Deny

Overview

The Deny Traffic Policy action enables you to reject incoming requests on your endpoints before they make it to your upstream service.

Configuration Reference

The Traffic Policy configuration reference for this action.

Supported Phases

on_tcp_connect, on_http_request

Type

deny

Configuration Fields

on_http_request

• status_codeinteger

  Response status code. Default is 999.

on_tcp_connect

This action does not have any configuration fields for TLS / TCP endpoints.

Behavior on_tcp_connect

When this action is executed, the upstream server is never reached and a response is immediately returned and no further actions or rules in the policy configuration will be executed.

Behavior on_http_request

When this action is executed, the upstream server is never reached and a response is immediately returned and no further actions or rules in the policy configuration will be executed.

Custom Content

The deny traffic policy action will not send back a response body to the client. To send back a response body, use the custom-response action.

Examples on_tcp_connect

Deny all traffic

The following Traffic Policy configuration will deny all inbound traffic on your endpoint.

Example Traffic Policy Document

YAML

---
on_tcp_connect:
  - actions:
      - type: deny

JSON

{
  "on_tcp_connect": [
    {
      "actions": [
        {
          "type": "deny"
        }
      ]
    }
  ]
}

Example Request

$ telnet 5.tcp.ngrok.io 22984

Trying...
Connected to 5.tcp.ngrok.io.
Connection closed by foreign host.

In this example, we attempt to connect to 5.tcp.ngrok.io:22984 using the telnet command and ngrok immediately closes the connection.

Examples on_http_request

Deny traffic with a 404 status code

The following Traffic Policy configuration will deny all inbound traffic with a 404 on your endpoint.

Example Traffic Policy Document

YAML

---
on_http_request:
  - actions:
      - type: deny
        config:
          status_code: 404

JSON

{
  "on_http_request": [
    {
      "actions": [
        {
          "type": "deny",
          "config": {
            "status_code": 404
          }
        }
      ]
    }
  ]
}

Example Request

$ curl https://example.ngrok.app

HTTP/2 404 Not Found

In this example, we attempt to connect to example.ngrok.app using the curl command and ngrok immediately closes the connection with a 404 status code.

Action Result Variables

The following variables are made available for use in subsequent expressions and CEL interpolations after the action has run. Variable values will only apply to the last action execution, results are not concatenated.

This action does not set any variables after it has been executed.