-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add preprocessing to headers before running filter #2327
Comments
What do you think about merging both solution options into something like this? {
"feature": {
"network": {
"incoming": {
"mode": "steal",
"http_filter": {
"header_filter": {
"preprocess": "(base64|jwt)",
"jsonPath": "user.email", # optional, default filter to regex if not present
"filter": "[email protected]"
[...]
} |
In terms of flexibility/customization it is a nice option, but would make the filter display (in |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Following https://discord.com/channels/933706914808889356/1222476910370750534
User has a case where there's JWT passing as a header, and they want to filter based on the content of the base64-encoded JWT.
Possible solutions
Preprocess base64 only
In this solution, we split
header_filter
intoSimple
vsAdvanced
where in advanced user can specify what kind of preprocessing to do to a specific value of a header name. The filter then is running against the value only.Example:
Drawbacks
JWT Specific filter
In this solution, we add a new option under
http_filter
calledjwt_filter
.The
jwt_filter
accepts a header to obtain the JWT header name to be used, then aJSONPath
for value to filter, and regex to run against the value.Example:
Would filter when JWT has the following format (after decoding):
Drawbacks
The text was updated successfully, but these errors were encountered: