type: deny
config:
status_code: 404
Example request
$ curl https://example.ngrok.app
example.ngrok.app using the
curl command and ngrok immediately closes the connection with a 404 status
code.Action result variables
The following variables are made available for use in subsequent expressions and
CEL interpolations after the action has run. Variable values will only apply
to the last action execution, results are not concatenated.
This action does not set any variables after it has been executed.
